This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/QDsntjcOt3fxAoY-_3bsGRuRxHo.roa
File:                     QDsntjcOt3fxAoY-_3bsGRuRxHo.roa (raw, json)
Hash identifier:          8Wg5bkOdvAsky6YfIg1CDs57PHLp5vOyQI0z4fcD3vE=
Subject key identifier:   40:3B:27:B6:37:0E:B7:77:F1:02:86:3E:FF:76:EC:19:1B:91:C4:7A
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019B7E37943849E5946B58A1FFE01A706B2D
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/QDsntjcOt3fxAoY-_3bsGRuRxHo.roa
Signing time:             Fri 02 Jan 2026 10:18:50 +0000
ROA not before:           Fri 02 Jan 2026 10:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400040
IP address blocks:        185.138.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:94:38:49:e5:94:6b:58:a1:ff:e0:1a:70:6b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  2 10:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=403b27b6370eb777f102863eff76ec191b91c47a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:ca:ef:29:32:44:92:38:70:09:1d:e7:9b:
                    f6:35:72:f2:b9:9d:05:6b:96:cf:5e:2e:51:6c:72:
                    50:59:c5:8e:1e:ff:2b:0e:6a:a4:55:32:73:bc:34:
                    c9:62:92:18:90:78:0c:25:6b:bd:30:94:08:83:b8:
                    c3:a3:7a:75:47:81:47:0f:0c:ad:27:b2:fe:d8:31:
                    09:d6:fa:d5:9f:8b:cd:67:e3:e0:b9:0f:80:3e:f2:
                    a7:e6:58:94:b2:62:c0:a7:d2:a3:e0:3e:f5:be:d0:
                    81:59:4f:f8:10:11:e6:de:cd:c5:2c:3b:e5:bc:c0:
                    db:ec:6d:cd:4f:fc:9a:d0:81:e1:93:43:bd:2f:15:
                    78:36:c5:96:fd:50:f8:d2:db:59:5b:51:0a:12:8b:
                    08:d1:d1:68:d8:e1:e2:6b:30:c3:ef:2a:a5:ea:40:
                    ef:b2:8f:d4:eb:9c:72:5d:59:8d:12:a9:d3:ff:2d:
                    6c:85:3b:44:f1:b4:08:d1:59:03:26:8c:08:7f:b5:
                    82:ef:fa:8b:2e:15:19:cc:07:c4:ac:e3:1b:2c:42:
                    5b:5b:35:fb:54:7c:52:36:05:f9:f0:4a:1f:50:69:
                    50:50:9c:fa:a3:30:83:4f:c0:39:50:17:13:9d:6e:
                    45:04:6c:c8:5c:40:64:ea:58:4d:89:0f:4b:10:41:
                    5f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:3B:27:B6:37:0E:B7:77:F1:02:86:3E:FF:76:EC:19:1B:91:C4:7A
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/QDsntjcOt3fxAoY-_3bsGRuRxHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:63:c4:b8:b2:eb:72:d2:58:19:cc:83:5e:77:01:75:8c:00:
         54:31:75:95:65:b0:c9:63:49:d3:42:bb:02:4a:7b:05:69:4e:
         55:b3:b6:b6:7d:b0:fb:6b:80:19:bb:a6:2a:60:5d:88:ec:43:
         97:ba:25:b1:ed:c2:ac:2c:29:bf:5f:02:6b:ea:e6:13:48:21:
         62:42:5c:1b:60:92:6e:06:8f:6f:11:f7:5a:80:29:a7:23:cc:
         03:63:53:2a:90:d6:00:61:b6:bd:48:d2:54:36:fe:82:fd:96:
         d0:39:72:de:b5:88:ba:0f:8b:d2:77:2d:72:14:93:67:2b:24:
         54:5e:5d:c5:ff:0f:96:71:fe:ac:a1:92:c6:05:8a:da:49:65:
         b1:3f:ec:0a:98:3f:a4:e1:11:a5:5d:16:4a:39:ea:51:63:01:
         bb:a3:e1:a0:69:fb:57:a9:8f:5c:88:73:e4:b9:82:23:db:6f:
         10:8c:79:29:f8:47:1f:b7:84:9d:bc:5d:12:56:21:b1:49:04:
         db:d4:bf:a0:7d:f4:c3:c4:c8:76:be:b9:fe:29:dd:9d:b3:3a:
         4a:4b:cf:fe:32:d8:06:5a:eb:cf:e5:c6:08:20:f6:66:55:95:
         06:e4:1c:38:66:fc:c5:67:56:2c:ac:c2:3e:db:33:df:10:42:
         dd:7f:70:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N5Q4SeWUa1ih/+AacGstMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwMTAyMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDNiMjdiNjM3MGViNzc3ZjEwMjg2M2VmZjc2ZWMxOTFiOTFjNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXTK7ykyRJI4cAkd55v2NXLyuZ0F
a5bPXi5RbHJQWcWOHv8rDmqkVTJzvDTJYpIYkHgMJWu9MJQIg7jDo3p1R4FHDwyt
J7L+2DEJ1vrVn4vNZ+PguQ+APvKn5liUsmLAp9Kj4D71vtCBWU/4EBHm3s3FLDvl
vMDb7G3NT/ya0IHhk0O9LxV4NsWW/VD40ttZW1EKEosI0dFo2OHiazDD7yql6kDv
so/U65xyXVmNEqnT/y1shTtE8bQI0VkDJowIf7WC7/qLLhUZzAfErOMbLEJbWzX7
VHxSNgX58EofUGlQUJz6ozCDT8A5UBcTnW5FBGzIXEBk6lhNiQ9LEEFfLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEA7J7Y3Drd38QKGPv927BkbkcR6MB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvUURzbnRqY090M2Z4QW9ZLV8zYnNHUnVSeEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYroMA0G
CSqGSIb3DQEBCwUAA4IBAQADY8S4suty0lgZzINedwF1jABUMXWVZbDJY0nTQrsC
SnsFaU5Vs7a2fbD7a4AZu6YqYF2I7EOXuiWx7cKsLCm/XwJr6uYTSCFiQlwbYJJu
Bo9vEfdagCmnI8wDY1MqkNYAYba9SNJUNv6C/ZbQOXLetYi6D4vSdy1yFJNnKyRU
Xl3F/w+Wcf6soZLGBYraSWWxP+wKmD+k4RGlXRZKOepRYwG7o+GgaftXqY9ciHPk
uYIj228QjHkp+Ecft4SdvF0SViGxSQTb1L+gffTDxMh2vrn+Kd2dszpKS8/+MtgG
WuvP5cYIIPZmVZUG5Bw4ZvzFZ1YsrMI+2zPfEELdf3AT
-----END CERTIFICATE-----