This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/QCoWTqPLbJGw1zUEhRnFeDiw-yk.roa
File:                     QCoWTqPLbJGw1zUEhRnFeDiw-yk.roa (raw, json)
Hash identifier:          5ldKqSvwDttirHKWjJFhqblT3JDzISSPbft9iHSvGCE=
Subject key identifier:   40:2A:16:4E:A3:CB:6C:91:B0:D7:35:04:85:19:C5:78:38:B0:FB:29
Certificate issuer:       /CN=79a304ba34b61a15e3797ffd4d1ae8c218c1c7bf
Certificate serial:       019B7A5AED16FFD11E98E16DA72FB581CB26
Authority key identifier: 79:A3:04:BA:34:B6:1A:15:E3:79:7F:FD:4D:1A:E8:C2:18:C1:C7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/QCoWTqPLbJGw1zUEhRnFeDiw-yk.roa
Signing time:             Thu 01 Jan 2026 16:18:57 +0000
ROA not before:           Thu 01 Jan 2026 16:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56841
IP address blocks:        185.23.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 13:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ed:16:ff:d1:1e:98:e1:6d:a7:2f:b5:81:cb:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a304ba34b61a15e3797ffd4d1ae8c218c1c7bf
        Validity
            Not Before: Jan  1 16:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=402a164ea3cb6c91b0d735048519c57838b0fb29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:62:8c:fc:1c:54:d0:40:3f:df:6a:1c:eb:07:
                    5d:57:2a:bc:d0:d2:ca:97:52:a6:32:3e:4a:18:49:
                    49:ff:ee:7c:4a:51:5a:14:34:d7:45:6a:8d:8c:53:
                    b1:9f:d1:56:29:52:99:f2:88:55:e3:32:15:e6:57:
                    cb:71:e6:0d:64:05:18:57:78:33:29:4d:9f:c3:bd:
                    86:f8:4a:7f:45:82:f6:51:3d:06:12:41:26:d4:a3:
                    af:27:52:6b:dd:5e:98:2c:eb:9f:b0:ee:c3:55:60:
                    33:ba:81:b0:c8:8d:bf:9e:5c:cc:69:48:a4:16:1f:
                    d1:05:b0:4b:c7:ac:c1:05:7b:e9:8d:aa:ea:27:ba:
                    b0:d0:f4:37:02:6b:91:fb:c1:97:a4:01:24:b9:f0:
                    98:80:02:c5:3b:bd:49:4e:72:6d:ac:f6:9f:10:8f:
                    13:d5:6b:af:f9:b4:ec:e7:7e:4d:77:3d:de:41:bc:
                    da:fd:dd:6a:6b:59:e5:83:da:e0:e4:3b:e5:54:66:
                    20:d7:9f:bf:49:b2:de:be:57:08:a7:12:9f:87:bc:
                    d3:76:13:1f:a5:72:6f:48:db:d3:f8:14:cf:f5:41:
                    5d:eb:aa:c7:51:d3:a7:7f:0a:95:d7:12:d7:d1:24:
                    61:ec:cf:80:a5:11:76:19:68:d7:8a:7f:e8:46:00:
                    7f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:2A:16:4E:A3:CB:6C:91:B0:D7:35:04:85:19:C5:78:38:B0:FB:29
            X509v3 Authority Key Identifier:
                keyid:79:A3:04:BA:34:B6:1A:15:E3:79:7F:FD:4D:1A:E8:C2:18:C1:C7:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/QCoWTqPLbJGw1zUEhRnFeDiw-yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:cb:6a:1a:ee:44:84:bc:3c:73:38:5a:56:5b:e7:f5:6c:23:
         08:92:0a:7b:22:75:30:5a:16:63:28:98:ba:e9:2b:2f:63:4f:
         e7:61:7e:8e:cf:e3:b0:a2:f0:be:b6:16:3b:c4:72:8f:97:f8:
         1c:47:8c:ee:39:5e:d2:32:13:8b:60:69:dc:4b:d5:17:35:b1:
         67:5c:75:87:b7:e4:3c:1d:99:63:7c:a2:6a:25:f8:ac:de:cf:
         98:7e:19:7b:51:ef:cf:f6:25:97:37:83:ab:d2:26:44:29:e6:
         3a:49:00:22:11:ec:c1:78:58:ec:99:1d:f9:ad:a9:7f:22:fd:
         69:cf:0d:02:1d:8f:5f:cb:10:9c:8b:ce:b4:bf:a1:9a:c9:13:
         e5:a2:e6:ec:eb:c6:f1:d9:13:63:8a:7a:2e:0e:bc:41:89:31:
         87:f7:38:01:e4:f5:91:89:1e:ee:a7:46:55:bc:ca:07:f8:b8:
         22:08:92:ce:56:d3:17:35:77:f8:44:82:a8:59:18:53:42:da:
         cd:1e:42:16:fe:57:58:e9:97:2e:dd:52:c0:37:e7:b4:6b:18:
         78:e7:52:16:09:f2:2c:f1:c6:84:f6:ca:1d:cb:f9:93:70:99:
         d4:49:a5:1a:9d:a5:5b:ff:2b:df:f9:3b:71:56:bf:7e:d3:b8:
         a5:f3:bf:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wu0W/9EemOFtpy+1gcsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTMwNGJhMzRiNjFhMTVlMzc5N2ZmZDRkMWFlOGMyMThj
MWM3YmYwHhcNMjYwMTAxMTYxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDJhMTY0ZWEzY2I2YzkxYjBkNzM1MDQ4NTE5YzU3ODM4YjBmYjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA72KM/BxU0EA/32oc6wddVyq80NLK
l1KmMj5KGElJ/+58SlFaFDTXRWqNjFOxn9FWKVKZ8ohV4zIV5lfLceYNZAUYV3gz
KU2fw72G+Ep/RYL2UT0GEkEm1KOvJ1Jr3V6YLOufsO7DVWAzuoGwyI2/nlzMaUik
Fh/RBbBLx6zBBXvpjarqJ7qw0PQ3AmuR+8GXpAEkufCYgALFO71JTnJtrPafEI8T
1Wuv+bTs535Ndz3eQbza/d1qa1nlg9rg5DvlVGYg15+/SbLevlcIpxKfh7zTdhMf
pXJvSNvT+BTP9UFd66rHUdOnfwqV1xLX0SRh7M+ApRF2GWjXin/oRgB/tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAqFk6jy2yRsNc1BIUZxXg4sPspMB8GA1UdIwQY
MBaAFHmjBLo0thoV43l//U0a6MIYwce/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFNRXVqUzJHaFhqZVhfOVRScm93aGpCeDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lNjAxMDctMTlmMy00MTk0LWJjMmYt
OTlhMGQyOWJhNTYzLzEvUUNvV1RxUExiSkd3MXpVRWhSbkZlRGl3LXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lNjAxMDctMTlmMy00MTk0LWJjMmYtOTlhMGQyOWJhNTYz
LzEvZWFNRXVqUzJHaFhqZVhfOVRScm93aGpCeDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRdvMA0G
CSqGSIb3DQEBCwUAA4IBAQAly2oa7kSEvDxzOFpWW+f1bCMIkgp7InUwWhZjKJi6
6SsvY0/nYX6Oz+OwovC+thY7xHKPl/gcR4zuOV7SMhOLYGncS9UXNbFnXHWHt+Q8
HZljfKJqJfis3s+Yfhl7Ue/P9iWXN4Or0iZEKeY6SQAiEezBeFjsmR35ral/Iv1p
zw0CHY9fyxCci860v6GayRPloubs68bx2RNjinouDrxBiTGH9zgB5PWRiR7up0ZV
vMoH+LgiCJLOVtMXNXf4RIKoWRhTQtrNHkIW/ldY6Zcu3VLAN+e0axh451IWCfIs
8caE9sody/mTcJnUSaUanaVb/yvf+TtxVr9+07il87+S
-----END CERTIFICATE-----