This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/qw21gxjVnz51OkQzwvil2a4tGrY.roa
File:                     qw21gxjVnz51OkQzwvil2a4tGrY.roa (raw, json)
Hash identifier:          LGEOC0/f8grQ06LAuOQnmCtRjmyZEt9kkjf6YHG2TGQ=
Subject key identifier:   AB:0D:B5:83:18:D5:9F:3E:75:3A:44:33:C2:F8:A5:D9:AE:2D:1A:B6
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019B797EDBC7FD15026B2F4E59E3E35FB272
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/qw21gxjVnz51OkQzwvil2a4tGrY.roa
Signing time:             Thu 01 Jan 2026 12:18:35 +0000
ROA not before:           Thu 01 Jan 2026 12:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215026
IP address blocks:        188.255.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:17:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:db:c7:fd:15:02:6b:2f:4e:59:e3:e3:5f:b2:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 12:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab0db58318d59f3e753a4433c2f8a5d9ae2d1ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:a8:81:1c:f5:25:52:2d:45:39:92:cd:6e:
                    48:44:ea:9b:67:c9:4b:ec:94:21:99:e2:bd:7c:3f:
                    dd:ad:86:f1:1e:81:2b:38:2b:5a:ea:4f:5f:af:bb:
                    a9:b1:bc:0b:b4:2a:4e:29:4e:66:be:ad:64:e8:1e:
                    20:cf:65:8e:a6:f9:56:84:ef:95:40:f4:d4:3a:85:
                    01:d5:a8:34:21:fc:57:f8:a3:ed:1f:c6:b0:8c:70:
                    00:4e:73:ff:8c:00:f2:6a:c3:64:25:d3:87:c1:6b:
                    dd:61:e6:ba:48:49:9b:64:37:98:e5:47:a7:c0:29:
                    06:ce:39:2b:dc:61:35:89:4a:2a:24:b3:42:2f:b1:
                    ad:5f:26:a4:9d:06:28:be:3d:f4:76:2c:a5:4c:7f:
                    80:14:73:5b:fb:8d:1d:70:f1:26:12:34:37:05:af:
                    0d:21:39:a3:58:23:1f:50:76:41:0e:58:4a:53:8d:
                    fa:d3:bf:40:dd:93:c6:05:f4:8f:6c:54:98:8e:f4:
                    ed:ee:6d:95:c2:04:fb:66:5a:95:36:bd:92:e5:25:
                    a6:2e:10:27:77:33:04:6b:04:c6:3f:a6:3f:a7:7b:
                    46:f7:d4:5f:74:de:57:73:c3:88:9f:8d:fe:a6:cc:
                    b2:14:f3:55:25:44:34:05:1f:18:98:ba:9f:00:8a:
                    85:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:0D:B5:83:18:D5:9F:3E:75:3A:44:33:C2:F8:A5:D9:AE:2D:1A:B6
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/qw21gxjVnz51OkQzwvil2a4tGrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:ea:ba:a3:6d:4e:70:7b:ff:4f:62:4a:4a:a7:a5:32:7c:d1:
         0a:17:70:3b:f4:36:71:f9:2e:70:7c:d5:fc:c5:cc:74:df:97:
         b5:0b:ff:93:ae:2b:97:db:8d:3a:ef:9c:37:a9:8c:78:40:f5:
         58:42:71:1d:2b:b9:06:c4:f8:e4:26:32:fa:aa:9e:ea:e7:60:
         53:3a:06:e4:6b:98:46:00:db:8a:d7:e1:83:2a:d2:a6:4e:a2:
         3f:df:1a:4b:14:2f:56:ff:f3:6e:77:07:95:91:08:31:b3:ea:
         32:76:37:3d:38:7f:b3:e3:f7:d2:97:73:ac:7e:de:78:76:9a:
         d4:ea:c2:1d:d2:0f:9b:cd:0f:36:3f:37:aa:14:80:8f:70:12:
         a9:64:ed:4f:74:7a:57:da:c4:b6:3d:cd:1f:1e:a4:c0:bc:e8:
         f2:ba:a1:09:74:ce:d2:4a:da:1e:d2:a4:44:b3:02:93:25:33:
         8c:2d:cb:2e:67:9e:b5:8b:83:b1:36:b4:ac:84:52:f4:2b:95:
         49:f4:45:1f:97:07:45:24:d6:4a:8a:d5:6f:21:b3:8c:54:f9:
         97:3c:fc:31:ce:1b:eb:05:bb:0e:bd:79:69:c8:13:76:5b:a1:
         17:9e:8c:4d:41:b5:81:1f:27:3e:c9:35:c4:84:35:27:45:9b:
         5c:16:04:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ftvH/RUCay9OWePjX7JyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMTAxMTIxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjBkYjU4MzE4ZDU5ZjNlNzUzYTQ0MzNjMmY4YTVkOWFlMmQxYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua+ogRz1JVItRTmSzW5IROqbZ8lL
7JQhmeK9fD/drYbxHoErOCta6k9fr7upsbwLtCpOKU5mvq1k6B4gz2WOpvlWhO+V
QPTUOoUB1ag0IfxX+KPtH8awjHAATnP/jADyasNkJdOHwWvdYea6SEmbZDeY5Uen
wCkGzjkr3GE1iUoqJLNCL7GtXyaknQYovj30diylTH+AFHNb+40dcPEmEjQ3Ba8N
ITmjWCMfUHZBDlhKU436079A3ZPGBfSPbFSYjvTt7m2VwgT7ZlqVNr2S5SWmLhAn
dzMEawTGP6Y/p3tG99RfdN5Xc8OIn43+psyyFPNVJUQ0BR8YmLqfAIqFewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsNtYMY1Z8+dTpEM8L4pdmuLRq2MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvcXcyMWd4alZuejUxT2tRend2aWwyYTR0R3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+qMA0G
CSqGSIb3DQEBCwUAA4IBAQBN6rqjbU5we/9PYkpKp6UyfNEKF3A79DZx+S5wfNX8
xcx035e1C/+TriuX240675w3qYx4QPVYQnEdK7kGxPjkJjL6qp7q52BTOgbka5hG
ANuK1+GDKtKmTqI/3xpLFC9W//NudweVkQgxs+oydjc9OH+z4/fSl3Osft54dprU
6sId0g+bzQ82PzeqFICPcBKpZO1PdHpX2sS2Pc0fHqTAvOjyuqEJdM7SStoe0qRE
swKTJTOMLcsuZ561i4OxNrSshFL0K5VJ9EUflwdFJNZKitVvIbOMVPmXPPwxzhvr
BbsOvXlpyBN2W6EXnoxNQbWBHyc+yTXEhDUnRZtcFgTc
-----END CERTIFICATE-----