This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/QTj2rWtF102-zkq4FB91dVQDunM.roa
File:                     QTj2rWtF102-zkq4FB91dVQDunM.roa (raw, json)
Hash identifier:          1lI8W4TaqEFSyMRF8rItgY5NGvTzSeJ9vEchB5jfowo=
Subject key identifier:   41:38:F6:AD:6B:45:D7:4D:BE:CE:4A:B8:14:1F:75:75:54:03:BA:73
Certificate issuer:       /CN=a5a975239fdd443b7d3d82e392a9e4ae39218ef6
Certificate serial:       019B7B35EBAF67C98CA58F732918B38B9957
Authority key identifier: A5:A9:75:23:9F:DD:44:3B:7D:3D:82:E3:92:A9:E4:AE:39:21:8E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/QTj2rWtF102-zkq4FB91dVQDunM.roa
Signing time:             Thu 01 Jan 2026 20:18:09 +0000
ROA not before:           Thu 01 Jan 2026 20:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        193.36.66.0/24 maxlen: 24
                          193.36.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:eb:af:67:c9:8c:a5:8f:73:29:18:b3:8b:99:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a975239fdd443b7d3d82e392a9e4ae39218ef6
        Validity
            Not Before: Jan  1 20:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4138f6ad6b45d74dbece4ab8141f75755403ba73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:dc:60:21:3c:79:ab:73:f7:c8:0f:3c:92:8e:
                    90:8b:bd:72:b6:35:f6:8a:f4:bc:1f:b6:62:45:a3:
                    01:95:86:bf:e5:29:50:2d:af:95:a1:fc:df:a9:06:
                    01:19:5d:dd:4c:56:91:39:ae:fc:bd:b0:94:4a:cc:
                    8b:b2:fa:62:f4:39:59:6a:63:7a:c3:96:43:a5:84:
                    a1:d9:fe:18:d2:45:55:a8:4c:8b:6b:ce:8b:2f:0c:
                    b9:7b:81:de:cf:b5:17:ba:31:f6:e9:9f:29:20:74:
                    50:2a:8f:45:65:4b:71:12:5a:30:b1:36:5a:9f:de:
                    c4:b0:50:2a:6b:c2:6c:b8:42:6b:67:86:f9:bc:ba:
                    2b:92:47:bd:dd:8f:6c:76:2d:8d:a0:e6:4f:50:f1:
                    dd:18:59:cf:97:ac:51:2c:99:aa:ae:ce:14:73:3b:
                    33:58:e3:e0:1f:cc:ca:1c:b5:be:97:7e:8c:8e:f0:
                    9a:83:b8:2c:dd:a4:d9:54:71:df:39:40:29:5e:8f:
                    b0:b4:6a:a5:a1:72:93:3c:b1:70:2f:9b:44:4c:0a:
                    1d:0b:51:0a:4b:73:21:7a:ad:02:d5:39:30:58:1a:
                    17:ca:15:19:71:08:0e:b3:a3:8a:84:98:a1:d6:f7:
                    5d:eb:ad:0a:a4:53:e8:39:e6:74:7d:5b:b3:b2:cf:
                    cb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:38:F6:AD:6B:45:D7:4D:BE:CE:4A:B8:14:1F:75:75:54:03:BA:73
            X509v3 Authority Key Identifier:
                keyid:A5:A9:75:23:9F:DD:44:3B:7D:3D:82:E3:92:A9:E4:AE:39:21:8E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/QTj2rWtF102-zkq4FB91dVQDunM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:e3:ad:71:17:6c:b7:54:fd:09:2f:a8:4f:1d:b3:3d:55:25:
         ae:39:aa:20:9f:2d:24:ee:d7:11:08:4f:28:ff:59:38:bc:dc:
         25:c0:30:2b:33:59:f2:84:03:36:81:ba:3d:60:32:37:44:45:
         c2:c9:3e:eb:7a:b6:17:7e:3a:e8:2a:7d:3a:b6:e4:e0:0b:27:
         1f:56:87:44:b4:55:23:41:5a:c2:90:e0:10:dd:1d:01:5d:6a:
         b9:8c:36:9d:e0:62:66:13:e3:22:f3:71:44:1e:d1:61:18:ca:
         3f:89:1d:78:45:1d:9f:29:77:33:dc:5b:6c:1c:9b:df:33:21:
         08:c2:ec:5b:91:40:5c:0b:a1:e3:d0:9c:9d:1a:77:1f:50:64:
         1e:ce:5f:79:f5:66:1a:52:ad:84:cf:d6:20:f0:cd:c2:b8:90:
         ad:e5:8d:11:39:20:6e:61:fa:f9:db:55:b5:b5:ed:f4:7f:18:
         b5:45:28:07:c5:25:99:db:1f:75:d0:0b:a1:3a:0a:d7:25:e9:
         59:47:60:a9:2b:fa:d2:73:75:ae:eb:12:de:c6:c8:d3:bf:4a:
         f6:34:dc:c9:70:48:f5:9b:bf:62:f7:1b:d8:5b:a8:d1:7f:df:
         48:17:4e:b0:59:ed:b5:ac:bd:3e:e5:38:c2:05:db:23:73:35:
         9a:b0:a1:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NeuvZ8mMpY9zKRizi5lXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTk3NTIzOWZkZDQ0M2I3ZDNkODJlMzkyYTllNGFlMzky
MThlZjYwHhcNMjYwMTAxMjAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM4ZjZhZDZiNDVkNzRkYmVjZTRhYjgxNDFmNzU3NTU0MDNiYTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndxgITx5q3P3yA88ko6Qi71ytjX2
ivS8H7ZiRaMBlYa/5SlQLa+VofzfqQYBGV3dTFaROa78vbCUSsyLsvpi9DlZamN6
w5ZDpYSh2f4Y0kVVqEyLa86LLwy5e4Hez7UXujH26Z8pIHRQKo9FZUtxElowsTZa
n97EsFAqa8JsuEJrZ4b5vLorkke93Y9sdi2NoOZPUPHdGFnPl6xRLJmqrs4Uczsz
WOPgH8zKHLW+l36MjvCag7gs3aTZVHHfOUApXo+wtGqloXKTPLFwL5tETAodC1EK
S3Mheq0C1TkwWBoXyhUZcQgOs6OKhJih1vdd660KpFPoOeZ0fVuzss/LaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEE49q1rRddNvs5KuBQfdXVUA7pzMB8GA1UdIwQY
MBaAFKWpdSOf3UQ7fT2C45Kp5K45IY72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFsMUk1X2RSRHQ5UFlMamtxbmtyamtoanZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mMjcwMGItOTg1My00MTcyLTlhNjEt
YTY5MTQ0OGIyZWM0LzEvUVRqMnJXdEYxMDItemtxNEZCOTFkVlFEdW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mMjcwMGItOTg1My00MTcyLTlhNjEtYTY5MTQ0OGIyZWM0
LzEvcGFsMUk1X2RSRHQ5UFlMamtxbmtyamtoanZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSRCMA0G
CSqGSIb3DQEBCwUAA4IBAQB7461xF2y3VP0JL6hPHbM9VSWuOaogny0k7tcRCE8o
/1k4vNwlwDArM1nyhAM2gbo9YDI3REXCyT7rerYXfjroKn06tuTgCycfVodEtFUj
QVrCkOAQ3R0BXWq5jDad4GJmE+Mi83FEHtFhGMo/iR14RR2fKXcz3FtsHJvfMyEI
wuxbkUBcC6Hj0JydGncfUGQezl959WYaUq2Ez9Yg8M3CuJCt5Y0ROSBuYfr521W1
te30fxi1RSgHxSWZ2x910AuhOgrXJelZR2CpK/rSc3Wu6xLexsjTv0r2NNzJcEj1
m79i9xvYW6jRf99IF06wWe21rL0+5TjCBdsjczWasKHF
-----END CERTIFICATE-----