This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/qharjoYw5TDEtIf_l3c7aPwXTD8.roa
File:                     qharjoYw5TDEtIf_l3c7aPwXTD8.roa (raw, json)
Hash identifier:          TEWcqez4B3s/VWobIX7btBqISBR9JER1IYMvOR5OrNc=
Subject key identifier:   AA:16:AB:8E:86:30:E5:30:C4:B4:87:FF:97:77:3B:68:FC:17:4C:3F
Certificate issuer:       /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial:       019B79ED1D304143EE1DB80ACAE835D5C954
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/qharjoYw5TDEtIf_l3c7aPwXTD8.roa
Signing time:             Thu 01 Jan 2026 14:19:01 +0000
ROA not before:           Thu 01 Jan 2026 14:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49771
IP address blocks:        94.188.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:1d:30:41:43:ee:1d:b8:0a:ca:e8:35:d5:c9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Validity
            Not Before: Jan  1 14:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa16ab8e8630e530c4b487ff97773b68fc174c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:79:0a:f2:9b:58:a4:c3:68:8e:f5:7f:d5:f7:
                    6e:2f:52:ac:b3:0b:bc:bd:2f:19:b4:ec:74:d3:e0:
                    01:9e:a6:2c:cc:94:2b:82:89:8b:db:b7:37:00:36:
                    64:bc:42:b3:29:62:db:af:45:22:df:9c:bb:9b:99:
                    30:37:6b:1c:96:1e:e8:7d:1e:62:86:7c:f3:0e:53:
                    f0:c3:2d:de:b4:09:83:80:91:aa:21:cb:d2:72:d5:
                    00:32:55:d5:42:5d:94:94:d1:52:5c:c2:63:04:46:
                    07:9f:9a:bc:ff:e8:ca:3c:bf:8f:79:db:88:14:45:
                    9d:0f:62:ba:bc:81:b6:25:14:42:ae:ad:d9:b1:26:
                    66:a2:cb:44:07:43:41:d3:8c:e8:d1:c8:31:ec:b9:
                    d1:ca:b2:ab:e8:5a:da:56:df:fc:1c:29:3a:ba:e2:
                    39:84:12:b7:b5:5e:ae:f3:37:63:d9:36:a3:4b:e5:
                    c3:82:5a:01:50:f0:ae:fb:e2:05:b1:b2:61:73:0b:
                    8f:b1:86:c9:4e:ed:64:e1:ed:c9:15:12:83:f0:20:
                    e3:df:82:26:45:25:51:2a:7c:66:05:b3:c3:b9:78:
                    8b:cf:aa:3a:4b:a7:bc:dd:83:df:14:ac:9e:22:55:
                    4a:30:93:f7:71:79:15:73:af:de:d4:fa:5b:47:1b:
                    a1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:16:AB:8E:86:30:E5:30:C4:B4:87:FF:97:77:3B:68:FC:17:4C:3F
            X509v3 Authority Key Identifier:
                keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/qharjoYw5TDEtIf_l3c7aPwXTD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.188.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:18:ec:1b:21:63:1e:2c:f5:49:c9:58:c9:4c:1f:70:c6:2b:
         cd:d6:bd:ba:b8:5d:aa:e4:25:1d:52:05:6c:dc:38:36:56:90:
         78:64:1d:c9:66:42:83:a1:32:46:46:c2:af:60:cf:fe:b4:83:
         ef:3e:a2:11:1d:75:0e:f8:ed:6c:43:ba:70:ca:d3:65:c7:2e:
         9e:33:87:a9:4a:9a:6d:fd:d4:84:dc:a3:09:cf:e3:76:3b:0e:
         b8:ec:06:75:73:4a:17:05:f8:5c:0e:27:93:0b:9c:41:cf:23:
         96:96:db:6a:61:c1:45:b5:83:cb:87:8b:16:5b:23:48:f3:58:
         25:95:51:b4:a1:6b:79:87:c3:37:da:0f:41:52:80:5f:6d:a6:
         f1:16:0c:92:d0:eb:4b:b5:69:67:b0:b5:23:d0:78:6f:71:46:
         cd:87:ce:8a:67:63:15:1d:40:66:2a:e3:f1:a5:11:18:0e:77:
         73:84:76:c3:01:6f:80:00:cf:b5:c5:9e:09:03:08:42:7b:cf:
         f4:4f:d3:d6:79:47:0f:dd:cb:19:6c:07:47:24:cf:3b:94:d9:
         3d:cc:f9:ee:2b:1b:b7:85:c9:4c:2f:96:25:ec:d4:93:eb:0a:
         45:e2:dd:e4:eb:3a:11:59:79:de:54:90:5a:33:ea:bd:4f:82:
         9a:4c:36:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57R0wQUPuHbgKyug11clUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjYwMTAxMTQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTE2YWI4ZTg2MzBlNTMwYzRiNDg3ZmY5Nzc3M2I2OGZjMTc0YzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3kK8ptYpMNojvV/1fduL1Ksswu8
vS8ZtOx00+ABnqYszJQrgomL27c3ADZkvEKzKWLbr0Ui35y7m5kwN2sclh7ofR5i
hnzzDlPwwy3etAmDgJGqIcvSctUAMlXVQl2UlNFSXMJjBEYHn5q8/+jKPL+PeduI
FEWdD2K6vIG2JRRCrq3ZsSZmostEB0NB04zo0cgx7LnRyrKr6FraVt/8HCk6uuI5
hBK3tV6u8zdj2TajS+XDgloBUPCu++IFsbJhcwuPsYbJTu1k4e3JFRKD8CDj34Im
RSVRKnxmBbPDuXiLz6o6S6e83YPfFKyeIlVKMJP3cXkVc6/e1PpbRxuh1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoWq46GMOUwxLSH/5d3O2j8F0w/MB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvcWhhcmpvWXc1VERFdElmX2wzYzdhUHdYVEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXryQMA0G
CSqGSIb3DQEBCwUAA4IBAQCDGOwbIWMeLPVJyVjJTB9wxivN1r26uF2q5CUdUgVs
3Dg2VpB4ZB3JZkKDoTJGRsKvYM/+tIPvPqIRHXUO+O1sQ7pwytNlxy6eM4epSppt
/dSE3KMJz+N2Ow647AZ1c0oXBfhcDieTC5xBzyOWlttqYcFFtYPLh4sWWyNI81gl
lVG0oWt5h8M32g9BUoBfbabxFgyS0OtLtWlnsLUj0HhvcUbNh86KZ2MVHUBmKuPx
pREYDndzhHbDAW+AAM+1xZ4JAwhCe8/0T9PWeUcP3csZbAdHJM87lNk9zPnuKxu3
hclML5Yl7NST6wpF4t3k6zoRWXneVJBaM+q9T4KaTDaj
-----END CERTIFICATE-----