This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/CDqm3nL-mWUyOy7FztAgewiin3g.roa
File:                     CDqm3nL-mWUyOy7FztAgewiin3g.roa (raw, json)
Hash identifier:          Dkjb68aiN/QU/1LeHSAGRrsXMObCtO5LMWVbJ6e1quk=
Subject key identifier:   08:3A:A6:DE:72:FE:99:65:32:3B:2E:C5:CE:D0:20:7B:08:A2:9F:78
Certificate issuer:       /CN=291f0b73e67d63c5a4c9046814166a9e21625f28
Certificate serial:       019B7A5B49E9ACD03652310B0D7466DEB4F9
Authority key identifier: 29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/CDqm3nL-mWUyOy7FztAgewiin3g.roa
Signing time:             Thu 01 Jan 2026 16:19:21 +0000
ROA not before:           Thu 01 Jan 2026 16:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203902
IP address blocks:        198.52.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:49:e9:ac:d0:36:52:31:0b:0d:74:66:de:b4:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291f0b73e67d63c5a4c9046814166a9e21625f28
        Validity
            Not Before: Jan  1 16:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=083aa6de72fe9965323b2ec5ced0207b08a29f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b5:39:0d:42:6d:5a:78:f5:d1:9b:19:fb:ed:
                    30:23:5f:5e:b9:6b:ed:fe:6d:00:4c:88:60:38:8a:
                    a3:e5:c7:d9:08:76:6f:ed:66:08:12:d4:bf:7c:d3:
                    09:9b:15:9d:5a:c0:5f:e1:57:09:de:87:d6:6b:a1:
                    4f:59:be:66:cd:41:31:1e:ab:a4:b0:c2:b6:a5:e2:
                    6f:dd:35:6c:a5:96:8f:9a:24:1c:d1:29:e3:04:bb:
                    f9:31:f4:f8:34:ca:35:c4:bf:97:2f:e8:44:73:f6:
                    48:57:95:c6:ac:36:89:da:65:8f:51:ea:b8:93:da:
                    0d:55:15:87:bd:3f:bd:6d:78:6b:8c:5d:04:ed:e6:
                    72:eb:19:3b:6b:d0:ec:78:0a:25:1d:42:63:4b:6e:
                    80:ed:51:90:83:26:c9:f8:f6:ba:ef:79:ea:f4:b5:
                    59:e0:c3:d3:2b:6e:ec:7e:27:a1:15:56:9d:0a:01:
                    f4:28:69:28:78:f3:d0:f4:47:68:ba:59:04:6b:2d:
                    59:5f:a6:c2:ae:1b:7d:15:98:c3:07:1d:ff:02:45:
                    34:9a:d6:ce:f0:5c:fc:dd:f7:67:99:13:d7:59:45:
                    a3:57:b7:eb:4b:a8:a7:ef:27:3c:1b:08:f1:5d:65:
                    09:28:3f:79:da:7f:bb:91:18:eb:5f:75:90:de:9f:
                    53:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3A:A6:DE:72:FE:99:65:32:3B:2E:C5:CE:D0:20:7B:08:A2:9F:78
            X509v3 Authority Key Identifier:
                keyid:29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/CDqm3nL-mWUyOy7FztAgewiin3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.52.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9f:a3:89:df:bb:1b:e6:fc:13:ae:be:3f:76:37:6f:09:85:
         aa:60:9b:b9:e6:f8:18:51:14:2a:61:30:3f:83:77:1b:0c:2e:
         3c:81:0a:eb:e2:e1:e3:53:24:56:e0:cb:8e:fd:3b:85:6f:4e:
         98:96:ca:36:6d:9a:04:c7:4a:7b:11:55:3a:0e:2b:17:54:13:
         ff:3e:f0:d1:88:c1:de:c3:87:fc:f6:18:64:dd:5e:11:4b:ad:
         16:d5:62:6c:56:3c:5b:a7:db:92:4a:be:fa:9e:ef:81:27:67:
         da:b5:d6:29:bc:70:6c:a5:7b:26:28:6e:02:dc:3d:09:43:10:
         58:54:cd:eb:1c:0c:dc:af:64:dc:e8:c3:ac:b0:22:fc:6e:ca:
         dc:3c:e8:5d:b7:ae:59:5b:ed:c7:84:0b:89:43:c1:f8:9b:de:
         38:de:88:6a:e4:22:3e:02:f1:6c:45:b0:ce:43:e4:3f:27:ca:
         98:4d:42:49:8f:2d:55:60:f3:32:5f:25:20:05:9d:5a:e4:4d:
         cc:15:51:3c:6f:f9:5b:13:c5:41:c1:53:79:1f:1d:bf:65:04:
         5a:2d:77:c7:2b:26:bb:f5:da:b8:4f:07:ea:76:c2:48:6a:0c:
         21:05:bf:db:87:bf:25:c4:71:3f:5d:ad:0e:11:53:ea:57:22:
         93:bd:13:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W0nprNA2UjELDXRm3rT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWYwYjczZTY3ZDYzYzVhNGM5MDQ2ODE0MTY2YTllMjE2
MjVmMjgwHhcNMjYwMTAxMTYxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNhYTZkZTcyZmU5OTY1MzIzYjJlYzVjZWQwMjA3YjA4YTI5Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrU5DUJtWnj10ZsZ++0wI19euWvt
/m0ATIhgOIqj5cfZCHZv7WYIEtS/fNMJmxWdWsBf4VcJ3ofWa6FPWb5mzUExHquk
sMK2peJv3TVspZaPmiQc0SnjBLv5MfT4NMo1xL+XL+hEc/ZIV5XGrDaJ2mWPUeq4
k9oNVRWHvT+9bXhrjF0E7eZy6xk7a9DseAolHUJjS26A7VGQgybJ+Pa673nq9LVZ
4MPTK27sfiehFVadCgH0KGkoePPQ9EdoulkEay1ZX6bCrht9FZjDBx3/AkU0mtbO
8Fz83fdnmRPXWUWjV7frS6in7yc8GwjxXWUJKD952n+7kRjrX3WQ3p9TkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAg6pt5y/pllMjsuxc7QIHsIop94MB8GA1UdIwQY
MBaAFCkfC3PmfWPFpMkEaBQWap4hYl8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQt
MzhlZThmZDY0ZTdkLzEvQ0RxbTNuTC1tV1V5T3k3Rnp0QWdld2lpbjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQtMzhlZThmZDY0ZTdk
LzEvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxjQsMA0G
CSqGSIb3DQEBCwUAA4IBAQB2n6OJ37sb5vwTrr4/djdvCYWqYJu55vgYURQqYTA/
g3cbDC48gQrr4uHjUyRW4MuO/TuFb06Ylso2bZoEx0p7EVU6DisXVBP/PvDRiMHe
w4f89hhk3V4RS60W1WJsVjxbp9uSSr76nu+BJ2fatdYpvHBspXsmKG4C3D0JQxBY
VM3rHAzcr2Tc6MOssCL8bsrcPOhdt65ZW+3HhAuJQ8H4m9443ohq5CI+AvFsRbDO
Q+Q/J8qYTUJJjy1VYPMyXyUgBZ1a5E3MFVE8b/lbE8VBwVN5Hx2/ZQRaLXfHKya7
9dq4TwfqdsJIagwhBb/bh78lxHE/Xa0OEVPqVyKTvRNe
-----END CERTIFICATE-----