This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/qDVxC1p-9THPD2NKzi-__A2V64U.roa
File:                     qDVxC1p-9THPD2NKzi-__A2V64U.roa (raw, json)
Hash identifier:          XWC7EoG04WzSDS0F+wfZ4gi8j52qEzh256TNEjxof88=
Subject key identifier:   A8:35:71:0B:5A:7E:F5:31:CF:0F:63:4A:CE:2F:BF:FC:0D:95:EB:85
Certificate issuer:       /CN=3b39b2382f38512e59ed18ebfaa596c955212910
Certificate serial:       019B7D5B35B0687814ECCF0C737046D0577E
Authority key identifier: 3B:39:B2:38:2F:38:51:2E:59:ED:18:EB:FA:A5:96:C9:55:21:29:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OzmyOC84US5Z7Rjr-qWWyVUhKRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/qDVxC1p-9THPD2NKzi-__A2V64U.roa
Signing time:             Fri 02 Jan 2026 06:18:08 +0000
ROA not before:           Fri 02 Jan 2026 06:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25540
IP address blocks:        45.92.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/OzmyOC84US5Z7Rjr-qWWyVUhKRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/OzmyOC84US5Z7Rjr-qWWyVUhKRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OzmyOC84US5Z7Rjr-qWWyVUhKRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:35:b0:68:78:14:ec:cf:0c:73:70:46:d0:57:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b39b2382f38512e59ed18ebfaa596c955212910
        Validity
            Not Before: Jan  2 06:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a835710b5a7ef531cf0f634ace2fbffc0d95eb85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:73:e1:5a:3f:03:41:9a:5e:8b:d9:c3:5c:3d:
                    91:d9:89:e7:b1:b5:fe:9b:02:83:14:d6:eb:f4:02:
                    7c:c4:94:92:8e:4e:67:ca:a5:cf:e2:bc:f2:a8:9a:
                    24:dd:8e:4d:2f:e9:ca:da:0b:f9:32:2d:25:64:32:
                    7b:f4:15:fc:cd:ce:4c:a7:e4:6b:1f:8a:80:9a:65:
                    e7:31:77:5f:b5:25:bf:76:4b:c9:ef:e4:1c:fc:7b:
                    f3:4e:13:94:40:66:ca:2f:63:d6:99:eb:d7:d1:da:
                    3f:8a:fc:ea:5f:41:a8:4d:6f:a2:78:45:17:dc:d7:
                    57:dc:0d:da:7c:6e:b4:32:6f:0e:3d:72:5a:8b:f5:
                    6b:69:d9:d4:17:a2:5c:7e:42:38:b7:15:a4:e0:9e:
                    83:13:85:f0:14:7d:bd:b3:fb:5d:99:8a:3d:bd:99:
                    5a:b9:cb:1d:7a:8c:e2:c0:5d:f5:e3:65:11:be:25:
                    42:66:cb:00:59:fa:0e:45:6a:e9:24:85:9f:ca:06:
                    40:3a:02:5d:89:ce:7a:07:51:eb:cd:ec:68:b2:2e:
                    2c:95:50:bc:91:cb:80:a2:57:2c:ad:45:85:6e:7f:
                    e3:3f:9d:0e:27:fc:0e:fe:8e:33:12:d4:ed:37:11:
                    ea:cb:2d:42:92:54:92:b9:cb:7d:9d:16:e4:86:8f:
                    6f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:35:71:0B:5A:7E:F5:31:CF:0F:63:4A:CE:2F:BF:FC:0D:95:EB:85
            X509v3 Authority Key Identifier:
                keyid:3B:39:B2:38:2F:38:51:2E:59:ED:18:EB:FA:A5:96:C9:55:21:29:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OzmyOC84US5Z7Rjr-qWWyVUhKRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/qDVxC1p-9THPD2NKzi-__A2V64U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bdad6-0ec8-43ac-bc33-8b8d76b2d24e/1/OzmyOC84US5Z7Rjr-qWWyVUhKRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:b2:0e:07:a1:ca:19:6e:85:66:7f:e7:f9:5d:a2:0a:34:90:
         8d:e0:c7:45:49:f8:86:a9:bc:80:a8:99:c6:0c:60:81:9a:47:
         85:a9:d5:93:f3:50:26:80:a1:ae:ec:be:6a:ae:84:7f:59:76:
         23:7b:50:44:3b:05:a6:ad:b5:b7:a2:71:8a:56:a3:9a:b6:e7:
         ab:8a:a3:62:ad:be:87:65:03:9e:a8:e8:dd:d3:e1:56:10:1f:
         de:a7:4d:4d:4d:3c:9f:95:3d:e5:00:c0:6e:fd:f9:9c:01:66:
         e5:b1:2a:80:84:0c:e9:51:7b:80:a2:5e:18:e2:e0:7a:a8:9a:
         e0:4b:d5:d0:cb:59:7a:97:14:cb:b7:4e:6e:e6:71:86:b1:3b:
         d1:97:3a:0e:75:b6:7c:5e:55:d9:2d:6d:5e:34:0b:3a:78:ed:
         b6:16:3b:a6:44:98:20:f2:fb:2b:ed:93:7f:dd:a9:09:d3:21:
         d9:46:c7:90:67:64:94:52:c0:ce:ed:f0:73:eb:ed:d6:3a:b8:
         47:79:1e:7f:1e:85:d8:83:1f:9e:0c:9c:09:e2:38:6e:fb:46:
         d7:12:40:3d:7d:75:35:91:7d:3e:a2:25:7b:2a:70:a6:d1:8d:
         07:6d:57:d7:bb:52:4e:f4:fe:1e:27:3e:9c:63:cf:89:e7:37:
         9f:0d:16:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WzWwaHgU7M8Mc3BG0Fd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMzliMjM4MmYzODUxMmU1OWVkMThlYmZhYTU5NmM5NTUy
MTI5MTAwHhcNMjYwMTAyMDYxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODM1NzEwYjVhN2VmNTMxY2YwZjYzNGFjZTJmYmZmYzBkOTVlYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunPhWj8DQZpei9nDXD2R2YnnsbX+
mwKDFNbr9AJ8xJSSjk5nyqXP4rzyqJok3Y5NL+nK2gv5Mi0lZDJ79BX8zc5Mp+Rr
H4qAmmXnMXdftSW/dkvJ7+Qc/HvzThOUQGbKL2PWmevX0do/ivzqX0GoTW+ieEUX
3NdX3A3afG60Mm8OPXJai/VradnUF6JcfkI4txWk4J6DE4XwFH29s/tdmYo9vZla
ucsdeoziwF3142URviVCZssAWfoORWrpJIWfygZAOgJdic56B1Hrzexosi4slVC8
kcuAolcsrUWFbn/jP50OJ/wO/o4zEtTtNxHqyy1CklSSuct9nRbkho9vGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKg1cQtafvUxzw9jSs4vv/wNleuFMB8GA1UdIwQY
MBaAFDs5sjgvOFEuWe0Y6/qllslVISkQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3pteU9DODRVUzVaN1Jqci1xV1d5VlVoS1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmRhZDYtMGVjOC00M2FjLWJjMzMt
OGI4ZDc2YjJkMjRlLzEvcURWeEMxcC05VEhQRDJOS3ppLV9fQTJWNjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmRhZDYtMGVjOC00M2FjLWJjMzMtOGI4ZDc2YjJkMjRl
LzEvT3pteU9DODRVUzVaN1Jqci1xV1d5VlVoS1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVzIMA0G
CSqGSIb3DQEBCwUAA4IBAQCwsg4HocoZboVmf+f5XaIKNJCN4MdFSfiGqbyAqJnG
DGCBmkeFqdWT81AmgKGu7L5qroR/WXYje1BEOwWmrbW3onGKVqOatueriqNirb6H
ZQOeqOjd0+FWEB/ep01NTTyflT3lAMBu/fmcAWblsSqAhAzpUXuAol4Y4uB6qJrg
S9XQy1l6lxTLt05u5nGGsTvRlzoOdbZ8XlXZLW1eNAs6eO22FjumRJgg8vsr7ZN/
3akJ0yHZRseQZ2SUUsDO7fBz6+3WOrhHeR5/HoXYgx+eDJwJ4jhu+0bXEkA9fXU1
kX0+oiV7KnCm0Y0HbVfXu1JO9P4eJz6cY8+J5zefDRaN
-----END CERTIFICATE-----