This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qL6J-7tPGND2GO4WizYGmFQqjBw.roa
File:                     qL6J-7tPGND2GO4WizYGmFQqjBw.roa (raw, json)
Hash identifier:          jhurxKFnbVqSYDjpd4/DFlpeyPtn8C+RePV8ubUXsYg=
Subject key identifier:   A8:BE:89:FB:BB:4F:18:D0:F6:18:EE:16:8B:36:06:98:54:2A:8C:1C
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F14535527027E0D67C898E8EB5499A6
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qL6J-7tPGND2GO4WizYGmFQqjBw.roa
Signing time:             Fri 02 Jan 2026 14:19:57 +0000
ROA not before:           Fri 02 Jan 2026 14:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135330
IP address blocks:        193.233.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:53:55:27:02:7e:0d:67:c8:98:e8:eb:54:99:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8be89fbbb4f18d0f618ee168b360698542a8c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cc:f0:32:8d:e3:39:0c:a2:99:b5:a9:4f:73:
                    3e:66:8e:e9:da:9c:ea:c2:a4:a6:8c:39:67:61:11:
                    47:40:70:42:61:33:e2:a8:47:5a:42:bf:ad:cc:31:
                    6d:0b:a8:a1:0e:10:73:63:4a:72:7b:84:d3:9a:7d:
                    d5:48:30:9f:b0:b0:20:db:0e:6e:58:47:6d:7c:e8:
                    9d:0d:6c:f2:55:13:39:61:3e:5c:8b:a3:70:ed:a8:
                    d8:ba:b4:1a:57:c2:85:41:8a:41:86:be:90:88:ff:
                    20:a2:31:83:24:50:80:63:2b:26:1f:b1:b1:52:2a:
                    98:0c:fe:75:35:4f:a8:f4:a8:87:67:cc:fb:71:68:
                    26:c8:fc:81:86:5a:fa:73:82:34:6e:da:0c:de:ac:
                    64:da:44:0c:0a:8f:c7:d7:2b:57:8e:7d:39:ae:b4:
                    ea:4f:e3:b1:a1:c2:6a:a7:36:0d:15:6d:cd:d0:ca:
                    b2:e9:bb:ae:7d:84:e1:b7:07:57:33:33:6c:aa:11:
                    06:94:24:ff:27:11:51:fc:52:12:94:4d:7e:f2:e8:
                    7a:41:e4:03:05:81:2e:15:36:70:66:7a:2b:a9:16:
                    46:79:6c:ff:6f:f2:d6:d0:5b:fe:7a:ca:ce:d3:47:
                    f5:41:9b:33:a0:70:3f:54:79:14:dd:89:42:11:f5:
                    c0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:BE:89:FB:BB:4F:18:D0:F6:18:EE:16:8B:36:06:98:54:2A:8C:1C
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qL6J-7tPGND2GO4WizYGmFQqjBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:a9:73:c5:6e:4a:d1:99:64:50:e3:65:76:10:a1:0c:c0:d5:
         37:bf:27:49:0e:a0:c7:ad:87:05:f3:a4:71:f2:e5:fa:3a:46:
         ca:12:b8:a1:eb:e5:5c:f3:b5:da:d6:a4:73:81:92:58:03:57:
         5d:e6:b8:e7:d1:17:07:ce:df:c8:41:4f:72:54:15:de:a2:24:
         0a:b6:78:ea:f8:ad:e3:5b:c4:8d:ef:9b:e2:85:8e:b1:4f:03:
         3d:06:ba:d9:57:f5:e3:fd:0e:f9:56:80:b7:ee:0e:b5:30:a7:
         90:16:47:66:9f:15:55:d3:97:a7:59:64:0b:b8:43:50:58:fe:
         69:ed:a0:9f:e2:9a:88:9d:c7:c9:28:e9:01:41:b4:82:33:6c:
         b1:c6:9d:6f:f9:bc:43:6a:10:3b:1e:61:47:1b:6d:f1:73:bc:
         09:9d:4c:7f:b6:89:1b:d1:3c:7a:3a:12:68:f4:fc:5e:a9:7f:
         59:76:1e:37:4e:06:09:a4:e2:76:ac:dc:e1:d9:9a:58:20:4c:
         21:b7:a9:67:89:0c:b8:e1:ae:85:6e:b7:20:54:80:f2:84:ed:
         72:3a:0e:d6:03:61:cf:51:da:30:3e:66:9e:19:b4:47:1d:db:
         97:19:f7:a2:49:3e:4a:12:4a:ed:a5:ba:c5:7e:b6:01:5f:95:
         e1:5c:a6:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFNVJwJ+DWfImOjrVJmmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGJlODlmYmJiNGYxOGQwZjYxOGVlMTY4YjM2MDY5ODU0MmE4YzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArczwMo3jOQyimbWpT3M+Zo7p2pzq
wqSmjDlnYRFHQHBCYTPiqEdaQr+tzDFtC6ihDhBzY0pye4TTmn3VSDCfsLAg2w5u
WEdtfOidDWzyVRM5YT5ci6Nw7ajYurQaV8KFQYpBhr6QiP8gojGDJFCAYysmH7Gx
UiqYDP51NU+o9KiHZ8z7cWgmyPyBhlr6c4I0btoM3qxk2kQMCo/H1ytXjn05rrTq
T+OxocJqpzYNFW3N0Mqy6buufYThtwdXMzNsqhEGlCT/JxFR/FISlE1+8uh6QeQD
BYEuFTZwZnorqRZGeWz/b/LW0Fv+esrO00f1QZszoHA/VHkU3YlCEfXA7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKi+ifu7TxjQ9hjuFos2BphUKowcMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvcUw2Si03dFBHTkQyR080V2l6WUdtRlFxakJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwenBMA0G
CSqGSIb3DQEBCwUAA4IBAQAbqXPFbkrRmWRQ42V2EKEMwNU3vydJDqDHrYcF86Rx
8uX6OkbKErih6+Vc87Xa1qRzgZJYA1dd5rjn0RcHzt/IQU9yVBXeoiQKtnjq+K3j
W8SN75vihY6xTwM9BrrZV/Xj/Q75VoC37g61MKeQFkdmnxVV05enWWQLuENQWP5p
7aCf4pqIncfJKOkBQbSCM2yxxp1v+bxDahA7HmFHG23xc7wJnUx/tokb0Tx6OhJo
9PxeqX9Zdh43TgYJpOJ2rNzh2ZpYIEwht6lniQy44a6FbrcgVIDyhO1yOg7WA2HP
UdowPmaeGbRHHduXGfeiST5KEkrtpbrFfrYBX5XhXKYw
-----END CERTIFICATE-----