This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/pQE_sWOxAXv4LzF_hnEEzRVKjkU.roa
File:                     pQE_sWOxAXv4LzF_hnEEzRVKjkU.roa (raw, json)
Hash identifier:          r8BJ41cxYxyL7WV91ylso2pXKBwYsMCQMjQeRq8IwbI=
Subject key identifier:   A5:01:3F:B1:63:B1:01:7B:F8:2F:31:7F:86:71:04:CD:15:4A:8E:45
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       019B797E4040425478C322D2E892E1A84BE5
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/pQE_sWOxAXv4LzF_hnEEzRVKjkU.roa
Signing time:             Thu 01 Jan 2026 12:17:55 +0000
ROA not before:           Thu 01 Jan 2026 12:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52084
IP address blocks:        46.255.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:40:40:42:54:78:c3:22:d2:e8:92:e1:a8:4b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  1 12:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5013fb163b1017bf82f317f867104cd154a8e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1d:b6:6a:18:dc:69:6a:e0:bf:92:46:87:82:
                    8e:24:39:d7:e0:74:9e:cb:91:8e:a3:f5:b5:0d:03:
                    23:e4:16:24:73:9c:36:dd:a0:74:cc:f4:6a:85:bf:
                    6d:3b:88:fa:26:cb:d1:92:2a:d6:35:6c:08:4d:cb:
                    e1:e1:a7:d7:28:a0:40:bc:4f:b8:cc:9d:f1:af:20:
                    81:28:c3:3f:f5:a6:36:50:9c:dc:c5:81:3e:8d:e4:
                    1c:bc:e3:da:ea:1a:9b:b0:7a:e5:e0:d1:ee:1d:ef:
                    5f:31:f7:27:05:e6:9e:49:42:ac:d2:e7:2a:1c:5c:
                    2a:92:7a:c9:11:56:b2:01:c1:57:61:a0:d6:d6:39:
                    6a:7c:b5:c2:13:b1:bb:ab:72:b8:27:f2:14:a3:b8:
                    67:ea:e3:38:a4:00:85:2b:58:e7:44:e0:92:28:d6:
                    b7:85:79:8b:5e:31:91:7a:84:79:4a:43:d4:83:eb:
                    9e:d4:75:aa:d5:93:b3:0e:76:11:80:23:35:28:9c:
                    f5:1c:ff:67:74:cb:cc:35:af:87:69:30:97:b7:7f:
                    55:cc:9b:37:c0:88:29:1b:f7:7e:af:86:ad:ad:85:
                    30:ca:3f:67:de:0a:97:74:b6:50:71:f8:98:45:7e:
                    8d:f9:6b:7f:1b:4b:99:4c:12:f1:4c:ca:48:60:47:
                    7c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:01:3F:B1:63:B1:01:7B:F8:2F:31:7F:86:71:04:CD:15:4A:8E:45
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/pQE_sWOxAXv4LzF_hnEEzRVKjkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.255.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:fb:f9:ad:04:08:53:ca:6f:ba:38:ab:89:1c:11:9b:97:1e:
         f5:3e:92:83:c3:91:a9:87:a1:3a:25:94:20:b7:cd:ca:08:7e:
         53:5f:66:53:78:e1:b7:36:b4:43:99:3d:98:1e:b3:a8:1c:33:
         cd:7b:3c:c0:5c:72:1e:d7:b7:33:d3:4e:7a:6d:6c:ed:06:1e:
         c6:9d:fd:ae:ee:15:66:98:84:55:60:b4:41:73:f7:a0:9f:d7:
         5f:25:9b:42:74:c5:db:ab:a3:6d:6e:b6:31:4b:50:43:64:90:
         c1:e4:a4:35:62:fe:e3:df:cc:d6:4d:01:e1:50:6d:37:82:13:
         5a:b4:bf:2f:3f:9b:25:a7:e9:d2:17:fb:79:d4:dd:4d:dd:3f:
         7e:7f:f0:d3:0d:b3:ec:7d:bf:77:9b:d4:ae:cc:aa:87:91:89:
         ff:e5:27:8e:89:dc:a6:f5:86:42:4c:19:5c:58:56:b3:63:e7:
         a9:4c:8c:2d:46:4f:ee:bc:e8:71:ca:98:ec:13:a6:48:6d:54:
         67:38:42:85:12:c4:25:4e:02:01:aa:b8:4b:50:ac:20:ec:95:
         80:53:32:49:55:14:42:4a:b3:2a:e0:e3:7c:92:2e:a5:2a:07:
         e4:66:b5:ef:37:90:da:86:d7:0d:98:e3:48:ef:2c:c0:f6:91:
         ef:c7:e7:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fkBAQlR4wyLS6JLhqEvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjYwMTAxMTIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTAxM2ZiMTYzYjEwMTdiZjgyZjMxN2Y4NjcxMDRjZDE1NGE4ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlB22ahjcaWrgv5JGh4KOJDnX4HSe
y5GOo/W1DQMj5BYkc5w23aB0zPRqhb9tO4j6JsvRkirWNWwITcvh4afXKKBAvE+4
zJ3xryCBKMM/9aY2UJzcxYE+jeQcvOPa6hqbsHrl4NHuHe9fMfcnBeaeSUKs0ucq
HFwqknrJEVayAcFXYaDW1jlqfLXCE7G7q3K4J/IUo7hn6uM4pACFK1jnROCSKNa3
hXmLXjGReoR5SkPUg+ue1HWq1ZOzDnYRgCM1KJz1HP9ndMvMNa+HaTCXt39VzJs3
wIgpG/d+r4atrYUwyj9n3gqXdLZQcfiYRX6N+Wt/G0uZTBLxTMpIYEd8ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUBP7FjsQF7+C8xf4ZxBM0VSo5FMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvcFFFX3NXT3hBWHY0THpGX2huRUV6UlZLamtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLv8IMA0G
CSqGSIb3DQEBCwUAA4IBAQBN+/mtBAhTym+6OKuJHBGblx71PpKDw5Gph6E6JZQg
t83KCH5TX2ZTeOG3NrRDmT2YHrOoHDPNezzAXHIe17cz0056bWztBh7Gnf2u7hVm
mIRVYLRBc/egn9dfJZtCdMXbq6NtbrYxS1BDZJDB5KQ1Yv7j38zWTQHhUG03ghNa
tL8vP5slp+nSF/t51N1N3T9+f/DTDbPsfb93m9SuzKqHkYn/5SeOidym9YZCTBlc
WFazY+epTIwtRk/uvOhxypjsE6ZIbVRnOEKFEsQlTgIBqrhLUKwg7JWAUzJJVRRC
SrMq4ON8ki6lKgfkZrXvN5DahtcNmONI7yzA9pHvx+cj
-----END CERTIFICATE-----