This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/qDwRi2lUn6QwtTVR74uQNIDyQDY.roa
File:                     qDwRi2lUn6QwtTVR74uQNIDyQDY.roa (raw, json)
Hash identifier:          jR4Cc4WipI4p46sG0PogQImTneHDTqWPMtigJYRDeY8=
Subject key identifier:   A8:3C:11:8B:69:54:9F:A4:30:B5:35:51:EF:8B:90:34:80:F2:40:36
Certificate issuer:       /CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
Certificate serial:       019B7F1568DB490059DB741F1594F87DDEEB
Authority key identifier: CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/qDwRi2lUn6QwtTVR74uQNIDyQDY.roa
Signing time:             Fri 02 Jan 2026 14:21:07 +0000
ROA not before:           Fri 02 Jan 2026 14:21:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202634
IP address blocks:        212.5.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:68:db:49:00:59:db:74:1f:15:94:f8:7d:de:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
        Validity
            Not Before: Jan  2 14:21:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a83c118b69549fa430b53551ef8b903480f24036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:11:1e:e3:29:4f:7e:6d:9f:76:6c:76:d4:29:
                    a5:12:a6:0e:e5:7a:c8:df:dc:66:43:da:64:99:2c:
                    90:6c:a1:a8:2e:2c:63:1c:12:83:ca:13:30:f8:2d:
                    2b:41:22:b0:5f:59:5f:e7:d4:55:61:36:76:71:ff:
                    34:14:27:ef:de:ed:fe:37:c7:f1:8d:04:72:1c:5d:
                    e8:27:7b:20:24:ea:fd:51:26:59:c1:21:87:64:98:
                    f2:bd:12:3f:ae:f8:d3:c7:54:5f:78:e5:77:b3:83:
                    f7:19:19:47:f1:e8:9b:a5:7b:7d:79:78:d5:1f:7d:
                    5a:17:c0:63:2c:44:81:1e:0d:84:60:80:e1:72:96:
                    e9:ac:fc:bb:12:0a:cc:a3:3e:1c:63:ea:a1:97:6a:
                    0b:eb:28:43:81:20:84:01:54:df:f7:ed:13:35:e5:
                    62:c3:40:57:64:d2:81:df:b2:64:93:25:cc:b3:4e:
                    c9:f9:f5:8b:7a:31:91:23:16:e1:70:b8:f9:65:8b:
                    c4:fa:6c:6c:31:fe:8b:0e:ad:35:8a:cc:04:dd:fb:
                    cf:9d:6b:a6:24:5e:ff:f6:a7:16:bb:3a:d8:05:52:
                    a2:17:56:51:a2:26:c2:26:be:d5:bc:73:2c:41:61:
                    e6:3f:cd:bd:9f:4d:d6:49:10:60:01:9b:39:a5:6f:
                    7d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:3C:11:8B:69:54:9F:A4:30:B5:35:51:EF:8B:90:34:80:F2:40:36
            X509v3 Authority Key Identifier:
                keyid:CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/qDwRi2lUn6QwtTVR74uQNIDyQDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:f1:2e:f6:46:36:07:fd:64:bf:93:e3:57:1e:ac:af:78:44:
         61:e2:71:7d:0a:f9:57:65:47:27:d0:04:48:b2:21:0a:63:b6:
         8e:e5:99:ea:44:1d:86:09:63:7f:1e:67:69:db:53:be:a8:f1:
         42:9f:b0:92:c4:42:8b:f0:54:21:d0:65:b1:25:0d:90:fb:36:
         27:58:9a:36:b3:47:75:86:c9:7e:f1:d4:7b:a9:f6:cf:26:6a:
         7d:6a:df:d6:ab:48:7c:59:03:dc:00:ac:b6:91:90:41:b1:56:
         61:11:e2:22:92:e0:29:f3:9a:ec:f2:71:db:2e:40:e1:e0:c4:
         5d:ed:8f:a0:50:89:99:bf:21:d6:71:29:f5:e4:90:95:87:27:
         df:5a:fd:8d:45:ed:78:33:2d:3e:b5:0b:83:12:d1:26:54:14:
         cd:05:13:cc:d4:c9:28:75:d6:c1:4f:82:7b:5c:80:8d:72:c3:
         04:af:c5:70:64:f8:9f:2f:d0:84:33:60:b4:f8:1b:c5:99:01:
         80:65:65:ce:47:93:00:75:5b:2c:06:f9:b4:54:e5:56:2e:da:
         dc:9a:21:ac:bb:68:43:83:24:c9:a2:dd:e6:df:0b:c0:36:0c:
         5b:bd:ba:27:b1:bf:b8:fd:13:40:a1:72:0c:fe:d7:cf:c0:07:
         67:f8:a5:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FWjbSQBZ23QfFZT4fd7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTUyZjljMzM5Y2FiZDE0MjM0ZDAwYzg0YTI1MmQ3ZWM3
MWEyYTIwHhcNMjYwMTAyMTQyMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODNjMTE4YjY5NTQ5ZmE0MzBiNTM1NTFlZjhiOTAzNDgwZjI0MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hEe4ylPfm2fdmx21CmlEqYO5XrI
39xmQ9pkmSyQbKGoLixjHBKDyhMw+C0rQSKwX1lf59RVYTZ2cf80FCfv3u3+N8fx
jQRyHF3oJ3sgJOr9USZZwSGHZJjyvRI/rvjTx1RfeOV3s4P3GRlH8eibpXt9eXjV
H31aF8BjLESBHg2EYIDhcpbprPy7EgrMoz4cY+qhl2oL6yhDgSCEAVTf9+0TNeVi
w0BXZNKB37JkkyXMs07J+fWLejGRIxbhcLj5ZYvE+mxsMf6LDq01iswE3fvPnWum
JF7/9qcWuzrYBVKiF1ZRoibCJr7VvHMsQWHmP829n03WSRBgAZs5pW99xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKg8EYtpVJ+kMLU1Ue+LkDSA8kA2MB8GA1UdIwQY
MBaAFMuVL5wznKvRQjTQDISiUtfscaKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMt
ZmQyMmRmM2I1N2Y2LzEvcUR3UmkybFVuNlF3dFRWUjc0dVFOSUR5UURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMtZmQyMmRmM2I1N2Y2
LzEveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AUzMA0G
CSqGSIb3DQEBCwUAA4IBAQCo8S72RjYH/WS/k+NXHqyveERh4nF9CvlXZUcn0ARI
siEKY7aO5ZnqRB2GCWN/Hmdp21O+qPFCn7CSxEKL8FQh0GWxJQ2Q+zYnWJo2s0d1
hsl+8dR7qfbPJmp9at/Wq0h8WQPcAKy2kZBBsVZhEeIikuAp85rs8nHbLkDh4MRd
7Y+gUImZvyHWcSn15JCVhyffWv2NRe14My0+tQuDEtEmVBTNBRPM1MkoddbBT4J7
XICNcsMEr8VwZPifL9CEM2C0+BvFmQGAZWXOR5MAdVssBvm0VOVWLtrcmiGsu2hD
gyTJot3m3wvANgxbvbonsb+4/RNAoXIM/tfPwAdn+KUW
-----END CERTIFICATE-----