This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qIRw0Pb3aXC2AfKkGduaKQMUszA.roa
File:                     qIRw0Pb3aXC2AfKkGduaKQMUszA.roa (raw, json)
Hash identifier:          uNBmJJCny79eOEdNMXP4IkhvrQhFluhFvU33sREiy5E=
Subject key identifier:   A8:84:70:D0:F6:F7:69:70:B6:01:F2:A4:19:DB:9A:29:03:14:B3:30
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F1469011EA39E0EF273021620BE1FB6
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qIRw0Pb3aXC2AfKkGduaKQMUszA.roa
Signing time:             Fri 02 Jan 2026 14:20:02 +0000
ROA not before:           Fri 02 Jan 2026 14:20:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212414
IP address blocks:        193.233.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:69:01:1e:a3:9e:0e:f2:73:02:16:20:be:1f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:20:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a88470d0f6f76970b601f2a419db9a290314b330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9c:8c:81:66:de:13:4c:1e:6f:09:bc:95:16:
                    65:4a:15:3e:06:69:c7:1d:20:4a:eb:51:46:4b:71:
                    90:bc:0f:bd:77:17:58:8a:2b:e2:c5:ce:e0:a3:98:
                    7b:a0:67:dc:33:89:0b:12:97:3a:40:b3:40:fc:e5:
                    a5:d8:28:e5:2b:a9:c2:92:39:d3:12:0f:77:72:da:
                    10:50:bc:ff:0b:c0:d1:ea:e2:90:c6:97:d7:de:b8:
                    5a:99:00:e1:1d:53:a8:81:e9:2a:25:c3:d4:7a:e7:
                    e2:20:e6:4f:ca:71:f1:10:6d:de:0c:13:42:ac:c1:
                    47:4b:75:36:e9:20:19:7e:76:90:fb:b9:1e:74:b9:
                    93:0a:3c:30:bd:73:b2:0a:a6:aa:f7:a1:47:86:0a:
                    09:48:2f:fa:5b:56:18:62:36:d4:ba:7a:02:c7:a7:
                    d3:6f:1a:dd:13:24:c5:54:a0:0f:8d:3d:9e:0d:d3:
                    e0:60:ae:06:ef:a5:c2:95:63:69:c1:b2:8b:44:18:
                    3a:38:d6:53:9c:56:28:07:67:f7:2d:1f:86:9b:8e:
                    83:d2:5d:ca:f0:8c:45:bb:4a:b0:18:37:02:e4:a1:
                    3c:b5:43:95:53:a2:9b:a5:9e:c3:06:a0:ba:d7:09:
                    b2:25:35:cd:d8:f5:66:d8:79:31:22:24:c3:72:9a:
                    0c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:84:70:D0:F6:F7:69:70:B6:01:F2:A4:19:DB:9A:29:03:14:B3:30
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qIRw0Pb3aXC2AfKkGduaKQMUszA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:f3:63:ac:9f:ae:41:af:65:37:01:b8:b0:9a:da:b3:28:06:
         57:f2:67:61:87:5f:2a:fa:04:e9:67:3b:35:b8:3f:be:43:4e:
         24:d0:f4:ee:d3:30:62:d4:13:df:d3:64:18:0e:6f:fb:bb:22:
         f2:bc:9c:5a:ab:a2:8f:83:7f:54:4e:c0:a6:0c:bb:79:2c:5b:
         6e:e2:c7:e0:24:ad:ac:29:f6:9c:02:7a:bb:f4:d4:ef:3a:f7:
         4d:c6:6f:67:4e:7e:e9:ad:9a:88:58:b9:9b:09:98:dc:a3:ec:
         6f:24:f4:36:48:f3:39:8d:9e:02:6a:3a:99:8c:be:3e:8f:44:
         c7:02:85:69:ad:19:ce:38:35:6b:8b:02:f6:53:2d:68:92:cf:
         88:0f:f1:0c:62:4b:db:fe:54:42:f5:05:4a:a9:a9:2b:1b:37:
         73:9c:9e:87:16:fd:5e:9c:9d:60:5f:7c:71:e3:43:3c:8c:fa:
         be:79:8e:1f:e4:42:91:e6:e1:6b:91:75:4f:c4:64:3b:99:09:
         3a:92:3e:3b:7b:e3:07:82:ea:e1:89:75:b9:cc:3b:59:01:2f:
         7a:fc:af:c5:e2:77:d6:a5:1c:a2:58:12:cb:35:36:45:a0:b3:
         9c:e3:bf:dd:92:16:e7:90:77:7a:10:65:32:54:a8:1a:fe:94:
         5d:a4:df:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FGkBHqOeDvJzAhYgvh+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQyMDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODg0NzBkMGY2Zjc2OTcwYjYwMWYyYTQxOWRiOWEyOTAzMTRiMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJyMgWbeE0webwm8lRZlShU+BmnH
HSBK61FGS3GQvA+9dxdYiivixc7go5h7oGfcM4kLEpc6QLNA/OWl2CjlK6nCkjnT
Eg93ctoQULz/C8DR6uKQxpfX3rhamQDhHVOogekqJcPUeufiIOZPynHxEG3eDBNC
rMFHS3U26SAZfnaQ+7kedLmTCjwwvXOyCqaq96FHhgoJSC/6W1YYYjbUunoCx6fT
bxrdEyTFVKAPjT2eDdPgYK4G76XClWNpwbKLRBg6ONZTnFYoB2f3LR+Gm46D0l3K
8IxFu0qwGDcC5KE8tUOVU6KbpZ7DBqC61wmyJTXN2PVm2HkxIiTDcpoMeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiEcND292lwtgHypBnbmikDFLMwMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvcUlSdzBQYjNhWEMyQWZLa0dkdWFLUU1Vc3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwelMMA0G
CSqGSIb3DQEBCwUAA4IBAQBA82Osn65Br2U3AbiwmtqzKAZX8mdhh18q+gTpZzs1
uD++Q04k0PTu0zBi1BPf02QYDm/7uyLyvJxaq6KPg39UTsCmDLt5LFtu4sfgJK2s
KfacAnq79NTvOvdNxm9nTn7prZqIWLmbCZjco+xvJPQ2SPM5jZ4CajqZjL4+j0TH
AoVprRnOODVriwL2Uy1oks+ID/EMYkvb/lRC9QVKqakrGzdznJ6HFv1enJ1gX3xx
40M8jPq+eY4f5EKR5uFrkXVPxGQ7mQk6kj47e+MHgurhiXW5zDtZAS96/K/F4nfW
pRyiWBLLNTZFoLOc47/dkhbnkHd6EGUyVKga/pRdpN8p
-----END CERTIFICATE-----