This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/QwGBspDsi-qrPiNF2EDb3iI_pek.roa
File:                     QwGBspDsi-qrPiNF2EDb3iI_pek.roa (raw, json)
Hash identifier:          6Z3sQwhkjCN46fJrGzzk3Wow4eW2/hmelPF5s8l9o4U=
Subject key identifier:   43:01:81:B2:90:EC:8B:EA:AB:3E:23:45:D8:40:DB:DE:22:3F:A5:E9
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       019B76EB25A8A2D6A2C1B64215C1B912D328
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/QwGBspDsi-qrPiNF2EDb3iI_pek.roa
Signing time:             Thu 01 Jan 2026 00:18:00 +0000
ROA not before:           Thu 01 Jan 2026 00:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.220.146.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:25:a8:a2:d6:a2:c1:b6:42:15:c1:b9:12:d3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Jan  1 00:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=430181b290ec8beaab3e2345d840dbde223fa5e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e5:28:f7:19:03:1c:b9:00:bf:74:e1:68:3d:
                    9e:54:c5:01:63:0d:27:7a:44:d4:fc:66:64:f6:6a:
                    97:c8:a4:3e:2b:34:85:b4:ce:ce:57:f1:ff:95:16:
                    0c:34:ef:5b:d6:84:69:a9:e9:b4:3a:7e:e6:cf:26:
                    75:d5:fa:a5:08:f5:96:62:63:71:be:43:17:13:ab:
                    0a:15:46:41:5d:2b:b4:79:30:61:b6:c2:8d:05:d0:
                    fc:f7:95:36:c0:78:af:a1:a4:ae:0e:36:03:7b:50:
                    47:23:da:52:8e:2c:b6:ad:99:42:0d:fd:b6:b7:cb:
                    0a:94:d0:84:1c:f5:2f:00:f1:94:b9:cd:a4:97:dd:
                    dc:16:2f:de:74:97:71:0a:0c:c8:39:f2:4f:bb:b7:
                    6d:48:7d:ff:14:c8:82:d5:cc:3b:2b:14:40:0c:be:
                    73:82:ff:6b:1c:f7:10:94:56:36:18:21:94:81:2d:
                    35:de:81:e7:3f:07:33:48:c2:c9:0a:5c:6b:af:6d:
                    78:76:5d:9c:ad:52:aa:29:11:ac:06:0f:8d:24:90:
                    a4:9b:91:35:0a:8c:53:95:0b:92:38:41:34:37:ea:
                    bf:25:22:8b:ba:e3:ef:cb:5a:58:82:9f:4d:3f:94:
                    78:16:d7:8a:83:bb:03:c2:db:d4:01:2f:32:1e:8d:
                    db:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:01:81:B2:90:EC:8B:EA:AB:3E:23:45:D8:40:DB:DE:22:3F:A5:E9
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/QwGBspDsi-qrPiNF2EDb3iI_pek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:2c:07:50:fa:02:b4:64:c3:e8:d9:bd:b6:ec:0c:fa:41:3c:
         77:70:b6:d1:9c:2c:83:20:83:f7:8b:8a:56:37:ce:30:de:89:
         47:63:cf:6b:1f:62:28:8a:f1:e0:62:0c:23:e3:08:73:a1:d9:
         fc:a1:18:39:15:8c:e0:60:64:3c:c7:cb:4a:63:e6:ed:53:91:
         ed:83:d4:f0:31:a7:91:51:d5:52:38:d6:87:3d:e9:e0:93:a1:
         8b:12:25:8c:10:89:66:81:02:3b:7f:57:03:23:c8:99:76:43:
         c4:df:d7:e9:f3:e5:ae:96:20:65:3a:7d:09:b2:c2:f4:c5:ee:
         37:a4:d6:75:87:bb:08:2d:49:1c:c9:8b:a8:69:07:68:b8:ab:
         76:90:7b:70:57:15:1c:a1:8c:a1:7f:ee:dd:31:b8:f2:0c:e7:
         fc:88:cd:06:a2:ef:51:29:2f:7a:90:b9:0e:3f:ec:5d:0f:c8:
         42:79:92:2d:31:06:e1:a4:af:40:74:03:8d:dc:81:e7:b7:4a:
         3e:e4:e3:46:13:fe:44:af:7b:0f:b7:0c:e9:4e:43:dc:45:79:
         82:3e:b0:95:30:a7:1c:15:b7:a0:39:82:13:03:a1:9e:3c:70:
         e6:2c:9b:7c:3b:68:38:70:5c:be:f0:dd:49:ad:ee:6e:0c:45:
         df:16:46:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26yWootaiwbZCFcG5EtMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjYwMTAxMDAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzAxODFiMjkwZWM4YmVhYWIzZTIzNDVkODQwZGJkZTIyM2ZhNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+Uo9xkDHLkAv3ThaD2eVMUBYw0n
ekTU/GZk9mqXyKQ+KzSFtM7OV/H/lRYMNO9b1oRpqem0On7mzyZ11fqlCPWWYmNx
vkMXE6sKFUZBXSu0eTBhtsKNBdD895U2wHivoaSuDjYDe1BHI9pSjiy2rZlCDf22
t8sKlNCEHPUvAPGUuc2kl93cFi/edJdxCgzIOfJPu7dtSH3/FMiC1cw7KxRADL5z
gv9rHPcQlFY2GCGUgS013oHnPwczSMLJClxrr214dl2crVKqKRGsBg+NJJCkm5E1
CoxTlQuSOEE0N+q/JSKLuuPvy1pYgp9NP5R4FteKg7sDwtvUAS8yHo3bbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMBgbKQ7Ivqqz4jRdhA294iP6XpMB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvUXdHQnNwRHNpLXFyUGlORjJFRGIzaUlfcGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudySMA0G
CSqGSIb3DQEBCwUAA4IBAQA2LAdQ+gK0ZMPo2b227Az6QTx3cLbRnCyDIIP3i4pW
N84w3olHY89rH2IoivHgYgwj4whzodn8oRg5FYzgYGQ8x8tKY+btU5Htg9TwMaeR
UdVSONaHPengk6GLEiWMEIlmgQI7f1cDI8iZdkPE39fp8+WuliBlOn0JssL0xe43
pNZ1h7sILUkcyYuoaQdouKt2kHtwVxUcoYyhf+7dMbjyDOf8iM0Gou9RKS96kLkO
P+xdD8hCeZItMQbhpK9AdAON3IHnt0o+5ONGE/5Er3sPtwzpTkPcRXmCPrCVMKcc
FbegOYITA6GePHDmLJt8O2g4cFy+8N1Jre5uDEXfFkYt
-----END CERTIFICATE-----