This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/QKHeBPt3FZGwQMNi71PcLbX8f9o.roa
File:                     QKHeBPt3FZGwQMNi71PcLbX8f9o.roa (raw, json)
Hash identifier:          yUT2SNgnavPguGe7Bgub1RfLZh6AkW9j2Jd/o/Ij1jU=
Subject key identifier:   40:A1:DE:04:FB:77:15:91:B0:40:C3:62:EF:53:DC:2D:B5:FC:7F:DA
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C781E7FFCE034E59791B8CAFEA048E
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/QKHeBPt3FZGwQMNi71PcLbX8f9o.roa
Signing time:             Thu 01 Jan 2026 04:18:42 +0000
ROA not before:           Thu 01 Jan 2026 04:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197142
IP address blocks:        82.177.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:81:e7:ff:ce:03:4e:59:79:1b:8c:af:ea:04:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40a1de04fb771591b040c362ef53dc2db5fc7fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8f:d6:12:df:6d:ed:23:28:b2:37:29:d6:33:
                    86:4f:70:4a:0c:3f:db:43:40:a7:c9:70:35:f8:8e:
                    a5:14:b1:37:70:e8:5e:84:b1:93:1b:b0:74:fd:c1:
                    52:d0:f2:5a:b7:5a:69:7d:fd:1b:32:f8:7e:56:a6:
                    cf:65:58:b2:5a:33:23:48:1d:64:2b:4f:ac:fa:15:
                    fd:0b:28:54:c8:15:00:22:2f:fb:e5:f4:ae:64:2b:
                    0c:78:ac:32:2a:ae:67:a4:1a:ce:11:00:6c:2e:c8:
                    e6:92:34:e1:ae:c5:fb:b2:00:1a:66:2c:61:0e:c7:
                    e6:94:c5:7d:06:6e:a2:ef:c8:da:ab:5e:1c:ce:2b:
                    2b:68:ec:ed:39:09:cb:e6:32:17:19:44:c4:92:64:
                    00:44:2d:71:b1:a2:85:8b:51:0a:c4:c0:91:d9:a9:
                    76:c4:4f:91:e1:8f:e6:63:a8:0c:c1:f3:67:45:a9:
                    2e:38:5b:eb:94:a9:03:eb:e0:78:93:b5:8a:d6:ed:
                    2c:57:65:e0:5d:30:35:5e:e6:5e:9c:ee:19:7a:ae:
                    db:c0:1e:87:70:41:65:59:81:e0:ab:09:6d:4c:42:
                    14:05:22:a0:32:62:e5:22:f8:ea:cb:22:8e:da:e9:
                    dd:11:27:e8:10:b5:45:08:c0:97:c0:7f:5d:69:13:
                    4a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A1:DE:04:FB:77:15:91:B0:40:C3:62:EF:53:DC:2D:B5:FC:7F:DA
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/QKHeBPt3FZGwQMNi71PcLbX8f9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:34:16:fe:a7:19:0f:2f:90:02:be:f0:ee:26:2e:c0:f0:2c:
         73:bd:79:58:b9:ab:3c:d8:82:9e:ec:95:89:2d:21:da:ae:62:
         c2:7f:96:18:60:fd:44:a8:b3:b9:cf:df:18:63:e6:3d:e0:9b:
         59:15:68:d0:fd:3b:9f:b5:bd:39:d4:c2:a1:ff:9a:8e:a3:41:
         73:29:97:49:9f:6f:79:16:69:34:55:5d:49:6b:6c:ab:0e:e2:
         b5:e4:28:d9:0a:8d:40:bc:00:6d:b7:d6:63:fe:db:bf:69:e7:
         d1:2a:b6:71:5a:1f:72:7b:93:bc:d3:8b:d0:ba:52:b2:cd:63:
         e7:ad:28:d8:99:06:ce:43:2a:e2:91:77:58:4c:0a:82:b1:20:
         0d:56:36:15:e1:73:0e:19:26:c3:14:fc:ef:76:00:ae:47:37:
         48:01:62:00:73:3f:26:6a:19:7d:d2:31:7d:e5:fd:54:fb:24:
         5f:d4:a5:dd:b8:2f:6b:82:0e:04:74:17:66:d6:8f:07:50:0f:
         11:00:50:c7:50:1b:c4:ad:20:59:91:44:e2:a6:4e:a8:36:33:
         8d:65:d5:cb:97:58:72:d0:c2:c7:94:6c:f2:0f:2d:9d:93:f3:
         25:69:e8:df:ee:09:c4:95:b7:6e:25:df:c0:54:d9:43:86:18:
         f5:97:72:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x4Hn/84DTll5G4yv6gSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGExZGUwNGZiNzcxNTkxYjA0MGMzNjJlZjUzZGMyZGI1ZmM3ZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4/WEt9t7SMosjcp1jOGT3BKDD/b
Q0CnyXA1+I6lFLE3cOhehLGTG7B0/cFS0PJat1ppff0bMvh+VqbPZViyWjMjSB1k
K0+s+hX9CyhUyBUAIi/75fSuZCsMeKwyKq5npBrOEQBsLsjmkjThrsX7sgAaZixh
DsfmlMV9Bm6i78jaq14czisraOztOQnL5jIXGUTEkmQARC1xsaKFi1EKxMCR2al2
xE+R4Y/mY6gMwfNnRakuOFvrlKkD6+B4k7WK1u0sV2XgXTA1XuZenO4Zeq7bwB6H
cEFlWYHgqwltTEIUBSKgMmLlIvjqyyKO2undESfoELVFCMCXwH9daRNKswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECh3gT7dxWRsEDDYu9T3C21/H/aMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvUUtIZUJQdDNGWkd3UU1OaTcxUGNMYlg4ZjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrHDMA0G
CSqGSIb3DQEBCwUAA4IBAQAKNBb+pxkPL5ACvvDuJi7A8CxzvXlYuas82IKe7JWJ
LSHarmLCf5YYYP1EqLO5z98YY+Y94JtZFWjQ/Tuftb051MKh/5qOo0FzKZdJn295
Fmk0VV1Ja2yrDuK15CjZCo1AvABtt9Zj/tu/aefRKrZxWh9ye5O804vQulKyzWPn
rSjYmQbOQyrikXdYTAqCsSANVjYV4XMOGSbDFPzvdgCuRzdIAWIAcz8mahl90jF9
5f1U+yRf1KXduC9rgg4EdBdm1o8HUA8RAFDHUBvErSBZkUTipk6oNjONZdXLl1hy
0MLHlGzyDy2dk/Mlaejf7gnElbduJd/AVNlDhhj1l3IP
-----END CERTIFICATE-----