This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/q7LASc7RAdvhKI2lD0l4EEgjIM4.roa
File:                     q7LASc7RAdvhKI2lD0l4EEgjIM4.roa (raw, json)
Hash identifier:          Nr2UUQFi//KxEpaf+hC6t8vMKhEd7i+ElopwPR5ej6c=
Subject key identifier:   AB:B2:C0:49:CE:D1:01:DB:E1:28:8D:A5:0F:49:78:10:48:23:20:CE
Certificate issuer:       /CN=f638947ddb892f5f3a48a69af97a8fb52103a0d6
Certificate serial:       019B7B359B2BA45A970ED31A8CE14E42F3F4
Authority key identifier: F6:38:94:7D:DB:89:2F:5F:3A:48:A6:9A:F9:7A:8F:B5:21:03:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/q7LASc7RAdvhKI2lD0l4EEgjIM4.roa
Signing time:             Thu 01 Jan 2026 20:17:49 +0000
ROA not before:           Thu 01 Jan 2026 20:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        193.35.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:9b:2b:a4:5a:97:0e:d3:1a:8c:e1:4e:42:f3:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f638947ddb892f5f3a48a69af97a8fb52103a0d6
        Validity
            Not Before: Jan  1 20:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abb2c049ced101dbe1288da50f497810482320ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:01:18:68:85:fd:2d:ad:44:2c:40:ae:6b:0e:
                    bc:36:f4:5b:a7:33:4e:74:ef:49:0b:42:8a:19:7a:
                    2c:7d:bd:cc:12:01:1c:d6:d6:38:c1:7f:f4:79:3d:
                    f5:20:99:b7:b3:a2:ed:44:12:1d:76:8d:a7:28:e7:
                    71:dc:8f:52:a8:18:66:8f:3b:a9:b6:cb:91:2a:66:
                    0b:e6:f3:c7:58:06:61:e5:c8:93:0b:18:a6:63:51:
                    af:27:ff:23:81:92:0a:d2:8e:f9:b2:34:f1:34:4b:
                    47:53:50:51:5e:9b:09:02:4f:0e:7c:c4:4d:c7:fb:
                    51:7a:46:dc:0c:79:1d:a4:60:a1:59:c0:75:62:c0:
                    df:d0:96:75:c8:3e:80:de:46:b8:3f:55:34:20:ed:
                    d6:5e:27:f9:61:48:9f:2c:44:44:45:41:56:bf:c9:
                    66:c7:ca:22:39:ff:76:86:61:86:3c:b7:f1:77:ac:
                    24:10:a0:f4:66:46:ea:e8:28:d7:a5:6e:26:d3:ef:
                    b5:77:db:7a:6c:7a:c2:bf:16:4c:61:c3:93:24:2b:
                    cd:21:1a:55:bc:db:8d:04:06:df:2c:87:84:90:c4:
                    5c:33:a0:b7:86:24:b7:cb:83:01:2a:91:18:3f:0d:
                    8a:08:5d:6a:4a:f6:1f:32:3b:31:8a:f5:ed:b6:1a:
                    e7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B2:C0:49:CE:D1:01:DB:E1:28:8D:A5:0F:49:78:10:48:23:20:CE
            X509v3 Authority Key Identifier:
                keyid:F6:38:94:7D:DB:89:2F:5F:3A:48:A6:9A:F9:7A:8F:B5:21:03:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/q7LASc7RAdvhKI2lD0l4EEgjIM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:39:75:47:98:b1:4d:ad:46:b0:ea:c3:e6:ff:81:65:0e:36:
         4e:08:aa:43:ef:1b:f6:01:88:2f:21:39:bc:ee:ff:8f:1b:cb:
         b4:1c:7f:0f:86:33:ff:98:b0:ec:35:79:d4:a9:fd:bf:b9:2b:
         0c:97:77:2f:f9:67:47:f3:fd:84:c5:ed:bd:42:e4:74:58:26:
         ac:f6:aa:c9:c1:ae:3d:03:2a:ad:9d:18:55:83:ba:da:69:43:
         c1:d0:47:32:4d:b1:18:8a:49:7e:1c:76:9b:ce:4e:b5:2d:64:
         9b:c3:22:2b:bc:ca:64:7e:c9:cb:7f:45:bf:36:93:56:66:b7:
         68:1b:f1:10:18:44:ac:fc:e3:56:b7:31:e8:52:32:fc:ba:db:
         e6:79:87:68:31:18:c3:ab:b3:02:71:20:03:2a:96:1c:51:24:
         67:01:e8:ce:05:4f:ff:9e:8f:10:6e:14:c6:93:ea:1b:46:45:
         27:f7:30:5b:d5:39:13:c5:63:87:6d:d5:d0:30:4e:57:a2:b8:
         2e:52:c0:4f:1a:16:34:af:d5:96:01:78:40:d5:aa:05:28:3b:
         86:2d:66:68:cb:7e:53:9b:9b:83:e9:bb:4d:56:dc:2f:97:c2:
         96:88:fc:9c:5d:61:f4:80:c8:43:57:61:3f:1b:d7:61:57:4b:
         74:5f:20:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NZsrpFqXDtMajOFOQvP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2Mzg5NDdkZGI4OTJmNWYzYTQ4YTY5YWY5N2E4ZmI1MjEw
M2EwZDYwHhcNMjYwMTAxMjAxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmIyYzA0OWNlZDEwMWRiZTEyODhkYTUwZjQ5NzgxMDQ4MjMyMGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AEYaIX9La1ELECuaw68NvRbpzNO
dO9JC0KKGXosfb3MEgEc1tY4wX/0eT31IJm3s6LtRBIddo2nKOdx3I9SqBhmjzup
tsuRKmYL5vPHWAZh5ciTCximY1GvJ/8jgZIK0o75sjTxNEtHU1BRXpsJAk8OfMRN
x/tRekbcDHkdpGChWcB1YsDf0JZ1yD6A3ka4P1U0IO3WXif5YUifLERERUFWv8lm
x8oiOf92hmGGPLfxd6wkEKD0Zkbq6CjXpW4m0++1d9t6bHrCvxZMYcOTJCvNIRpV
vNuNBAbfLIeEkMRcM6C3hiS3y4MBKpEYPw2KCF1qSvYfMjsxivXtthrn3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuywEnO0QHb4SiNpQ9JeBBIIyDOMB8GA1UdIwQY
MBaAFPY4lH3biS9fOkimmvl6j7UhA6DWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWppVWZkdUpMMTg2U0thYS1YcVB0U0VEb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8yODliOGQtNzhkZS00MTYwLTkwZDMt
NjFkMjY2MDNjMzdjLzEvcTdMQVNjN1JBZHZoS0kybEQwbDRFRWdqSU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8yODliOGQtNzhkZS00MTYwLTkwZDMtNjFkMjY2MDNjMzdj
LzEvOWppVWZkdUpMMTg2U0thYS1YcVB0U0VEb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSOdMA0G
CSqGSIb3DQEBCwUAA4IBAQAhOXVHmLFNrUaw6sPm/4FlDjZOCKpD7xv2AYgvITm8
7v+PG8u0HH8PhjP/mLDsNXnUqf2/uSsMl3cv+WdH8/2Exe29QuR0WCas9qrJwa49
AyqtnRhVg7raaUPB0EcyTbEYikl+HHabzk61LWSbwyIrvMpkfsnLf0W/NpNWZrdo
G/EQGESs/ONWtzHoUjL8utvmeYdoMRjDq7MCcSADKpYcUSRnAejOBU//no8QbhTG
k+obRkUn9zBb1TkTxWOHbdXQME5XorguUsBPGhY0r9WWAXhA1aoFKDuGLWZoy35T
m5uD6btNVtwvl8KWiPycXWH0gMhDV2E/G9dhV0t0XyCp
-----END CERTIFICATE-----