This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/QPAwFxKhLOr2EBOg8RMCPgRX1JI.roa
File:                     QPAwFxKhLOr2EBOg8RMCPgRX1JI.roa (raw, json)
Hash identifier:          4jaZ2Xw/f7AOu8MDDRl82FNESKf2rbMsQNvg3ZzXbGE=
Subject key identifier:   40:F0:30:17:12:A1:2C:EA:F6:10:13:A0:F1:13:02:3E:04:57:D4:92
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       019B76EB2D56EFAC3A4050A87BD0ABB85D61
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/QPAwFxKhLOr2EBOg8RMCPgRX1JI.roa
Signing time:             Thu 01 Jan 2026 00:18:02 +0000
ROA not before:           Thu 01 Jan 2026 00:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399641
IP address blocks:        185.220.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:2d:56:ef:ac:3a:40:50:a8:7b:d0:ab:b8:5d:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Jan  1 00:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40f0301712a12ceaf61013a0f113023e0457d492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6c:20:05:dc:57:54:05:c3:9e:aa:17:b8:93:
                    1b:e8:6b:09:95:35:44:92:10:4e:99:c7:b9:e4:f5:
                    22:8a:e9:a7:dc:cc:25:53:de:db:e6:17:20:f5:9c:
                    cd:74:c2:ff:7a:be:53:62:59:0c:2c:b3:a2:84:25:
                    12:1e:ff:d6:87:3f:1b:a6:7f:d7:71:57:98:67:92:
                    5a:39:42:63:31:93:1d:43:b9:dd:71:c7:cc:23:70:
                    f3:25:b3:5b:bf:72:84:d2:80:3e:3d:b8:d0:49:9d:
                    8d:56:c2:ac:da:62:fd:1a:06:7c:46:77:84:26:f8:
                    29:99:59:61:b7:ec:bc:70:5f:e8:c8:c0:c3:bb:d1:
                    99:2a:62:33:f6:f7:76:03:57:be:3d:46:00:3f:bd:
                    49:89:7c:2a:71:38:ba:64:02:e1:18:52:88:cd:3d:
                    bc:b0:16:96:9e:18:3c:1e:d5:c1:3b:3d:90:e7:77:
                    4f:3b:61:e8:49:6a:2e:eb:ae:a9:b6:eb:63:ce:f8:
                    e6:fc:38:00:45:01:7e:e9:8c:3c:05:b7:9a:7f:b1:
                    4c:a2:a9:72:b8:c2:d3:a4:2c:37:13:07:ef:a1:41:
                    51:0e:72:75:17:17:db:14:54:8c:b6:bd:bf:82:55:
                    b5:f1:f3:33:4d:0c:a4:2e:09:98:16:90:5b:7c:95:
                    fe:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F0:30:17:12:A1:2C:EA:F6:10:13:A0:F1:13:02:3E:04:57:D4:92
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/QPAwFxKhLOr2EBOg8RMCPgRX1JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:95:fb:3c:13:66:1e:61:be:b1:9e:a6:09:26:a8:77:10:dc:
         59:a2:35:be:11:5c:e0:32:1b:68:89:c9:b5:cb:2f:88:53:a7:
         d6:3a:fb:32:52:c7:91:36:c2:4d:03:4d:fb:fa:59:05:31:82:
         65:b2:67:19:6d:a6:e9:63:90:7f:d4:26:79:7b:b0:3c:26:a0:
         ed:71:55:df:a0:01:00:80:5e:75:16:49:f6:de:e8:ea:51:a9:
         39:96:94:9e:c8:52:f8:bf:45:44:91:f8:a9:55:21:e9:05:30:
         77:54:7c:8a:96:a1:e2:db:f4:7f:78:8f:27:5a:40:a5:7c:d4:
         d9:d8:37:11:b0:d1:fb:92:4e:9b:bc:fe:16:64:0d:44:2e:d2:
         8a:84:20:b0:71:62:3b:d9:be:bf:f6:69:57:d7:d7:67:40:25:
         b6:b1:26:2d:6f:7e:b9:e3:f2:25:2d:81:48:ea:c3:22:27:07:
         e3:30:1e:04:86:7b:f3:1d:65:3d:3c:34:9b:cf:e1:17:85:e8:
         9c:5b:ab:cb:6c:10:63:79:74:d1:c0:21:51:5a:29:24:c8:ff:
         44:80:7c:a8:43:88:bf:56:f2:28:7a:1e:8b:e0:ae:bb:b3:52:
         99:b9:43:58:ab:e0:57:2f:7e:42:4d:e5:f2:18:9d:92:ad:01:
         70:af:2d:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26y1W76w6QFCoe9CruF1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjYwMTAxMDAxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGYwMzAxNzEyYTEyY2VhZjYxMDEzYTBmMTEzMDIzZTA0NTdkNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWwgBdxXVAXDnqoXuJMb6GsJlTVE
khBOmce55PUiiumn3MwlU97b5hcg9ZzNdML/er5TYlkMLLOihCUSHv/Whz8bpn/X
cVeYZ5JaOUJjMZMdQ7ndccfMI3DzJbNbv3KE0oA+PbjQSZ2NVsKs2mL9GgZ8RneE
JvgpmVlht+y8cF/oyMDDu9GZKmIz9vd2A1e+PUYAP71JiXwqcTi6ZALhGFKIzT28
sBaWnhg8HtXBOz2Q53dPO2HoSWou666ptutjzvjm/DgARQF+6Yw8Bbeaf7FMoqly
uMLTpCw3EwfvoUFRDnJ1FxfbFFSMtr2/glW18fMzTQykLgmYFpBbfJX+fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDwMBcSoSzq9hAToPETAj4EV9SSMB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvUVBBd0Z4S2hMT3IyRUJPZzhSTUNQZ1JYMUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudySMA0G
CSqGSIb3DQEBCwUAA4IBAQANlfs8E2YeYb6xnqYJJqh3ENxZojW+EVzgMhtoicm1
yy+IU6fWOvsyUseRNsJNA037+lkFMYJlsmcZbabpY5B/1CZ5e7A8JqDtcVXfoAEA
gF51Fkn23ujqUak5lpSeyFL4v0VEkfipVSHpBTB3VHyKlqHi2/R/eI8nWkClfNTZ
2DcRsNH7kk6bvP4WZA1ELtKKhCCwcWI72b6/9mlX19dnQCW2sSYtb3654/IlLYFI
6sMiJwfjMB4EhnvzHWU9PDSbz+EXheicW6vLbBBjeXTRwCFRWikkyP9EgHyoQ4i/
VvIoeh6L4K67s1KZuUNYq+BXL35CTeXyGJ2SrQFwry2X
-----END CERTIFICATE-----