This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/QzSn7_MvD-krfzVQr82060hV_uI.roa
File:                     QzSn7_MvD-krfzVQr82060hV_uI.roa (raw, json)
Hash identifier:          6BxiAS1MqQVVxcupc1s9IZHFBYfQSIKRY5kWLrhudOY=
Subject key identifier:   43:34:A7:EF:F3:2F:0F:E9:2B:7F:35:50:AF:CD:B4:EB:48:55:FE:E2
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019BD00D1D9DCAC424E614361A7575B75F48
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/QzSn7_MvD-krfzVQr82060hV_uI.roa
Signing time:             Sun 18 Jan 2026 07:41:19 +0000
ROA not before:           Sun 18 Jan 2026 07:41:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        85.239.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:d0:0d:1d:9d:ca:c4:24:e6:14:36:1a:75:75:b7:5f:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jan 18 07:41:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4334a7eff32f0fe92b7f3550afcdb4eb4855fee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3c:57:54:b6:e9:b7:2f:19:61:24:75:19:97:
                    68:0a:c0:20:97:02:06:9d:ac:6f:78:09:4b:cc:90:
                    00:84:0e:e8:f1:f2:a7:c2:e8:ec:15:00:d9:ea:e6:
                    9a:f7:20:2b:56:e8:14:0c:f1:e3:16:75:45:03:f5:
                    ff:43:cd:29:62:1f:f1:db:b3:18:73:8a:45:e8:03:
                    85:6b:2e:be:b6:78:97:62:aa:d6:33:6d:b1:c9:8a:
                    d8:f9:ae:68:9b:85:8f:ba:62:76:04:1a:be:66:a2:
                    ca:62:fa:10:bf:e8:b2:53:3b:a5:e4:b8:e0:1b:8a:
                    21:8b:3b:28:72:0a:9a:6c:17:5b:2b:7a:27:6f:27:
                    ca:25:14:77:c3:b9:61:be:3f:05:9a:fc:69:2e:6b:
                    8e:c0:ec:c0:d6:11:5a:4a:d5:9c:09:1f:31:06:fb:
                    dd:77:60:77:d3:bc:52:2a:42:a6:ae:55:a5:d4:15:
                    30:90:01:b2:77:43:bb:32:f3:b5:97:2c:3a:d6:04:
                    7d:2b:06:46:70:53:b3:a7:7a:55:7b:bd:80:b7:a2:
                    6e:08:20:25:00:c2:74:bb:63:ad:aa:6f:2e:1c:9a:
                    3a:56:00:ff:49:94:9a:b3:a0:9e:50:73:4b:3c:5b:
                    f7:eb:65:b0:ea:04:29:fe:4e:d6:49:ab:16:81:44:
                    d5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:34:A7:EF:F3:2F:0F:E9:2B:7F:35:50:AF:CD:B4:EB:48:55:FE:E2
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/QzSn7_MvD-krfzVQr82060hV_uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:eb:e2:3a:c0:91:2b:5a:02:6d:fb:7a:77:61:4d:92:96:03:
         c1:14:64:de:79:9d:18:59:29:17:6d:bb:87:6e:af:3b:1c:6c:
         fc:7e:87:b0:25:1a:87:f3:be:22:0c:06:85:b9:df:17:b1:e4:
         e5:90:0b:81:72:0f:8e:01:26:ad:6b:c7:50:52:b1:0c:58:6f:
         09:00:43:7a:f6:fb:06:95:85:67:94:2d:6e:23:0f:93:7d:ff:
         f2:2d:fc:6f:e9:e1:01:70:57:5e:2c:66:fa:75:63:23:26:61:
         f3:d8:a0:0b:99:c8:d3:cf:38:f7:ad:22:db:be:ea:36:01:c2:
         96:2b:57:5a:03:bd:f7:b0:17:a6:86:ba:bb:cb:0a:53:e0:71:
         37:26:b8:4f:d5:4e:33:f3:f9:21:cd:05:0b:77:3f:ed:c4:5f:
         f2:96:2c:bc:55:15:f3:5d:7e:d5:1a:a6:a4:0e:c8:93:d7:2b:
         21:ac:dc:ee:d1:83:e1:3a:a1:e1:ab:d3:71:59:c2:32:ba:7e:
         71:45:17:64:bf:8d:dd:08:5b:9e:61:2e:32:f0:b3:19:ba:d3:
         a8:a8:c1:85:e7:a6:54:47:aa:56:87:73:54:c1:56:08:07:40:
         22:1c:c0:78:e5:49:dd:bb:f9:de:28:c0:2f:c2:1b:b4:b5:ca:
         09:87:1d:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvQDR2dysQk5hQ2GnV1t19IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMTE4MDc0MTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM0YTdlZmYzMmYwZmU5MmI3ZjM1NTBhZmNkYjRlYjQ4NTVmZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzxXVLbpty8ZYSR1GZdoCsAglwIG
naxveAlLzJAAhA7o8fKnwujsFQDZ6uaa9yArVugUDPHjFnVFA/X/Q80pYh/x27MY
c4pF6AOFay6+tniXYqrWM22xyYrY+a5om4WPumJ2BBq+ZqLKYvoQv+iyUzul5Ljg
G4ohizsocgqabBdbK3onbyfKJRR3w7lhvj8FmvxpLmuOwOzA1hFaStWcCR8xBvvd
d2B307xSKkKmrlWl1BUwkAGyd0O7MvO1lyw61gR9KwZGcFOzp3pVe72At6JuCCAl
AMJ0u2Otqm8uHJo6VgD/SZSas6CeUHNLPFv362Ww6gQp/k7WSasWgUTV1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM0p+/zLw/pK381UK/NtOtIVf7iMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvUXpTbjdfTXZELWtyZnpWUXI4MjA2MGhWX3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+YMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ6+I6wJErWgJt+3p3YU2SlgPBFGTeeZ0YWSkXbbuH
bq87HGz8foewJRqH874iDAaFud8XseTlkAuBcg+OASata8dQUrEMWG8JAEN69vsG
lYVnlC1uIw+Tff/yLfxv6eEBcFdeLGb6dWMjJmHz2KALmcjTzzj3rSLbvuo2AcKW
K1daA733sBemhrq7ywpT4HE3JrhP1U4z8/khzQULdz/txF/yliy8VRXzXX7VGqak
DsiT1yshrNzu0YPhOqHhq9NxWcIyun5xRRdkv43dCFueYS4y8LMZutOoqMGF56ZU
R6pWh3NUwVYIB0AiHMB45Undu/neKMAvwhu0tcoJhx03
-----END CERTIFICATE-----