This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Q45MnH_lZfyTQhuGQ5mHGlWScQ8.roa
File:                     Q45MnH_lZfyTQhuGQ5mHGlWScQ8.roa (raw, json)
Hash identifier:          QgGnd16aFadAabz4kk9616YC+2DV6Mj8pix0qN0YNHc=
Subject key identifier:   43:8E:4C:9C:7F:E5:65:FC:93:42:1B:86:43:99:87:1A:55:92:71:0F
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B77595ECE53F8283C49F63A4DC62F04D8
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Q45MnH_lZfyTQhuGQ5mHGlWScQ8.roa
Signing time:             Thu 01 Jan 2026 02:18:24 +0000
ROA not before:           Thu 01 Jan 2026 02:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59923
IP address blocks:        86.107.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:5e:ce:53:f8:28:3c:49:f6:3a:4d:c6:2f:04:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=438e4c9c7fe565fc93421b864399871a5592710f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:56:31:f3:f6:92:76:ab:e9:0e:23:c2:67:39:
                    c2:f9:8d:f6:0d:28:39:c5:d4:06:ca:23:cc:25:66:
                    44:17:f5:6f:ff:eb:89:2a:31:75:79:b6:74:53:09:
                    86:53:50:cb:77:86:78:8e:5f:94:23:30:4a:31:fe:
                    c7:ee:31:01:3f:51:a0:85:af:2c:6e:48:e8:69:37:
                    03:74:93:20:0d:70:03:0f:03:1e:8e:4e:55:8f:bd:
                    59:95:9b:25:47:f5:aa:94:33:00:00:5e:8a:5f:d7:
                    43:8b:d9:55:db:b3:b7:9f:10:18:5b:d7:b0:94:d4:
                    d4:81:9b:7b:5d:08:37:0d:4f:2d:91:39:a2:c0:68:
                    9f:d6:83:62:e0:9d:e9:06:d0:6c:c3:00:cd:bd:26:
                    06:7d:e7:ec:bc:a8:f9:fd:0e:f7:25:cb:e5:e2:69:
                    ff:43:b7:c8:d9:4c:77:fa:26:6f:67:14:20:1e:64:
                    a1:38:78:24:d8:40:c0:2f:79:9f:2d:1e:58:e8:b9:
                    7a:62:3b:5d:12:37:7b:c9:95:3a:e3:5a:47:c5:e3:
                    cb:47:3e:53:62:49:05:69:ad:2a:92:e3:b0:69:5e:
                    f2:aa:4b:bc:9c:b1:3a:df:23:5a:a9:07:79:7a:ac:
                    2e:49:7f:50:fe:ce:b5:70:e6:e2:53:09:31:4e:aa:
                    56:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8E:4C:9C:7F:E5:65:FC:93:42:1B:86:43:99:87:1A:55:92:71:0F
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Q45MnH_lZfyTQhuGQ5mHGlWScQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ed:f1:ee:86:2c:16:c6:9a:ba:f9:bc:a3:4d:8b:93:54:56:0d:
         31:6e:54:21:29:f8:fb:4a:c2:aa:88:a6:bf:b9:f5:16:2c:55:
         cb:54:f8:a5:52:20:26:46:1a:9b:7a:cc:0d:47:70:29:42:35:
         de:5f:04:22:c9:41:3b:31:81:91:0d:2b:2d:4b:33:ab:ef:f2:
         e0:57:10:4e:62:52:0b:37:7d:10:8d:bc:c5:5a:63:7d:65:b1:
         a4:04:ca:c3:b1:87:73:56:d1:3d:27:f7:14:89:5f:2f:55:d2:
         71:4e:03:41:28:e2:a1:0a:0a:69:3a:b4:9d:49:db:a3:00:e5:
         ba:a9:82:3b:23:3c:b0:04:7e:2d:ae:be:e7:8f:2f:e8:08:1a:
         2b:3a:3c:a2:75:4f:e0:c5:60:6c:ba:ed:96:b8:16:a3:39:6e:
         59:37:06:15:bf:80:af:83:f6:cd:91:cc:d2:7c:ec:b7:64:0d:
         07:8d:8b:6e:f8:d3:78:09:43:ae:20:a9:88:5b:31:c8:72:11:
         56:f4:f2:e9:69:a8:19:eb:04:ca:68:e3:aa:bc:85:ea:c9:f6:
         51:81:ea:f9:94:ce:d4:2c:45:e4:1e:4d:8c:c9:c8:33:9a:34:
         98:14:12:22:d5:93:5a:23:0c:0d:64:a0:5c:d5:4e:d9:ad:c9:
         b3:53:51:c8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WV7OU/goPEn2Ok3GLwTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhlNGM5YzdmZTU2NWZjOTM0MjFiODY0Mzk5ODcxYTU1OTI3MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFYx8/aSdqvpDiPCZznC+Y32DSg5
xdQGyiPMJWZEF/Vv/+uJKjF1ebZ0UwmGU1DLd4Z4jl+UIzBKMf7H7jEBP1Ggha8s
bkjoaTcDdJMgDXADDwMejk5Vj71ZlZslR/WqlDMAAF6KX9dDi9lV27O3nxAYW9ew
lNTUgZt7XQg3DU8tkTmiwGif1oNi4J3pBtBswwDNvSYGfefsvKj5/Q73Jcvl4mn/
Q7fI2Ux3+iZvZxQgHmShOHgk2EDAL3mfLR5Y6Ll6YjtdEjd7yZU641pHxePLRz5T
YkkFaa0qkuOwaV7yqku8nLE63yNaqQd5eqwuSX9Q/s61cObiUwkxTqpWZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEOOTJx/5WX8k0IbhkOZhxpVknEPMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1E0NU1uSF9sWmZ5VFFodUdRNW1IR2xXU2NROC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWa2kw
DQYJKoZIhvcNAQELBQADggEBAO3x7oYsFsaauvm8o02Lk1RWDTFuVCEp+PtKwqqI
pr+59RYsVctU+KVSICZGGpt6zA1HcClCNd5fBCLJQTsxgZENKy1LM6vv8uBXEE5i
Ugs3fRCNvMVaY31lsaQEysOxh3NW0T0n9xSJXy9V0nFOA0Eo4qEKCmk6tJ1J26MA
5bqpgjsjPLAEfi2uvuePL+gIGis6PKJ1T+DFYGy67Za4FqM5blk3BhW/gK+D9s2R
zNJ87LdkDQeNi27403gJQ64gqYhbMchyEVb08ulpqBnrBMpo46q8herJ9lGB6vmU
ztQsReQeTYzJyDOaNJgUEiLVk1ojDA1koFzVTtmtybNTUcg=
-----END CERTIFICATE-----