This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/QB5DaA1MIwR5ikAvXA3gM5FxDQY.roa
File:                     QB5DaA1MIwR5ikAvXA3gM5FxDQY.roa (raw, json)
Hash identifier:          QVnUg9rir6hPV0SWbkI+uNhJZ6Bpm1g1EMmNwsSmgyI=
Subject key identifier:   40:1E:43:68:0D:4C:23:04:79:8A:40:2F:5C:0D:E0:33:91:71:0D:06
Certificate issuer:       /CN=3d0483538737453e2f57ffb57499c3922e83636d
Certificate serial:       019B7CEDD9FF6AAFBBC60CBFA4A389900976
Authority key identifier: 3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/QB5DaA1MIwR5ikAvXA3gM5FxDQY.roa
Signing time:             Fri 02 Jan 2026 04:18:41 +0000
ROA not before:           Fri 02 Jan 2026 04:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        45.156.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:d9:ff:6a:af:bb:c6:0c:bf:a4:a3:89:90:09:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d0483538737453e2f57ffb57499c3922e83636d
        Validity
            Not Before: Jan  2 04:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=401e43680d4c2304798a402f5c0de03391710d06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8b:0c:e4:e5:21:40:54:6b:79:08:af:e0:16:
                    78:0f:23:f8:44:7c:67:32:40:d5:10:42:b3:e4:35:
                    36:eb:c5:79:68:eb:e9:5b:36:a2:a3:94:8e:41:c2:
                    ed:59:e1:6c:30:4d:48:37:35:bb:9b:65:2b:91:e9:
                    b3:46:da:25:df:ae:aa:51:c1:0d:c8:03:cc:55:12:
                    22:ce:09:14:4e:fe:86:a2:2a:33:a7:83:59:71:e0:
                    b8:73:43:d9:99:0e:44:b0:b4:79:8a:31:e0:4d:2b:
                    3c:89:56:56:f4:3e:10:55:de:42:89:67:94:47:27:
                    ca:cc:ea:10:b7:43:ea:fd:8d:ec:f9:90:ed:2a:8d:
                    b1:c1:e5:c1:70:30:9c:ac:59:98:7a:44:d4:a9:b7:
                    ca:d4:63:7f:22:70:d8:e0:2d:23:a9:82:b0:a2:5d:
                    05:5c:aa:fc:6f:83:c0:b2:7c:b6:e1:44:18:a6:5a:
                    41:4a:e8:ce:40:b3:ed:2d:14:dc:6d:81:bc:0f:29:
                    72:98:81:8d:9c:87:d8:b6:b5:8b:69:d5:32:c8:2c:
                    f7:56:3e:fb:1a:a3:e5:db:09:82:70:dc:69:c7:5d:
                    b8:93:b8:46:bb:00:25:3f:ef:2b:0f:5b:36:41:bd:
                    e6:9c:9d:13:49:a5:b5:b2:e9:b1:5c:4a:4b:a4:80:
                    77:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1E:43:68:0D:4C:23:04:79:8A:40:2F:5C:0D:E0:33:91:71:0D:06
            X509v3 Authority Key Identifier:
                keyid:3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/QB5DaA1MIwR5ikAvXA3gM5FxDQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:71:f1:e5:95:75:83:7c:f8:b2:78:58:cd:bb:45:68:c4:f3:
         bb:dc:c7:b7:bf:e4:b2:ee:e4:67:87:eb:7f:a6:6f:b7:1c:b6:
         9f:f9:ca:33:db:3d:57:55:44:ba:98:5f:8c:f6:39:a2:aa:b1:
         d0:3f:7e:87:53:fb:98:ed:29:58:1e:28:82:53:f8:03:71:34:
         e2:cd:19:85:8b:02:41:81:ac:8c:52:f7:37:f5:35:c2:af:ce:
         d0:28:51:22:87:cf:fa:ff:eb:b9:c9:94:18:d4:c1:7a:2d:59:
         70:b3:a0:9d:79:9f:fe:0b:c2:9d:7c:fa:d6:2e:06:af:07:63:
         14:af:e1:ea:74:91:f5:07:93:29:f2:de:52:4f:80:7f:b1:3c:
         03:10:a6:71:bb:ea:b0:ac:c2:10:ac:53:0c:8e:82:a0:3f:90:
         14:44:e4:fb:84:a2:ea:d6:6a:e7:44:db:79:f1:63:90:e0:65:
         b5:85:ab:6d:4c:b9:a0:fc:95:d3:a2:ab:ad:8b:4a:f0:21:1c:
         fc:41:dc:60:8a:c5:38:67:4c:04:36:4f:ef:12:b6:e0:0d:cf:
         1f:c1:2a:ee:f6:5e:34:f9:47:cf:b7:33:fb:ed:f0:9f:4b:77:
         d0:ac:f2:af:d6:2a:00:33:91:7f:32:d5:0d:63:db:98:2b:c1:
         1c:27:fa:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87dn/aq+7xgy/pKOJkAl2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMDQ4MzUzODczNzQ1M2UyZjU3ZmZiNTc0OTljMzkyMmU4
MzYzNmQwHhcNMjYwMTAyMDQxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFlNDM2ODBkNGMyMzA0Nzk4YTQwMmY1YzBkZTAzMzkxNzEwZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiosM5OUhQFRreQiv4BZ4DyP4RHxn
MkDVEEKz5DU268V5aOvpWzaio5SOQcLtWeFsME1INzW7m2UrkemzRtol366qUcEN
yAPMVRIizgkUTv6Goiozp4NZceC4c0PZmQ5EsLR5ijHgTSs8iVZW9D4QVd5CiWeU
RyfKzOoQt0Pq/Y3s+ZDtKo2xweXBcDCcrFmYekTUqbfK1GN/InDY4C0jqYKwol0F
XKr8b4PAsny24UQYplpBSujOQLPtLRTcbYG8DylymIGNnIfYtrWLadUyyCz3Vj77
GqPl2wmCcNxpx124k7hGuwAlP+8rD1s2Qb3mnJ0TSaW1sumxXEpLpIB39QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAeQ2gNTCMEeYpAL1wN4DORcQ0GMB8GA1UdIwQY
MBaAFD0Eg1OHN0U+L1f/tXSZw5Iug2NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEt
NjVhNDZjOGU0MWU5LzEvUUI1RGFBMU1Jd1I1aWtBdlhBM2dNNUZ4RFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEtNjVhNDZjOGU0MWU5
LzEvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZxXMA0G
CSqGSIb3DQEBCwUAA4IBAQBXcfHllXWDfPiyeFjNu0VoxPO73Me3v+Sy7uRnh+t/
pm+3HLaf+coz2z1XVUS6mF+M9jmiqrHQP36HU/uY7SlYHiiCU/gDcTTizRmFiwJB
gayMUvc39TXCr87QKFEih8/6/+u5yZQY1MF6LVlws6CdeZ/+C8KdfPrWLgavB2MU
r+HqdJH1B5Mp8t5ST4B/sTwDEKZxu+qwrMIQrFMMjoKgP5AUROT7hKLq1mrnRNt5
8WOQ4GW1hattTLmg/JXToquti0rwIRz8QdxgisU4Z0wENk/vErbgDc8fwSru9l40
+UfPtzP77fCfS3fQrPKv1ioAM5F/MtUNY9uYK8EcJ/o9
-----END CERTIFICATE-----