This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/2QQChTDwIOQycovI2YsVvoZPz2I.roa
File:                     2QQChTDwIOQycovI2YsVvoZPz2I.roa (raw, json)
Hash identifier:          CH9BbZ7Au7IxXqkLtHNUF65I74hoA0C1m5kNxLVSkng=
Subject key identifier:   D9:04:02:85:30:F0:20:E4:32:72:8B:C8:D9:8B:15:BE:86:4F:CF:62
Certificate issuer:       /CN=abe0a8a462d0de1f4d3012c3e39e5cda603e8f91
Certificate serial:       019B7BA46AE0184FF41631BDC125861D616D
Authority key identifier: AB:E0:A8:A4:62:D0:DE:1F:4D:30:12:C3:E3:9E:5C:DA:60:3E:8F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q-CopGLQ3h9NMBLD455c2mA-j5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/2QQChTDwIOQycovI2YsVvoZPz2I.roa
Signing time:             Thu 01 Jan 2026 22:18:51 +0000
ROA not before:           Thu 01 Jan 2026 22:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58125
IP address blocks:        91.239.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/q-CopGLQ3h9NMBLD455c2mA-j5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/q-CopGLQ3h9NMBLD455c2mA-j5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q-CopGLQ3h9NMBLD455c2mA-j5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:6a:e0:18:4f:f4:16:31:bd:c1:25:86:1d:61:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abe0a8a462d0de1f4d3012c3e39e5cda603e8f91
        Validity
            Not Before: Jan  1 22:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d904028530f020e432728bc8d98b15be864fcf62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1a:f5:29:59:76:0c:f0:17:2c:3e:d5:3c:08:
                    f4:a8:fb:bb:6f:08:02:1c:f1:0d:ee:95:79:44:42:
                    7c:86:57:3c:43:1b:af:c8:02:e1:01:d8:80:42:11:
                    06:be:80:dd:95:23:c4:6f:30:a1:ad:26:9e:17:5d:
                    93:be:a6:b2:81:1d:62:0c:9a:e4:8c:f2:4a:18:69:
                    38:72:ae:88:0d:35:77:3b:2d:b9:51:18:ae:a6:ec:
                    03:97:e4:cd:43:46:40:0d:d7:4e:de:f0:a1:7a:35:
                    71:06:9e:26:14:ce:29:4d:88:61:fe:2b:9d:b9:13:
                    e0:49:2b:d1:91:b7:83:4e:94:be:22:44:06:ab:83:
                    2b:de:a2:44:5e:3b:6e:2f:7c:c6:3c:9f:66:a3:7d:
                    45:59:44:c3:7b:01:73:84:5a:11:05:d7:a1:70:6a:
                    2d:9c:13:31:a0:94:5b:ee:bb:6b:ea:81:43:e8:33:
                    b5:67:8b:91:5a:80:50:7c:6a:be:94:63:70:80:f0:
                    7f:53:23:66:53:36:73:fa:c7:3c:08:d2:fa:86:15:
                    ec:c9:c1:fa:d8:c8:b3:07:e4:47:1d:67:8c:36:77:
                    f7:0b:c3:ce:cb:02:58:1e:20:77:95:19:c6:cd:05:
                    00:b5:bd:12:e6:d0:da:db:e2:83:8a:bc:75:c9:17:
                    7b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:04:02:85:30:F0:20:E4:32:72:8B:C8:D9:8B:15:BE:86:4F:CF:62
            X509v3 Authority Key Identifier:
                keyid:AB:E0:A8:A4:62:D0:DE:1F:4D:30:12:C3:E3:9E:5C:DA:60:3E:8F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q-CopGLQ3h9NMBLD455c2mA-j5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/2QQChTDwIOQycovI2YsVvoZPz2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/q-CopGLQ3h9NMBLD455c2mA-j5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:93:a1:de:17:a8:8b:f6:f8:9a:c2:6c:74:f8:27:1f:ce:6a:
         4c:57:f1:9b:31:6a:c8:d3:04:84:a0:f8:07:81:18:0e:1e:99:
         6c:18:fd:9f:1a:2f:19:b0:79:3d:00:1b:bf:43:6f:85:8d:5a:
         84:d7:f2:dd:e8:65:9e:11:70:e0:c5:ec:e2:ab:e6:7c:c2:4a:
         ab:6b:84:d8:19:f1:82:42:23:81:e1:fe:7b:aa:56:9f:58:dc:
         02:f8:88:4b:2b:f9:97:e6:87:ab:27:fa:e6:8f:20:ed:66:86:
         ca:96:93:92:f9:74:c7:fc:dc:c6:db:4a:25:5d:12:d7:e5:a2:
         05:67:3f:ac:b3:2e:27:1d:17:52:2d:f2:d9:9d:23:ea:5b:06:
         3f:bd:3c:4a:1e:0c:d1:1b:1a:0d:e6:19:2e:94:04:40:43:3b:
         15:8e:78:d8:5c:34:ea:ac:11:56:16:c3:3c:85:05:58:d2:0b:
         1d:26:a0:d7:84:25:b7:f4:12:3c:ee:82:b2:5a:3a:92:04:a2:
         d8:d0:c1:96:2e:72:6c:79:71:33:ba:e7:98:ca:51:f1:85:c9:
         3c:ce:f3:a5:2c:1a:65:ca:f2:ce:73:94:55:16:b3:04:9a:82:
         38:73:f3:16:c4:8b:d8:83:84:a0:b6:ae:6d:d5:46:7a:e2:b4:
         8f:0e:fc:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pGrgGE/0FjG9wSWGHWFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZTBhOGE0NjJkMGRlMWY0ZDMwMTJjM2UzOWU1Y2RhNjAz
ZThmOTEwHhcNMjYwMTAxMjIxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTA0MDI4NTMwZjAyMGU0MzI3MjhiYzhkOThiMTViZTg2NGZjZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxr1KVl2DPAXLD7VPAj0qPu7bwgC
HPEN7pV5REJ8hlc8QxuvyALhAdiAQhEGvoDdlSPEbzChrSaeF12TvqaygR1iDJrk
jPJKGGk4cq6IDTV3Oy25URiupuwDl+TNQ0ZADddO3vChejVxBp4mFM4pTYhh/iud
uRPgSSvRkbeDTpS+IkQGq4Mr3qJEXjtuL3zGPJ9mo31FWUTDewFzhFoRBdehcGot
nBMxoJRb7rtr6oFD6DO1Z4uRWoBQfGq+lGNwgPB/UyNmUzZz+sc8CNL6hhXsycH6
2MizB+RHHWeMNnf3C8POywJYHiB3lRnGzQUAtb0S5tDa2+KDirx1yRd7DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkEAoUw8CDkMnKLyNmLFb6GT89iMB8GA1UdIwQY
MBaAFKvgqKRi0N4fTTASw+OeXNpgPo+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcS1Db3BHTFEzaDlOTUJMRDQ1NWMybUEtajVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9kZWMzMWMtZGNkNC00ZGE3LTlkZGEt
YzRhMDdkNjE2ODlkLzEvMlFRQ2hURHdJT1F5Y292STJZc1Z2b1pQejJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9kZWMzMWMtZGNkNC00ZGE3LTlkZGEtYzRhMDdkNjE2ODlk
LzEvcS1Db3BHTFEzaDlOTUJMRDQ1NWMybUEtajVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+8OMA0G
CSqGSIb3DQEBCwUAA4IBAQACk6HeF6iL9viawmx0+CcfzmpMV/GbMWrI0wSEoPgH
gRgOHplsGP2fGi8ZsHk9ABu/Q2+FjVqE1/Ld6GWeEXDgxeziq+Z8wkqra4TYGfGC
QiOB4f57qlafWNwC+IhLK/mX5oerJ/rmjyDtZobKlpOS+XTH/NzG20olXRLX5aIF
Zz+ssy4nHRdSLfLZnSPqWwY/vTxKHgzRGxoN5hkulARAQzsVjnjYXDTqrBFWFsM8
hQVY0gsdJqDXhCW39BI87oKyWjqSBKLY0MGWLnJseXEzuueYylHxhck8zvOlLBpl
yvLOc5RVFrMEmoI4c/MWxIvYg4Sgtq5t1UZ64rSPDvw5
-----END CERTIFICATE-----