This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/qvZ-nKf7EFh0r3KXcsWmv_aLkqs.roa
File:                     qvZ-nKf7EFh0r3KXcsWmv_aLkqs.roa (raw, json)
Hash identifier:          XaQIlBTlE+Jhvgae5CyaS1DgkFx27OpIcetptyKOkgg=
Subject key identifier:   AA:F6:7E:9C:A7:FB:10:58:74:AF:72:97:72:C5:A6:BF:F6:8B:92:AB
Certificate issuer:       /CN=399dc13619aaba7f222ceacb05f1bbac59bd3a9a
Certificate serial:       019B7EA6E9A9FAEA5BCF8444F2324EE02F40
Authority key identifier: 39:9D:C1:36:19:AA:BA:7F:22:2C:EA:CB:05:F1:BB:AC:59:BD:3A:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZ3BNhmqun8iLOrLBfG7rFm9Opo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/qvZ-nKf7EFh0r3KXcsWmv_aLkqs.roa
Signing time:             Fri 02 Jan 2026 12:20:26 +0000
ROA not before:           Fri 02 Jan 2026 12:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        85.208.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/OZ3BNhmqun8iLOrLBfG7rFm9Opo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/OZ3BNhmqun8iLOrLBfG7rFm9Opo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OZ3BNhmqun8iLOrLBfG7rFm9Opo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:e9:a9:fa:ea:5b:cf:84:44:f2:32:4e:e0:2f:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=399dc13619aaba7f222ceacb05f1bbac59bd3a9a
        Validity
            Not Before: Jan  2 12:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aaf67e9ca7fb105874af729772c5a6bff68b92ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4b:55:0f:34:eb:b4:09:f0:34:df:64:54:18:
                    5d:a1:87:fe:60:36:7d:53:ac:78:51:fc:14:22:ce:
                    fb:d8:17:3d:06:aa:7b:de:5a:e1:ff:df:60:9b:b6:
                    3a:29:fc:31:04:8b:6d:3c:1b:b7:16:20:3f:5e:73:
                    c9:bb:d0:20:05:92:2f:9f:53:04:60:60:fb:a4:34:
                    07:0f:62:4e:56:67:15:ed:31:6b:1b:14:1c:99:a5:
                    93:62:71:ea:82:3f:3c:ec:82:11:cf:ab:59:61:36:
                    8b:47:ce:5a:56:62:7b:6c:32:5f:d9:cc:63:69:1c:
                    ed:12:50:ae:c8:4b:ff:97:77:70:f9:a8:12:8e:90:
                    ed:a3:7d:d5:08:03:57:42:0c:1a:b9:81:11:97:63:
                    89:46:ab:d2:8f:50:39:79:fe:54:46:b9:80:c7:a1:
                    dd:79:1f:d1:6a:c7:1c:c6:2c:48:0b:c7:38:51:10:
                    a0:37:08:e1:29:20:9b:c6:51:e8:ad:b8:44:80:65:
                    51:c9:53:dc:1c:34:e3:fe:c0:42:d0:71:27:4a:fd:
                    96:50:d6:a1:f2:85:b4:31:24:e5:fc:8f:8f:89:a5:
                    dc:41:43:47:8b:a0:da:dc:f7:33:5f:78:1d:68:6e:
                    da:fd:53:b3:64:81:49:61:0f:ee:3c:0c:6e:ac:45:
                    01:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F6:7E:9C:A7:FB:10:58:74:AF:72:97:72:C5:A6:BF:F6:8B:92:AB
            X509v3 Authority Key Identifier:
                keyid:39:9D:C1:36:19:AA:BA:7F:22:2C:EA:CB:05:F1:BB:AC:59:BD:3A:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZ3BNhmqun8iLOrLBfG7rFm9Opo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/qvZ-nKf7EFh0r3KXcsWmv_aLkqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/OZ3BNhmqun8iLOrLBfG7rFm9Opo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:ba:1d:06:a8:ff:ad:50:2a:48:53:e6:b0:4e:ec:03:9f:b9:
         e5:e9:c0:cd:7a:f7:71:b9:ca:2a:fd:b4:24:cf:c2:dc:b4:95:
         44:8e:68:4a:05:76:97:5f:95:f6:e2:5f:e2:f0:03:a5:2e:38:
         d4:e7:4f:a5:c5:ec:24:40:1b:08:5f:c0:21:5e:a4:5d:65:81:
         61:20:d5:86:af:14:2e:01:8e:57:69:50:6d:1f:f3:12:07:a1:
         0b:39:9f:0f:f9:fc:b3:6b:24:0c:dc:dd:6c:91:68:2d:da:58:
         ce:c4:98:3b:6c:a8:c6:0d:49:50:c9:a3:f0:5d:ef:ae:56:15:
         04:fb:46:62:fc:b7:d0:45:a3:68:75:16:45:10:c9:8a:eb:e9:
         be:69:bc:cf:15:d6:a2:c2:42:a7:16:e2:4b:38:a0:3b:bd:d1:
         c4:c4:5e:26:75:ff:de:e9:59:3c:b8:6b:07:e6:f5:1c:f9:2e:
         ea:bd:b4:80:29:c5:5c:b2:ba:0c:f4:c2:7d:a8:8e:2f:d1:da:
         03:a8:78:1e:3e:7e:0c:4e:bb:44:fb:04:9e:5d:b5:09:3c:04:
         07:0c:30:fb:61:f7:14:1b:c9:d2:7d:da:54:71:ce:ee:0e:4f:
         74:db:b8:0d:62:2b:87:5f:0e:9b:86:f7:e9:a1:39:ca:b9:f4:
         9a:9b:d6:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pump+upbz4RE8jJO4C9AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OWRjMTM2MTlhYWJhN2YyMjJjZWFjYjA1ZjFiYmFjNTli
ZDNhOWEwHhcNMjYwMTAyMTIyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWY2N2U5Y2E3ZmIxMDU4NzRhZjcyOTc3MmM1YTZiZmY2OGI5MmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEtVDzTrtAnwNN9kVBhdoYf+YDZ9
U6x4UfwUIs772Bc9Bqp73lrh/99gm7Y6KfwxBIttPBu3FiA/XnPJu9AgBZIvn1ME
YGD7pDQHD2JOVmcV7TFrGxQcmaWTYnHqgj887IIRz6tZYTaLR85aVmJ7bDJf2cxj
aRztElCuyEv/l3dw+agSjpDto33VCANXQgwauYERl2OJRqvSj1A5ef5URrmAx6Hd
eR/RasccxixIC8c4URCgNwjhKSCbxlHorbhEgGVRyVPcHDTj/sBC0HEnSv2WUNah
8oW0MSTl/I+PiaXcQUNHi6Da3PczX3gdaG7a/VOzZIFJYQ/uPAxurEUBkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKr2fpyn+xBYdK9yl3LFpr/2i5KrMB8GA1UdIwQY
MBaAFDmdwTYZqrp/IizqywXxu6xZvTqaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1ozQk5obXF1bjhpTE9yTEJmRzdyRm05T3BvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lZmEyMjUtMTZkYy00ZjQzLWFhZTkt
MDAzMmZkYzU0NTBiLzEvcXZaLW5LZjdFRmgwcjNLWGNzV212X2FMa3FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lZmEyMjUtMTZkYy00ZjQzLWFhZTktMDAzMmZkYzU0NTBi
LzEvT1ozQk5obXF1bjhpTE9yTEJmRzdyRm05T3BvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdDBMA0G
CSqGSIb3DQEBCwUAA4IBAQCIuh0GqP+tUCpIU+awTuwDn7nl6cDNevdxucoq/bQk
z8LctJVEjmhKBXaXX5X24l/i8AOlLjjU50+lxewkQBsIX8AhXqRdZYFhINWGrxQu
AY5XaVBtH/MSB6ELOZ8P+fyzayQM3N1skWgt2ljOxJg7bKjGDUlQyaPwXe+uVhUE
+0Zi/LfQRaNodRZFEMmK6+m+abzPFdaiwkKnFuJLOKA7vdHExF4mdf/e6Vk8uGsH
5vUc+S7qvbSAKcVcsroM9MJ9qI4v0doDqHgePn4MTrtE+wSeXbUJPAQHDDD7YfcU
G8nSfdpUcc7uDk9027gNYiuHXw6bhvfpoTnKufSam9bm
-----END CERTIFICATE-----