This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/QqUbGPbWnb6gjhCMOqT2grVMHLc.roa
File:                     QqUbGPbWnb6gjhCMOqT2grVMHLc.roa (raw, json)
Hash identifier:          Nr3sSa3uJP0epmv5crHEIzFx3Y5ip1SyFjThlCVINnw=
Subject key identifier:   42:A5:1B:18:F6:D6:9D:BE:A0:8E:10:8C:3A:A4:F6:82:B5:4C:1C:B7
Certificate issuer:       /CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
Certificate serial:       019B7F8211366C93CF3DFA25F95FCAF51816
Authority key identifier: 64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/QqUbGPbWnb6gjhCMOqT2grVMHLc.roa
Signing time:             Fri 02 Jan 2026 16:19:49 +0000
ROA not before:           Fri 02 Jan 2026 16:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        185.244.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 16:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:11:36:6c:93:cf:3d:fa:25:f9:5f:ca:f5:18:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
        Validity
            Not Before: Jan  2 16:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42a51b18f6d69dbea08e108c3aa4f682b54c1cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a6:42:ee:36:f8:3b:c4:dc:98:17:8f:8b:8d:
                    28:44:d2:d7:ac:a8:47:8f:bd:db:e2:b8:a3:23:4c:
                    0a:3c:11:df:b5:8d:87:d9:52:d2:a0:fa:39:58:07:
                    39:5d:e8:13:93:34:3e:33:d5:96:90:19:86:90:37:
                    e3:68:81:b2:93:a3:4d:fa:d3:64:7f:d6:0a:29:d5:
                    0b:06:25:8f:c4:7e:82:2d:ec:ce:e4:79:d9:0f:46:
                    1a:e8:36:cb:15:67:fc:bb:b1:77:de:0e:b8:dc:ee:
                    a0:72:29:81:3e:74:95:1a:37:dd:14:86:78:69:8c:
                    f2:8d:bf:53:65:81:48:3d:5c:a6:e7:53:54:58:cc:
                    e2:b7:4b:46:18:47:06:e9:f9:bc:68:84:6d:78:c0:
                    40:ee:0d:cf:e1:da:b6:b0:4c:94:72:93:1e:d6:a3:
                    11:62:37:ae:22:02:d4:1a:61:28:73:36:fa:f7:0c:
                    bd:5a:7e:ad:26:71:33:8b:29:77:0f:26:db:44:71:
                    82:32:cb:e3:20:2a:69:38:a5:da:ae:46:d5:df:77:
                    a0:0d:b3:b8:b2:24:0e:d5:bb:04:d3:b1:ce:1c:c6:
                    af:78:6d:d7:a7:96:cb:3a:46:cc:b5:27:3c:13:c8:
                    56:11:c7:ee:87:04:41:3b:54:51:03:a5:a0:ec:65:
                    5d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A5:1B:18:F6:D6:9D:BE:A0:8E:10:8C:3A:A4:F6:82:B5:4C:1C:B7
            X509v3 Authority Key Identifier:
                keyid:64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/QqUbGPbWnb6gjhCMOqT2grVMHLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:09:92:aa:c6:ab:f7:31:1c:99:c3:0d:9a:b9:27:b1:b2:63:
         ea:d5:7a:9f:7b:7b:ca:6a:de:67:01:d1:e6:18:96:fd:bf:d0:
         59:e0:33:49:02:ad:c5:52:01:0c:32:81:2e:e3:d8:50:1e:0a:
         aa:bd:61:ff:a6:d1:09:fa:84:2d:d4:43:c8:37:a1:77:0e:9d:
         e9:f5:67:65:f7:6d:4f:e3:52:80:14:f1:5a:bf:1a:5d:34:92:
         1d:eb:ab:56:8b:7f:d9:e1:cb:52:32:ab:cb:1f:be:d9:0a:9d:
         cf:5d:01:8f:54:9b:8b:59:93:da:3c:79:1a:5d:9e:d8:14:e2:
         6f:0b:4e:c2:ac:2d:d9:da:8a:2b:bd:f5:dc:9a:48:e6:5c:6c:
         bb:94:bf:ae:5d:70:07:1f:48:53:80:38:d1:dc:c0:9a:26:66:
         a0:16:59:3c:01:5c:e5:b1:4e:fc:85:f0:ea:34:9d:5f:c6:b9:
         20:40:98:7e:bf:49:25:70:c9:39:e9:c6:b4:a5:92:7c:28:bc:
         d8:2c:6e:15:cf:ad:5d:c5:6e:c8:cf:8a:5d:06:db:54:22:ae:
         32:40:26:06:0c:db:44:9b:13:64:25:6a:e6:e1:23:0a:80:9c:
         ec:96:b8:a2:69:9b:20:b4:fc:9d:e1:42:60:44:9a:c0:d3:b3:
         1e:3b:56:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/ghE2bJPPPfol+V/K9RgWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGNkYmFlODRiMjZhODQ4NGIxMGMwMGViZmRmYmNiNDk5
MGMxNTcwHhcNMjYwMTAyMTYxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmE1MWIxOGY2ZDY5ZGJlYTA4ZTEwOGMzYWE0ZjY4MmI1NGMxY2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6ZC7jb4O8TcmBePi40oRNLXrKhH
j73b4rijI0wKPBHftY2H2VLSoPo5WAc5XegTkzQ+M9WWkBmGkDfjaIGyk6NN+tNk
f9YKKdULBiWPxH6CLezO5HnZD0Ya6DbLFWf8u7F33g643O6gcimBPnSVGjfdFIZ4
aYzyjb9TZYFIPVym51NUWMzit0tGGEcG6fm8aIRteMBA7g3P4dq2sEyUcpMe1qMR
YjeuIgLUGmEoczb69wy9Wn6tJnEziyl3DybbRHGCMsvjICppOKXarkbV33egDbO4
siQO1bsE07HOHMaveG3Xp5bLOkbMtSc8E8hWEcfuhwRBO1RRA6Wg7GVdfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKlGxj21p2+oI4QjDqk9oK1TBy3MB8GA1UdIwQY
MBaAFGRM266EsmqEhLEMAOv9+8tJkMFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYt
ZTAzNGY2NWU3ZjYwLzEvUXFVYkdQYlduYjZnamhDTU9xVDJnclZNSExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYtZTAzNGY2NWU3ZjYw
LzEvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufQQMA0G
CSqGSIb3DQEBCwUAA4IBAQCKCZKqxqv3MRyZww2auSexsmPq1Xqfe3vKat5nAdHm
GJb9v9BZ4DNJAq3FUgEMMoEu49hQHgqqvWH/ptEJ+oQt1EPIN6F3Dp3p9Wdl921P
41KAFPFavxpdNJId66tWi3/Z4ctSMqvLH77ZCp3PXQGPVJuLWZPaPHkaXZ7YFOJv
C07CrC3Z2oorvfXcmkjmXGy7lL+uXXAHH0hTgDjR3MCaJmagFlk8AVzlsU78hfDq
NJ1fxrkgQJh+v0klcMk56ca0pZJ8KLzYLG4Vz61dxW7Iz4pdBttUIq4yQCYGDNtE
mxNkJWrm4SMKgJzslriiaZsgtPyd4UJgRJrA07MeO1Zd
-----END CERTIFICATE-----