This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/VQOPf2RUMJW1SZwClXdIVxq1UE4.roa
File:                     VQOPf2RUMJW1SZwClXdIVxq1UE4.roa (raw, json)
Hash identifier:          Swr4ikCDYTWKbkIDZNQjVq4ctE0yuAf+1Zp9UYFMKXk=
Subject key identifier:   55:03:8F:7F:64:54:30:95:B5:49:9C:02:95:77:48:57:1A:B5:50:4E
Certificate issuer:       /CN=aa5212958d8e1baa144a82a821f93a890dcba49a
Certificate serial:       019B7E37D44A1D81D7CE9672E7E7970CAB9F
Authority key identifier: AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/VQOPf2RUMJW1SZwClXdIVxq1UE4.roa
Signing time:             Fri 02 Jan 2026 10:19:06 +0000
ROA not before:           Fri 02 Jan 2026 10:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        43.226.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:d4:4a:1d:81:d7:ce:96:72:e7:e7:97:0c:ab:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5212958d8e1baa144a82a821f93a890dcba49a
        Validity
            Not Before: Jan  2 10:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55038f7f64543095b5499c02957748571ab5504e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:db:70:52:cb:57:32:ee:d6:3b:a7:87:b6:8a:
                    11:5b:a9:82:75:15:8b:3e:ee:d8:1c:d3:52:6b:07:
                    30:35:db:08:37:2e:50:8d:2d:01:c1:26:83:7c:b8:
                    f6:9b:a9:6d:9e:58:6e:fe:2a:26:73:46:ab:8a:96:
                    26:fb:4c:b9:6a:40:35:d9:94:3a:b1:4a:9b:51:66:
                    60:54:24:6a:49:10:c8:19:15:27:2b:07:ca:4e:d1:
                    32:18:c4:b9:39:de:29:96:2c:93:dc:da:4e:f8:11:
                    22:ec:ca:3a:8c:4b:6d:88:e0:65:85:38:b9:fc:88:
                    0e:0e:86:7b:4d:60:4c:89:2f:00:cb:d3:69:39:e0:
                    ca:9d:48:53:0e:84:ec:5c:b2:b0:9b:3a:a8:a0:17:
                    53:c2:10:b8:93:af:c7:9b:ea:1e:8a:a8:b6:bf:f3:
                    fd:81:1f:99:f2:9e:ac:e9:7e:79:4e:9e:41:2b:23:
                    cf:e8:73:fb:97:ac:3c:db:24:16:68:c1:c6:41:38:
                    9c:7d:98:d7:64:fe:c4:3c:15:69:91:17:71:8b:48:
                    7a:43:32:61:f1:21:e5:8c:83:81:86:a7:ed:76:88:
                    f8:11:2d:3f:ea:53:8c:34:ed:bb:f8:46:76:4a:f1:
                    01:54:69:12:4e:c6:6a:49:be:93:09:d6:6a:5a:c1:
                    a6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:03:8F:7F:64:54:30:95:B5:49:9C:02:95:77:48:57:1A:B5:50:4E
            X509v3 Authority Key Identifier:
                keyid:AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/VQOPf2RUMJW1SZwClXdIVxq1UE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:30:88:1c:bf:71:3f:e4:ea:07:be:a0:a9:2b:e3:6e:54:8c:
         e0:e0:86:98:be:88:34:f9:8f:59:82:45:e3:a3:da:df:14:ed:
         6e:22:d5:2c:d4:f6:4e:c1:2a:d5:fc:4c:d8:b7:97:f4:a7:43:
         23:37:78:57:7d:41:4c:dd:de:b8:93:fb:a6:3b:6a:8f:b3:e6:
         07:68:ae:db:58:57:9f:42:4a:b7:8a:09:49:be:55:34:8d:5a:
         96:57:e4:d2:28:87:a6:54:4a:56:7f:24:5c:b7:9d:74:32:dd:
         ce:d9:ef:63:29:3d:2f:20:04:b0:cb:e1:41:04:51:1c:e2:8f:
         60:c4:19:e3:22:83:5a:69:35:5d:51:42:69:3a:0d:45:bf:3e:
         2c:99:7a:7d:e7:20:68:1f:e6:d3:aa:db:99:28:3e:57:d9:dd:
         f0:80:55:18:94:1e:bd:ee:2d:22:4e:a7:d8:d5:b3:1f:2f:da:
         0a:dc:59:b6:01:f0:df:3b:99:23:45:16:fe:25:0a:d3:8f:f8:
         4d:72:1e:d9:60:dc:7c:57:f4:b5:93:eb:db:2f:0a:91:5d:8d:
         b4:0e:54:ba:7a:fb:f9:3b:45:c6:6b:9b:0b:b7:05:e3:69:a7:
         56:89:f8:ad:93:c5:c7:a8:9f:b0:90:39:fb:07:1c:0c:c9:78:
         b5:80:11:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N9RKHYHXzpZy5+eXDKufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTIxMjk1OGQ4ZTFiYWExNDRhODJhODIxZjkzYTg5MGRj
YmE0OWEwHhcNMjYwMTAyMTAxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTAzOGY3ZjY0NTQzMDk1YjU0OTljMDI5NTc3NDg1NzFhYjU1MDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dtwUstXMu7WO6eHtooRW6mCdRWL
Pu7YHNNSawcwNdsINy5QjS0BwSaDfLj2m6ltnlhu/iomc0aripYm+0y5akA12ZQ6
sUqbUWZgVCRqSRDIGRUnKwfKTtEyGMS5Od4pliyT3NpO+BEi7Mo6jEttiOBlhTi5
/IgODoZ7TWBMiS8Ay9NpOeDKnUhTDoTsXLKwmzqooBdTwhC4k6/Hm+oeiqi2v/P9
gR+Z8p6s6X55Tp5BKyPP6HP7l6w82yQWaMHGQTicfZjXZP7EPBVpkRdxi0h6QzJh
8SHljIOBhqftdoj4ES0/6lOMNO27+EZ2SvEBVGkSTsZqSb6TCdZqWsGmxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUDj39kVDCVtUmcApV3SFcatVBOMB8GA1UdIwQY
MBaAFKpSEpWNjhuqFEqCqCH5OokNy6SaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYt
YjQwMWE0YTA0NDkyLzEvVlFPUGYyUlVNSlcxU1p3Q2xYZElWeHExVUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYtYjQwMWE0YTA0NDky
LzEvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK+LjMA0G
CSqGSIb3DQEBCwUAA4IBAQCqMIgcv3E/5OoHvqCpK+NuVIzg4IaYvog0+Y9ZgkXj
o9rfFO1uItUs1PZOwSrV/EzYt5f0p0MjN3hXfUFM3d64k/umO2qPs+YHaK7bWFef
Qkq3iglJvlU0jVqWV+TSKIemVEpWfyRct510Mt3O2e9jKT0vIASwy+FBBFEc4o9g
xBnjIoNaaTVdUUJpOg1Fvz4smXp95yBoH+bTqtuZKD5X2d3wgFUYlB697i0iTqfY
1bMfL9oK3Fm2AfDfO5kjRRb+JQrTj/hNch7ZYNx8V/S1k+vbLwqRXY20DlS6evv5
O0XGa5sLtwXjaadWifitk8XHqJ+wkDn7BxwMyXi1gBHW
-----END CERTIFICATE-----