This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/QkwhGPSuc7rlqlghZY18xAA7lM0.roa
File:                     QkwhGPSuc7rlqlghZY18xAA7lM0.roa (raw, json)
Hash identifier:          nAcfbt2ttDYq5SWZx/GAjI41TdBLCEtgGu5tjf8Jj2A=
Subject key identifier:   42:4C:21:18:F4:AE:73:BA:E5:AA:58:21:65:8D:7C:C4:00:3B:94:CD
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       019B7DCA1F8FC85342CD3B48F14F36C9540D
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/QkwhGPSuc7rlqlghZY18xAA7lM0.roa
Signing time:             Fri 02 Jan 2026 08:19:16 +0000
ROA not before:           Fri 02 Jan 2026 08:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12129
IP address blocks:        37.221.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:1f:8f:c8:53:42:cd:3b:48:f1:4f:36:c9:54:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 08:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=424c2118f4ae73bae5aa5821658d7cc4003b94cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b0:f2:40:cf:d9:f6:9c:ed:7b:1a:a8:39:23:
                    71:04:13:8c:1d:e0:65:83:79:ad:14:63:08:26:fe:
                    aa:6f:cb:b5:25:55:9f:3c:01:10:65:51:23:ab:e6:
                    76:d1:df:1b:1d:82:8e:c8:44:e7:72:4d:87:f2:56:
                    9b:69:86:b2:35:fb:ef:b7:d2:98:6d:07:78:de:df:
                    1b:71:3b:f4:7a:ac:ff:96:54:4c:91:54:ba:f9:e6:
                    ed:6b:26:26:af:11:19:b2:fb:cc:72:17:41:62:56:
                    a9:ca:c5:c8:93:70:46:5d:da:71:eb:8c:aa:a4:5e:
                    f6:5c:ad:64:f2:23:e8:f7:76:73:dd:f0:fd:17:4a:
                    d7:b5:0b:2b:c3:99:58:c7:5e:33:80:dd:2f:f2:42:
                    33:c5:6f:17:bd:85:f3:5f:a9:99:45:47:18:9d:91:
                    0e:71:55:b7:cb:72:25:1e:bb:ab:d1:74:a9:2f:b9:
                    25:0d:90:ce:c4:6a:35:7b:76:de:0f:b5:58:a5:46:
                    99:b6:fd:5f:1b:42:ca:4b:f4:0a:0c:cf:8c:d4:8a:
                    eb:4d:c5:b0:d5:d7:54:9c:36:7a:8d:e7:71:3e:d0:
                    93:eb:d0:ab:ad:90:cd:fb:07:17:97:a9:1c:18:61:
                    62:d5:de:84:97:a4:62:8e:c6:63:50:91:0e:18:ef:
                    a2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:4C:21:18:F4:AE:73:BA:E5:AA:58:21:65:8D:7C:C4:00:3B:94:CD
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/QkwhGPSuc7rlqlghZY18xAA7lM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:57:25:a3:57:e6:f6:7d:d2:a8:2d:b9:85:e7:22:fa:03:c5:
         ba:b7:72:c0:7e:2c:7a:f3:76:e8:d4:c2:f4:38:97:f8:83:c1:
         fc:b1:a0:72:d8:02:a1:71:69:89:a7:1c:68:19:7a:de:94:cc:
         79:41:87:c3:fd:cf:64:f2:ed:6e:2b:ad:c7:1b:73:9a:4e:69:
         7f:45:29:03:2b:32:9b:45:5f:59:aa:d3:24:c0:8a:d7:89:2e:
         41:10:fc:9c:4f:53:08:05:a5:ed:68:cc:64:38:88:f9:18:bb:
         00:0f:8b:48:30:c5:a1:fe:79:91:23:5b:fc:d1:ce:07:f3:f8:
         51:dd:8b:fa:2a:71:92:d1:ed:16:b5:95:01:bc:1e:3b:13:db:
         79:97:f8:00:04:80:e3:73:df:62:e4:88:90:1c:0d:7a:f5:8c:
         56:96:fb:08:ea:d4:04:4d:19:43:95:a5:0d:5d:5f:dc:47:56:
         cf:87:ed:97:d1:c3:e1:56:3d:ee:06:cd:56:36:fb:0a:b6:59:
         e8:47:8b:8e:37:b8:a1:1d:91:39:8a:1a:01:a1:23:94:5a:c7:
         15:2e:b1:ba:4a:46:c1:85:05:05:23:bc:e8:02:4d:41:f9:c0:
         82:96:bb:e6:28:d5:6e:0f:1d:86:1a:66:2a:4a:52:e0:cc:f3:
         ab:da:45:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yh+PyFNCzTtI8U82yVQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjYwMTAyMDgxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjRjMjExOGY0YWU3M2JhZTVhYTU4MjE2NThkN2NjNDAwM2I5NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7DyQM/Z9pztexqoOSNxBBOMHeBl
g3mtFGMIJv6qb8u1JVWfPAEQZVEjq+Z20d8bHYKOyETnck2H8labaYayNfvvt9KY
bQd43t8bcTv0eqz/llRMkVS6+ebtayYmrxEZsvvMchdBYlapysXIk3BGXdpx64yq
pF72XK1k8iPo93Zz3fD9F0rXtQsrw5lYx14zgN0v8kIzxW8XvYXzX6mZRUcYnZEO
cVW3y3IlHrur0XSpL7klDZDOxGo1e3beD7VYpUaZtv1fG0LKS/QKDM+M1IrrTcWw
1ddUnDZ6jedxPtCT69CrrZDN+wcXl6kcGGFi1d6El6RijsZjUJEOGO+iKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJMIRj0rnO65apYIWWNfMQAO5TNMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvUWt3aEdQU3VjN3JscWxnaFpZMTh4QUE3bE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd1tMA0G
CSqGSIb3DQEBCwUAA4IBAQBRVyWjV+b2fdKoLbmF5yL6A8W6t3LAfix683bo1ML0
OJf4g8H8saBy2AKhcWmJpxxoGXrelMx5QYfD/c9k8u1uK63HG3OaTml/RSkDKzKb
RV9ZqtMkwIrXiS5BEPycT1MIBaXtaMxkOIj5GLsAD4tIMMWh/nmRI1v80c4H8/hR
3Yv6KnGS0e0WtZUBvB47E9t5l/gABIDjc99i5IiQHA169YxWlvsI6tQETRlDlaUN
XV/cR1bPh+2X0cPhVj3uBs1WNvsKtlnoR4uON7ihHZE5ihoBoSOUWscVLrG6SkbB
hQUFI7zoAk1B+cCClrvmKNVuDx2GGmYqSlLgzPOr2kUP
-----END CERTIFICATE-----