This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/QjniU9JKY3uxyaTTaMZxDIsoq0g.roa
File:                     QjniU9JKY3uxyaTTaMZxDIsoq0g.roa (raw, json)
Hash identifier:          3apOmupnDVjN1GZ9mnQi2/rmvUPEGD+OAOsFa+YiBwY=
Subject key identifier:   42:39:E2:53:D2:4A:63:7B:B1:C9:A4:D3:68:C6:71:0C:8B:28:AB:48
Certificate issuer:       /CN=f80e017cf1711519b0ff9f65858c491b2fa5d40b
Certificate serial:       019B7F15E28D9555973398322444DB125A76
Authority key identifier: F8:0E:01:7C:F1:71:15:19:B0:FF:9F:65:85:8C:49:1B:2F:A5:D4:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/QjniU9JKY3uxyaTTaMZxDIsoq0g.roa
Signing time:             Fri 02 Jan 2026 14:21:39 +0000
ROA not before:           Fri 02 Jan 2026 14:21:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212815
IP address blocks:        91.250.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:e2:8d:95:55:97:33:98:32:24:44:db:12:5a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f80e017cf1711519b0ff9f65858c491b2fa5d40b
        Validity
            Not Before: Jan  2 14:21:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4239e253d24a637bb1c9a4d368c6710c8b28ab48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:11:cc:3b:ba:e5:3d:21:f3:36:04:37:1a:ed:
                    ca:29:6a:67:df:33:89:ea:91:8d:02:33:60:d2:f3:
                    91:c9:2d:2c:da:aa:1e:ac:6d:2b:f2:83:d2:ae:05:
                    e0:a5:05:1e:de:60:53:93:3f:7e:34:f0:70:6e:ff:
                    2c:78:ae:56:8b:cc:48:1f:98:5c:b3:14:68:c5:b2:
                    3a:64:7b:94:46:81:8c:de:46:81:30:43:b6:6a:9b:
                    88:b8:25:57:e9:d0:81:c5:f4:a1:da:1c:7d:22:34:
                    0e:9f:a3:45:f4:b4:18:16:00:d0:9b:8f:d1:16:a7:
                    e2:e5:10:6e:ff:87:99:70:98:f2:10:1b:be:b9:67:
                    2b:02:7a:e2:a8:0c:62:10:f3:18:09:fb:69:76:f0:
                    3b:e5:70:51:33:e5:65:fb:d2:df:4b:ff:dd:5b:e4:
                    b7:6c:23:52:1f:69:18:5d:63:05:ec:c6:34:6e:a7:
                    80:21:4d:e3:ac:c0:2f:2c:19:05:5a:d3:a3:6d:a2:
                    9a:19:0a:d5:6f:99:9e:ee:39:47:b0:2f:e0:e7:eb:
                    08:c5:e3:61:5e:75:00:9a:47:a1:b9:db:66:67:97:
                    ab:ff:e5:fe:9d:79:5d:e9:3b:ca:9a:b9:05:21:f2:
                    b3:5a:91:ae:96:65:34:39:26:25:2a:8d:cf:83:20:
                    02:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:39:E2:53:D2:4A:63:7B:B1:C9:A4:D3:68:C6:71:0C:8B:28:AB:48
            X509v3 Authority Key Identifier:
                keyid:F8:0E:01:7C:F1:71:15:19:B0:FF:9F:65:85:8C:49:1B:2F:A5:D4:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/QjniU9JKY3uxyaTTaMZxDIsoq0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.250.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:9a:36:2f:26:aa:13:2b:59:f5:31:ac:fb:f8:2c:01:f4:af:
         6f:a6:e2:21:0d:cc:96:02:a3:c7:2b:43:9c:a4:61:99:c9:df:
         85:db:d9:00:6c:fb:b5:0e:23:86:00:e1:56:b0:d9:19:1e:c3:
         0c:5b:f6:d7:21:2e:b7:ef:55:68:5f:f6:46:4d:ea:98:c8:49:
         5c:74:cc:06:60:3c:74:1d:d3:fd:91:4e:d3:ba:96:70:7b:47:
         3e:34:8e:be:1d:49:6f:9f:a8:23:1c:9c:03:07:75:c3:60:a2:
         8c:77:52:83:af:4e:13:3c:28:64:9d:47:2e:ab:33:ba:b1:a6:
         29:a5:f8:9b:c1:8e:89:5d:fb:32:93:8e:da:fe:18:13:10:fd:
         53:c6:ac:ad:8c:a4:dd:c1:19:19:3f:e1:d8:71:5a:e0:37:38:
         08:2d:1d:46:d1:fe:71:e2:b1:5f:55:45:73:69:a5:3d:3f:90:
         f6:11:a3:45:47:fe:15:04:7e:db:d0:2e:f1:a9:5a:8d:df:c6:
         5b:a5:01:1c:1d:96:1c:89:08:22:1b:f2:33:f3:28:31:c7:c1:
         c9:8f:f9:a3:a7:b3:a7:9e:75:28:9a:0f:41:21:10:31:12:cd:
         02:1b:94:15:2f:a1:0d:38:51:67:bf:17:88:b2:66:58:25:ec:
         8b:d4:43:5f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/FeKNlVWXM5gyJETbElp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MGUwMTdjZjE3MTE1MTliMGZmOWY2NTg1OGM0OTFiMmZh
NWQ0MGIwHhcNMjYwMTAyMTQyMTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM5ZTI1M2QyNGE2MzdiYjFjOWE0ZDM2OGM2NzEwYzhiMjhhYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxHMO7rlPSHzNgQ3Gu3KKWpn3zOJ
6pGNAjNg0vORyS0s2qoerG0r8oPSrgXgpQUe3mBTkz9+NPBwbv8seK5Wi8xIH5hc
sxRoxbI6ZHuURoGM3kaBMEO2apuIuCVX6dCBxfSh2hx9IjQOn6NF9LQYFgDQm4/R
Fqfi5RBu/4eZcJjyEBu+uWcrAnriqAxiEPMYCftpdvA75XBRM+Vl+9LfS//dW+S3
bCNSH2kYXWMF7MY0bqeAIU3jrMAvLBkFWtOjbaKaGQrVb5me7jlHsC/g5+sIxeNh
XnUAmkehudtmZ5er/+X+nXld6TvKmrkFIfKzWpGulmU0OSYlKo3PgyACxQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEI54lPSSmN7scmk02jGcQyLKKtIMB8GA1UdIwQY
MBaAFPgOAXzxcRUZsP+fZYWMSRsvpdQLMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1BNEJmUEZ4RlJtd181OWxoWXhKR3ktbDFBcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvMmRjMTM2LTQwMGQtNDBlNy1hZDg2
LThjZTYwYTVjOGIxZi8xL1FqbmlVOUpLWTN1eHlhVFRhTVp4RElzb3EwZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODcvMmRjMTM2LTQwMGQtNDBlNy1hZDg2LThjZTYwYTVjOGIx
Zi8xLzEtQTRCZlBGeEZSbXdfNTlsaFl4Skd5LWwxQXMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb+v0w
DQYJKoZIhvcNAQELBQADggEBAF+aNi8mqhMrWfUxrPv4LAH0r2+m4iENzJYCo8cr
Q5ykYZnJ34Xb2QBs+7UOI4YA4Vaw2Rkewwxb9tchLrfvVWhf9kZN6pjISVx0zAZg
PHQd0/2RTtO6lnB7Rz40jr4dSW+fqCMcnAMHdcNgoox3UoOvThM8KGSdRy6rM7qx
piml+JvBjold+zKTjtr+GBMQ/VPGrK2MpN3BGRk/4dhxWuA3OAgtHUbR/nHisV9V
RXNppT0/kPYRo0VH/hUEftvQLvGpWo3fxlulARwdlhyJCCIb8jPzKDHHwcmP+aOn
s6eedSiaD0EhEDESzQIblBUvoQ04UWe/F4iyZlgl7IvUQ18=
-----END CERTIFICATE-----