This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/sqtmntKdOBuPzSIE0cIE3y2EaBs.roa
File:                     sqtmntKdOBuPzSIE0cIE3y2EaBs.roa (raw, json)
Hash identifier:          s/Kr0rKuBIuHMq/AOSYg40yiEVi9dZEnGqKINi0ORzU=
Subject key identifier:   B2:AB:66:9E:D2:9D:38:1B:8F:CD:22:04:D1:C2:04:DF:2D:84:68:1B
Certificate issuer:       /CN=e74c290b5bccdb7de5383ee45ba615d2f306761f
Certificate serial:       019B7B36F4E377A168D7E626BA84CB4FC04A
Authority key identifier: E7:4C:29:0B:5B:CC:DB:7D:E5:38:3E:E4:5B:A6:15:D2:F3:06:76:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/sqtmntKdOBuPzSIE0cIE3y2EaBs.roa
Signing time:             Thu 01 Jan 2026 20:19:17 +0000
ROA not before:           Thu 01 Jan 2026 20:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398273
IP address blocks:        185.34.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:f4:e3:77:a1:68:d7:e6:26:ba:84:cb:4f:c0:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e74c290b5bccdb7de5383ee45ba615d2f306761f
        Validity
            Not Before: Jan  1 20:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2ab669ed29d381b8fcd2204d1c204df2d84681b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5d:82:76:b2:72:b4:40:69:7c:36:61:4c:7c:
                    96:22:14:62:f7:be:bf:35:be:d8:30:af:57:08:61:
                    39:e3:56:1b:ba:98:64:8a:6f:35:41:e8:11:5a:01:
                    86:e4:c1:97:56:78:5e:bb:07:9c:de:c1:f6:ce:a0:
                    a5:10:97:e1:07:15:c7:68:7f:11:f7:12:62:14:d7:
                    a0:32:0b:dc:f8:fa:d7:30:c7:f6:e1:8a:c3:8b:bc:
                    e0:3e:69:24:fe:18:27:fe:bf:ac:d1:90:fd:06:9e:
                    66:b7:da:fc:47:b7:92:ac:30:64:5e:06:b7:29:3f:
                    9d:3a:30:d2:78:ed:b6:95:1c:90:6d:c8:2c:18:b0:
                    99:64:34:83:46:8b:74:bc:b1:e3:d7:d8:e7:cc:59:
                    2b:ea:e1:5a:28:5b:f7:df:80:cd:32:46:62:50:3e:
                    19:27:df:c8:94:80:7e:57:d1:1e:08:f4:40:f1:7b:
                    0a:bf:bb:77:10:2a:1d:1d:16:01:b5:0b:45:b6:13:
                    23:48:5d:03:d8:d5:83:85:6e:44:90:fb:ee:0d:6f:
                    73:89:c8:1f:3f:52:a6:4e:6e:95:cd:e0:d5:ee:ef:
                    94:7a:d4:d0:55:5a:20:84:23:81:8d:ca:94:95:4d:
                    a6:ba:f3:f8:ef:bb:9e:1f:a5:90:37:8d:18:21:84:
                    10:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:AB:66:9E:D2:9D:38:1B:8F:CD:22:04:D1:C2:04:DF:2D:84:68:1B
            X509v3 Authority Key Identifier:
                keyid:E7:4C:29:0B:5B:CC:DB:7D:E5:38:3E:E4:5B:A6:15:D2:F3:06:76:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/sqtmntKdOBuPzSIE0cIE3y2EaBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:9c:50:11:ef:6d:b9:64:9b:46:f2:3a:b1:c8:7d:d1:55:cf:
         10:0c:75:4d:f6:82:90:5d:c3:f3:4b:ab:07:35:02:bb:f2:19:
         62:fd:38:7e:d2:87:57:0b:fe:69:f6:53:56:a8:90:cc:1c:58:
         16:8d:89:a2:1a:94:0f:ef:ef:f2:5a:47:34:f0:62:55:6b:4d:
         49:8b:f3:db:31:42:97:d6:27:8e:81:97:27:82:fc:ea:76:74:
         fc:c9:7f:9d:3e:f4:90:f0:d6:0d:9d:88:8f:d7:39:37:11:6e:
         9c:4d:70:0b:a7:0a:26:63:a1:43:9c:98:6b:df:67:8f:24:d9:
         c4:77:70:9c:e6:ce:05:6e:b8:7a:76:5c:62:8f:3e:3b:0f:15:
         2a:f4:f3:63:46:a8:e5:fb:50:f6:dc:07:a8:65:c4:e1:08:83:
         7b:01:56:10:5c:01:10:b9:20:ac:4e:a1:2a:62:87:32:9b:24:
         84:60:62:20:8c:11:3b:c5:c9:d1:2f:13:af:02:40:39:b2:bc:
         79:aa:ae:7e:e0:ec:c0:17:84:dd:b3:c3:31:65:ae:be:e2:a3:
         82:d8:6f:58:29:ee:fc:07:41:a7:ba:91:fa:37:da:ac:d5:aa:
         cd:90:1f:a3:1c:d2:91:79:87:67:89:4d:2e:3c:8b:d6:cc:43:
         4c:e5:50:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NvTjd6Fo1+YmuoTLT8BKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NGMyOTBiNWJjY2RiN2RlNTM4M2VlNDViYTYxNWQyZjMw
Njc2MWYwHhcNMjYwMTAxMjAxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmFiNjY5ZWQyOWQzODFiOGZjZDIyMDRkMWMyMDRkZjJkODQ2ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF2CdrJytEBpfDZhTHyWIhRi976/
Nb7YMK9XCGE541Ybuphkim81QegRWgGG5MGXVnheuwec3sH2zqClEJfhBxXHaH8R
9xJiFNegMgvc+PrXMMf24YrDi7zgPmkk/hgn/r+s0ZD9Bp5mt9r8R7eSrDBkXga3
KT+dOjDSeO22lRyQbcgsGLCZZDSDRot0vLHj19jnzFkr6uFaKFv334DNMkZiUD4Z
J9/IlIB+V9EeCPRA8XsKv7t3ECodHRYBtQtFthMjSF0D2NWDhW5EkPvuDW9zicgf
P1KmTm6VzeDV7u+UetTQVVoghCOBjcqUlU2muvP477ueH6WQN40YIYQQDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKrZp7SnTgbj80iBNHCBN8thGgbMB8GA1UdIwQY
MBaAFOdMKQtbzNt95Tg+5FumFdLzBnYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTB3cEMxdk0yMzNsT0Q3a1c2WVYwdk1HZGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yMjIzNzYtNWNmNi00OTc4LWE4YTMt
ZDc0MWZiMjczMTE2LzEvc3F0bW50S2RPQnVQelNJRTBjSUUzeTJFYUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yMjIzNzYtNWNmNi00OTc4LWE4YTMtZDc0MWZiMjczMTE2
LzEvNTB3cEMxdk0yMzNsT0Q3a1c2WVYwdk1HZGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSLIMA0G
CSqGSIb3DQEBCwUAA4IBAQA/nFAR7225ZJtG8jqxyH3RVc8QDHVN9oKQXcPzS6sH
NQK78hli/Th+0odXC/5p9lNWqJDMHFgWjYmiGpQP7+/yWkc08GJVa01Ji/PbMUKX
1ieOgZcngvzqdnT8yX+dPvSQ8NYNnYiP1zk3EW6cTXALpwomY6FDnJhr32ePJNnE
d3Cc5s4Fbrh6dlxijz47DxUq9PNjRqjl+1D23AeoZcThCIN7AVYQXAEQuSCsTqEq
YocymySEYGIgjBE7xcnRLxOvAkA5srx5qq5+4OzAF4Tds8MxZa6+4qOC2G9YKe78
B0GnupH6N9qs1arNkB+jHNKReYdniU0uPIvWzENM5VD6
-----END CERTIFICATE-----