This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qlPyoun7arRfaPx5F5sUxGFkoCU.roa
File:                     qlPyoun7arRfaPx5F5sUxGFkoCU.roa (raw, json)
Hash identifier:          aH1YUL3QtwS4h1PIOZfeAvsmSvy7dwwAriXpePCN0ng=
Subject key identifier:   AA:53:F2:A2:E9:FB:6A:B4:5F:68:FC:79:17:9B:14:C4:61:64:A0:25
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019B7E37B5FFF75688AE75F29D41E61C8FFF
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qlPyoun7arRfaPx5F5sUxGFkoCU.roa
Signing time:             Fri 02 Jan 2026 10:18:58 +0000
ROA not before:           Fri 02 Jan 2026 10:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        62.169.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 16:20:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:b5:ff:f7:56:88:ae:75:f2:9d:41:e6:1c:8f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  2 10:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa53f2a2e9fb6ab45f68fc79179b14c46164a025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d0:89:aa:9f:e6:0a:ea:3f:a8:bd:f6:4b:23:
                    52:db:2e:f6:ab:1d:57:f2:e7:58:02:82:8d:b1:40:
                    20:9a:49:ec:24:7e:94:89:5e:66:4b:f9:c8:c1:2b:
                    da:c1:01:51:75:af:d3:ae:23:e0:e8:0e:29:ff:a0:
                    77:a5:ce:04:95:b5:d5:47:f7:cb:de:bb:9e:0d:a9:
                    f8:38:0c:96:ef:3f:fd:07:93:b7:e8:80:bf:23:11:
                    7c:4d:69:0e:64:eb:35:c2:d5:98:35:db:b0:67:28:
                    55:74:f6:e2:fb:1c:2f:e0:f7:d6:d8:c0:36:21:ee:
                    2c:90:0f:af:5e:90:c8:ef:10:41:20:cb:99:28:41:
                    d3:9d:ae:e3:12:34:41:a1:fc:c9:b0:98:27:ce:d7:
                    b7:3e:3a:72:f4:bc:af:3f:18:cf:11:85:df:19:d4:
                    a0:93:a6:f1:b6:c6:bb:4a:b4:5f:7d:62:29:82:70:
                    45:d6:9b:8b:1e:6f:0b:0b:a1:15:6b:c7:58:14:0a:
                    7c:a0:fc:8b:fe:56:9c:a7:95:92:a9:8f:03:97:03:
                    5e:8a:90:3b:4a:70:8d:6d:bc:ee:84:b8:44:0a:53:
                    ca:74:7b:92:fc:a0:07:54:22:e5:4a:6a:fc:78:d3:
                    06:07:f7:29:3d:96:2c:21:97:cf:82:ad:84:6b:4e:
                    69:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:53:F2:A2:E9:FB:6A:B4:5F:68:FC:79:17:9B:14:C4:61:64:A0:25
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/qlPyoun7arRfaPx5F5sUxGFkoCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dd:e0:80:fc:0c:bc:f0:b1:bb:a2:18:6a:a7:8b:42:f1:42:98:
         11:dc:aa:36:7b:8c:65:83:20:c9:16:46:b2:a9:a5:8d:b8:d5:
         26:82:e5:3d:9d:85:3e:4e:0e:df:66:1c:d4:ff:a7:ab:35:8f:
         c6:f5:c1:3f:e0:70:36:ad:98:a9:a6:6b:38:1e:cd:6b:41:64:
         e4:86:18:28:16:a1:fa:5c:81:91:18:3a:0c:2f:37:4e:f8:91:
         ca:cd:ae:d0:6a:ce:c3:33:35:2e:ef:26:b6:ed:6f:a1:eb:f3:
         c7:fc:66:a2:41:77:0c:03:9d:6d:ad:a2:ec:a8:7d:c8:99:a8:
         ea:ce:4a:ff:25:6a:30:2f:23:12:bb:c5:04:10:d7:3e:97:08:
         3a:28:89:39:ab:f1:c9:03:c2:cd:67:51:e3:a5:11:2d:0d:b9:
         af:50:58:2a:1f:3f:ad:cd:b3:55:51:06:9e:80:98:ab:c4:c7:
         2a:64:5f:75:bc:07:de:07:9b:52:90:e1:ce:c7:96:7f:e1:3c:
         a5:65:c4:df:08:65:f2:d0:71:f0:5c:10:13:b7:18:22:ba:b5:
         b8:82:de:83:d9:db:e5:b0:14:12:b4:0c:39:e0:8b:f2:52:aa:
         af:0b:8c:c4:32:00:93:d4:f7:fa:33:e3:46:bb:17:82:c2:10:
         b3:17:a3:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N7X/91aIrnXynUHmHI//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMTAyMTAxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTUzZjJhMmU5ZmI2YWI0NWY2OGZjNzkxNzliMTRjNDYxNjRhMDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19CJqp/mCuo/qL32SyNS2y72qx1X
8udYAoKNsUAgmknsJH6UiV5mS/nIwSvawQFRda/TriPg6A4p/6B3pc4ElbXVR/fL
3rueDan4OAyW7z/9B5O36IC/IxF8TWkOZOs1wtWYNduwZyhVdPbi+xwv4PfW2MA2
Ie4skA+vXpDI7xBBIMuZKEHTna7jEjRBofzJsJgnzte3Pjpy9LyvPxjPEYXfGdSg
k6bxtsa7SrRffWIpgnBF1puLHm8LC6EVa8dYFAp8oPyL/lacp5WSqY8DlwNeipA7
SnCNbbzuhLhEClPKdHuS/KAHVCLlSmr8eNMGB/cpPZYsIZfPgq2Ea05pLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpT8qLp+2q0X2j8eRebFMRhZKAlMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcWxQeW91bjdhclJmYVB4NUY1c1V4R0Zrb0NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqmCMA0G
CSqGSIb3DQEBCwUAA4IBAQDd4ID8DLzwsbuiGGqni0LxQpgR3Ko2e4xlgyDJFkay
qaWNuNUmguU9nYU+Tg7fZhzU/6erNY/G9cE/4HA2rZippms4Hs1rQWTkhhgoFqH6
XIGRGDoMLzdO+JHKza7Qas7DMzUu7ya27W+h6/PH/GaiQXcMA51traLsqH3Imajq
zkr/JWowLyMSu8UEENc+lwg6KIk5q/HJA8LNZ1HjpREtDbmvUFgqHz+tzbNVUQae
gJirxMcqZF91vAfeB5tSkOHOx5Z/4TylZcTfCGXy0HHwXBATtxgiurW4gt6D2dvl
sBQStAw54IvyUqqvC4zEMgCT1Pf6M+NGuxeCwhCzF6Oe
-----END CERTIFICATE-----