This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/qXh9AMe7xE4uO46-Ymaxr9a8PUM.roa
File:                     qXh9AMe7xE4uO46-Ymaxr9a8PUM.roa (raw, json)
Hash identifier:          /3Mq5FQyv/AJu75wvgXwj60bCExtzaEw7mlWL7k9idU=
Subject key identifier:   A9:78:7D:00:C7:BB:C4:4E:2E:3B:8E:BE:62:66:B1:AF:D6:BC:3D:43
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B3552E0ECB2C7C7EEE44541EDD98760
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/qXh9AMe7xE4uO46-Ymaxr9a8PUM.roa
Signing time:             Thu 01 Jan 2026 20:17:30 +0000
ROA not before:           Thu 01 Jan 2026 20:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3333
IP address blocks:        193.230.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:52:e0:ec:b2:c7:c7:ee:e4:45:41:ed:d9:87:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9787d00c7bbc44e2e3b8ebe6266b1afd6bc3d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2d:d3:2a:0f:28:8b:3e:aa:fa:c1:7e:27:03:
                    62:db:f3:81:95:8f:18:ef:8c:75:b9:17:28:f6:d5:
                    85:21:bd:f4:e7:2c:4f:9e:d8:c1:b7:27:8c:04:44:
                    13:17:2b:5e:40:23:fd:46:39:36:2a:b5:84:27:0a:
                    cc:1c:ef:83:b7:70:e7:58:a1:72:79:c6:8e:92:39:
                    c3:38:4b:dc:4e:ea:da:a5:5f:07:88:e4:23:4a:01:
                    de:b8:81:4c:7f:e2:83:fd:a3:27:b3:eb:72:3d:8f:
                    fa:25:c0:72:fd:47:89:2c:68:cc:e4:e6:1d:3f:36:
                    80:09:e5:d9:82:f4:80:53:1c:32:9f:67:09:84:c3:
                    10:00:30:c3:f6:6a:af:6e:e2:58:fd:a9:60:49:6b:
                    b7:7e:52:2a:08:3a:ef:41:40:41:a6:c0:ec:87:09:
                    aa:d4:b9:41:3f:0b:9e:b1:90:ff:bc:c6:07:c8:e7:
                    ba:d3:7c:aa:f0:6e:7a:8d:4c:4d:16:2c:93:d4:9a:
                    b4:0a:9d:9b:b8:a3:8c:d3:6f:94:8b:10:a7:48:71:
                    0b:60:b6:d3:de:17:98:d6:df:c5:c3:3c:31:92:37:
                    67:88:86:05:4a:74:ed:ce:7d:b9:dd:f5:f1:f6:88:
                    26:fe:c1:59:73:09:e4:9e:8b:0e:4f:6a:f9:a8:7e:
                    04:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:78:7D:00:C7:BB:C4:4E:2E:3B:8E:BE:62:66:B1:AF:D6:BC:3D:43
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/qXh9AMe7xE4uO46-Ymaxr9a8PUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.230.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:24:ce:71:38:a9:24:5a:80:21:b0:31:93:95:bf:8a:1f:65:
         eb:1c:8d:32:29:ea:3c:d1:c7:a4:6b:66:93:e5:55:54:ac:52:
         db:dd:4c:61:d6:58:75:08:cd:1e:9d:88:11:77:55:a7:9f:03:
         b5:32:5a:33:10:0e:91:ab:59:21:59:bb:53:98:62:98:49:bd:
         ad:87:b4:56:2e:5e:96:e2:de:4a:db:a0:37:65:ba:53:0d:ba:
         df:6f:f3:f7:35:ae:1a:a3:24:54:12:e3:c3:f5:4c:2b:0e:be:
         3c:06:9c:47:4f:a1:cd:ed:b9:a8:e0:4c:bf:f8:9c:c7:1e:10:
         27:7a:41:e0:86:27:0d:53:e1:e6:16:7c:33:ae:fa:75:80:c6:
         12:80:28:b2:dc:24:e1:4f:ed:e1:18:26:34:c2:3b:82:4a:79:
         25:56:04:21:0b:c8:d1:f9:64:2e:e5:37:ca:5d:e7:75:f8:22:
         c0:c8:41:5a:92:62:35:df:e4:44:1e:9b:5a:9d:e0:ce:54:bb:
         0b:39:db:2c:49:02:12:46:07:58:85:5a:ac:23:7d:32:36:c8:
         57:10:9b:f6:6c:a4:fa:1e:5e:8e:9a:3d:37:ea:c5:40:bb:d4:
         95:b6:95:df:fc:32:7d:e2:72:3e:1b:54:e1:0e:c5:93:1b:2a:
         5f:a3:e0:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NVLg7LLHx+7kRUHt2YdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTc4N2QwMGM3YmJjNDRlMmUzYjhlYmU2MjY2YjFhZmQ2YmMzZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtC3TKg8oiz6q+sF+JwNi2/OBlY8Y
74x1uRco9tWFIb305yxPntjBtyeMBEQTFyteQCP9Rjk2KrWEJwrMHO+Dt3DnWKFy
ecaOkjnDOEvcTurapV8HiOQjSgHeuIFMf+KD/aMns+tyPY/6JcBy/UeJLGjM5OYd
PzaACeXZgvSAUxwyn2cJhMMQADDD9mqvbuJY/algSWu3flIqCDrvQUBBpsDshwmq
1LlBPwuesZD/vMYHyOe603yq8G56jUxNFiyT1Jq0Cp2buKOM02+UixCnSHELYLbT
3heY1t/FwzwxkjdniIYFSnTtzn253fXx9ogm/sFZcwnknosOT2r5qH4EAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKl4fQDHu8ROLjuOvmJmsa/WvD1DMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvcVhoOUFNZTd4RTR1TzQ2LVltYXhyOWE4UFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwebCMA0G
CSqGSIb3DQEBCwUAA4IBAQBtJM5xOKkkWoAhsDGTlb+KH2XrHI0yKeo80ceka2aT
5VVUrFLb3Uxh1lh1CM0enYgRd1WnnwO1MlozEA6Rq1khWbtTmGKYSb2th7RWLl6W
4t5K26A3ZbpTDbrfb/P3Na4aoyRUEuPD9UwrDr48BpxHT6HN7bmo4Ey/+JzHHhAn
ekHghicNU+HmFnwzrvp1gMYSgCiy3CThT+3hGCY0wjuCSnklVgQhC8jR+WQu5TfK
Xed1+CLAyEFakmI13+REHptaneDOVLsLOdssSQISRgdYhVqsI30yNshXEJv2bKT6
Hl6Omj036sVAu9SVtpXf/DJ94nI+G1ThDsWTGypfo+Ci
-----END CERTIFICATE-----