This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/QFNxEKmMB0w9c_fcbUm6kZIgIiU.roa
File:                     QFNxEKmMB0w9c_fcbUm6kZIgIiU.roa (raw, json)
Hash identifier:          yRObraxWQ+KSiz/NMpv1EAHhy6xFZ3g/Tjjo6DSAkhE=
Subject key identifier:   40:53:71:10:A9:8C:07:4C:3D:73:F7:DC:6D:49:BA:91:92:20:22:25
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       019B7C11FBCA0A20C2AB8067BF3554A592B1
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/QFNxEKmMB0w9c_fcbUm6kZIgIiU.roa
Signing time:             Fri 02 Jan 2026 00:18:31 +0000
ROA not before:           Fri 02 Jan 2026 00:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200682
IP address blocks:        212.161.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:fb:ca:0a:20:c2:ab:80:67:bf:35:54:a5:92:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  2 00:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40537110a98c074c3d73f7dc6d49ba9192202225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d0:80:77:3b:65:34:ee:33:3c:61:14:91:94:
                    c5:22:d5:64:c7:2b:2c:ce:6b:ae:29:07:c5:a4:91:
                    6d:f9:df:4b:48:bc:cc:54:3e:78:64:23:04:15:7a:
                    e6:ea:00:cb:e5:91:82:d6:4a:de:1a:93:91:8f:07:
                    51:60:26:87:1e:2f:ba:bc:1b:b3:a0:a6:4a:e6:92:
                    79:37:ba:a9:93:16:1b:bd:50:22:de:06:44:49:50:
                    7f:f2:57:57:a6:f4:b7:36:f3:93:34:6f:ea:42:6e:
                    f3:0a:07:e0:71:c7:cc:20:02:15:28:cd:fa:e7:7e:
                    f8:fa:d7:0c:d7:7f:ed:68:5f:b3:bf:e7:8f:68:45:
                    b8:7a:88:e8:2d:5f:1e:84:6a:bf:0a:7d:e5:45:bb:
                    10:09:fa:b4:7f:c0:2d:a1:ff:f2:00:9e:6b:7c:88:
                    52:03:6a:49:92:de:b5:35:e5:57:22:f7:af:5c:f0:
                    be:53:35:7e:e8:c3:71:9d:7f:d2:7d:80:c2:5a:56:
                    b1:50:cf:0e:ef:2e:dc:58:8f:d8:2c:79:e1:6d:90:
                    c3:a6:83:6d:cb:56:c6:a1:98:2a:61:fb:29:27:d7:
                    db:4b:6c:d8:e7:87:87:0f:dd:5e:ec:09:72:48:77:
                    23:90:9d:33:3b:68:f8:ef:84:2c:f1:84:24:18:fd:
                    6a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:53:71:10:A9:8C:07:4C:3D:73:F7:DC:6D:49:BA:91:92:20:22:25
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/QFNxEKmMB0w9c_fcbUm6kZIgIiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.161.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:82:4f:12:7d:b1:27:89:cf:3f:b9:dc:d6:7d:b3:f1:03:ec:
         52:b5:8e:90:7d:30:9f:6e:2a:b8:9c:8b:45:e8:38:69:8e:93:
         ea:a9:bc:01:3c:fa:78:84:b6:1c:10:65:77:c3:c9:5b:3b:80:
         6c:7c:cd:45:9e:40:54:6e:9e:5c:ad:c8:16:30:86:98:e2:25:
         57:25:58:cd:70:d7:9c:62:0b:9b:28:04:11:e9:48:ca:b7:74:
         29:ac:e1:2e:d3:45:1c:60:c9:ea:60:9b:4d:6b:3c:dd:a1:c7:
         75:3f:e8:3a:e8:5b:c8:de:bf:a8:6d:1c:01:ef:ca:43:e5:2a:
         6f:92:ee:ef:0d:3f:20:ed:a8:22:18:e5:7d:0b:d5:91:d2:97:
         d4:9b:db:7a:b6:c5:36:54:99:c3:5f:03:8f:0c:7a:08:c6:5a:
         6d:0b:57:52:d8:f0:e1:ae:ae:b1:c6:62:e0:c9:76:05:82:93:
         c1:1f:38:7c:70:d7:97:43:8b:71:59:f7:a0:ef:f5:2a:91:bc:
         39:f4:99:c2:5c:a8:89:a9:5c:e7:9f:0d:53:bb:a6:cd:86:19:
         ae:2a:72:3a:db:00:f0:ba:82:f8:64:d2:62:76:2a:fe:7a:e7:
         8e:40:8e:78:60:56:64:36:dd:92:67:43:37:9f:a4:b9:65:27:
         0e:6c:fb:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EfvKCiDCq4BnvzVUpZKxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjYwMTAyMDAxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUzNzExMGE5OGMwNzRjM2Q3M2Y3ZGM2ZDQ5YmE5MTkyMjAyMjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9CAdztlNO4zPGEUkZTFItVkxyss
zmuuKQfFpJFt+d9LSLzMVD54ZCMEFXrm6gDL5ZGC1kreGpORjwdRYCaHHi+6vBuz
oKZK5pJ5N7qpkxYbvVAi3gZESVB/8ldXpvS3NvOTNG/qQm7zCgfgccfMIAIVKM36
5374+tcM13/taF+zv+ePaEW4eojoLV8ehGq/Cn3lRbsQCfq0f8Atof/yAJ5rfIhS
A2pJkt61NeVXIvevXPC+UzV+6MNxnX/SfYDCWlaxUM8O7y7cWI/YLHnhbZDDpoNt
y1bGoZgqYfspJ9fbS2zY54eHD91e7AlySHcjkJ0zO2j474Qs8YQkGP1qkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBTcRCpjAdMPXP33G1JupGSICIlMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvUUZOeEVLbU1CMHc5Y19mY2JVbTZrWklnSWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1KE7MA0G
CSqGSIb3DQEBCwUAA4IBAQAEgk8SfbEnic8/udzWfbPxA+xStY6QfTCfbiq4nItF
6DhpjpPqqbwBPPp4hLYcEGV3w8lbO4BsfM1FnkBUbp5crcgWMIaY4iVXJVjNcNec
YgubKAQR6UjKt3QprOEu00UcYMnqYJtNazzdocd1P+g66FvI3r+obRwB78pD5Spv
ku7vDT8g7agiGOV9C9WR0pfUm9t6tsU2VJnDXwOPDHoIxlptC1dS2PDhrq6xxmLg
yXYFgpPBHzh8cNeXQ4txWfeg7/Uqkbw59JnCXKiJqVznnw1Tu6bNhhmuKnI62wDw
uoL4ZNJidir+eueOQI54YFZkNt2SZ0M3n6S5ZScObPtB
-----END CERTIFICATE-----