This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/ozDjJHd9lXLwxWrh2-jEN6PSQCE.roa
File:                     ozDjJHd9lXLwxWrh2-jEN6PSQCE.roa (raw, json)
Hash identifier:          XvQpiFDaAcngQACRfFy22wGd5bIod9LIooAabJeDAzg=
Subject key identifier:   A3:30:E3:24:77:7D:95:72:F0:C5:6A:E1:DB:E8:C4:37:A3:D2:40:21
Certificate issuer:       /CN=4142d3f9b31126e0850265715c9fc32174b557a4
Certificate serial:       019B0D826B2EBA85D7C9CE1CEF2924FC77A7
Authority key identifier: 41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/ozDjJHd9lXLwxWrh2-jEN6PSQCE.roa
Signing time:             Thu 11 Dec 2025 13:03:29 +0000
ROA not before:           Thu 11 Dec 2025 13:03:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202976
IP address blocks:        91.151.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Dec 2025 22:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:0d:82:6b:2e:ba:85:d7:c9:ce:1c:ef:29:24:fc:77:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4142d3f9b31126e0850265715c9fc32174b557a4
        Validity
            Not Before: Dec 11 13:03:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a330e324777d9572f0c56ae1dbe8c437a3d24021
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:29:62:62:16:92:e2:d3:26:75:0f:84:f9:ab:
                    0d:f1:0b:25:f0:b1:8d:97:5f:2d:18:bc:a8:6d:36:
                    5e:fc:be:a6:6a:3d:f5:67:c5:cc:10:f7:26:02:d8:
                    48:cb:b4:47:b2:df:26:df:81:16:cb:99:56:ea:60:
                    65:93:31:bb:22:86:e7:6b:99:d1:e1:8f:37:0c:1d:
                    09:ed:73:8c:b8:5c:52:fa:2b:ec:00:86:04:48:f9:
                    aa:a5:6d:0b:3a:f7:d0:d1:50:47:cd:13:d8:32:57:
                    d0:1d:fc:13:e1:0a:ee:9a:f9:e0:82:cb:26:3c:47:
                    b6:5a:96:37:05:a3:d8:d4:aa:dc:a3:1d:13:f3:2c:
                    d1:aa:9c:49:8c:5d:11:0e:2c:fa:7d:6d:38:6e:ea:
                    50:57:69:a4:4c:e4:34:31:97:49:c7:e4:5f:8e:b2:
                    f0:6f:ee:77:6e:5b:c2:8a:47:a1:2d:32:22:f8:55:
                    57:11:a6:1e:a2:61:58:d8:a1:4b:40:f7:d8:be:f9:
                    80:38:3c:b7:bf:57:9a:99:9b:14:28:69:5f:95:f5:
                    ce:f7:9e:35:0b:15:6d:19:72:1f:de:c8:44:4e:10:
                    ec:2e:04:04:af:2b:f3:6a:4c:a5:ce:f3:60:09:2a:
                    94:e3:12:2a:b2:42:a5:20:fb:28:ae:78:ae:17:84:
                    91:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:30:E3:24:77:7D:95:72:F0:C5:6A:E1:DB:E8:C4:37:A3:D2:40:21
            X509v3 Authority Key Identifier:
                keyid:41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/ozDjJHd9lXLwxWrh2-jEN6PSQCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.151.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:08:8e:2a:95:a6:8f:3e:31:6e:ec:61:32:8f:53:4a:58:a9:
         e1:b7:a2:eb:b9:9a:d3:81:3e:42:95:56:e9:c5:41:65:65:26:
         9c:46:cc:31:4d:fa:05:e3:53:d0:ee:60:d6:70:2d:8c:63:b2:
         5f:5f:9e:16:ad:7a:13:c0:a4:1f:59:bb:51:4d:90:04:79:51:
         38:e9:92:e3:45:de:10:ca:92:86:76:ae:9c:1d:f2:80:2a:92:
         75:55:9b:86:07:45:c1:b6:56:31:f2:70:25:92:63:e4:19:b8:
         8c:f6:51:54:73:90:48:09:27:9e:39:2a:52:ee:2c:5d:2d:a8:
         48:f2:00:7d:8c:a6:36:7f:ba:e7:e6:a7:e6:fa:f8:91:b8:65:
         e5:cc:ab:31:e1:8b:be:e7:24:58:d3:ba:ab:ba:82:67:b9:c6:
         17:0d:75:a0:df:6e:08:64:4a:ee:d0:6b:60:b1:df:8d:c0:fe:
         ec:4a:9a:43:31:d4:36:01:12:67:e1:df:a0:59:9b:ad:ed:50:
         46:61:d1:e5:db:32:0e:2d:d0:0d:65:c1:04:2c:52:38:9c:ec:
         ac:f3:c1:7b:37:84:4e:30:48:a9:91:3e:03:52:3a:6e:61:8a:
         c7:86:64:f7:1b:f0:40:0f:52:7e:c4:e5:37:f8:fd:94:ac:81:
         7a:88:d3:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsNgmsuuoXXyc4c7ykk/HenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDJkM2Y5YjMxMTI2ZTA4NTAyNjU3MTVjOWZjMzIxNzRi
NTU3YTQwHhcNMjUxMjExMTMwMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzMwZTMyNDc3N2Q5NTcyZjBjNTZhZTFkYmU4YzQzN2EzZDI0MDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8yliYhaS4tMmdQ+E+asN8Qsl8LGN
l18tGLyobTZe/L6maj31Z8XMEPcmAthIy7RHst8m34EWy5lW6mBlkzG7Iobna5nR
4Y83DB0J7XOMuFxS+ivsAIYESPmqpW0LOvfQ0VBHzRPYMlfQHfwT4Qrumvnggssm
PEe2WpY3BaPY1Krcox0T8yzRqpxJjF0RDiz6fW04bupQV2mkTOQ0MZdJx+RfjrLw
b+53blvCikehLTIi+FVXEaYeomFY2KFLQPfYvvmAODy3v1eamZsUKGlflfXO9541
CxVtGXIf3shEThDsLgQEryvzakylzvNgCSqU4xIqskKlIPsorniuF4SRhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMw4yR3fZVy8MVq4dvoxDej0kAhMB8GA1UdIwQY
MBaAFEFC0/mzESbghQJlcVyfwyF0tVekMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGIt
OWM5OGQxMTE5N2I3LzEvb3pEakpIZDlsWEx3eFdyaDItakVONlBTUUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGItOWM5OGQxMTE5N2I3
LzEvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5ddMA0G
CSqGSIb3DQEBCwUAA4IBAQACCI4qlaaPPjFu7GEyj1NKWKnht6LruZrTgT5ClVbp
xUFlZSacRswxTfoF41PQ7mDWcC2MY7JfX54WrXoTwKQfWbtRTZAEeVE46ZLjRd4Q
ypKGdq6cHfKAKpJ1VZuGB0XBtlYx8nAlkmPkGbiM9lFUc5BICSeeOSpS7ixdLahI
8gB9jKY2f7rn5qfm+viRuGXlzKsx4Yu+5yRY07qruoJnucYXDXWg324IZEru0Gtg
sd+NwP7sSppDMdQ2ARJn4d+gWZut7VBGYdHl2zIOLdANZcEELFI4nOys88F7N4RO
MEipkT4DUjpuYYrHhmT3G/BAD1J+xOU3+P2UrIF6iNMx
-----END CERTIFICATE-----