This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/qa47-j_oqK3IouynHnRZ9fWy2Oc.roa
File:                     qa47-j_oqK3IouynHnRZ9fWy2Oc.roa (raw, json)
Hash identifier:          JrKqTlnsL+gqadqY6CmoSgTzkW0/dwKHX5FaF5G0oqU=
Subject key identifier:   A9:AE:3B:FA:3F:E8:A8:AD:C8:A2:EC:A7:1E:74:59:F5:F5:B2:D8:E7
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019B7F159BB6D0543F5923C001220F7839EE
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/qa47-j_oqK3IouynHnRZ9fWy2Oc.roa
Signing time:             Fri 02 Jan 2026 14:21:21 +0000
ROA not before:           Fri 02 Jan 2026 14:21:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12400
IP address blocks:        2.22.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:9b:b6:d0:54:3f:59:23:c0:01:22:0f:78:39:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 14:21:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9ae3bfa3fe8a8adc8a2eca71e7459f5f5b2d8e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d0:af:4a:7e:6c:33:21:14:bb:29:a7:e7:93:
                    ab:af:bf:f7:e3:4b:47:cd:e1:17:ef:27:13:34:0e:
                    49:6d:c6:21:90:d3:8c:a0:1c:8a:c7:ec:e0:4a:c4:
                    33:45:69:ce:3a:a4:08:47:bd:6a:8f:3e:2e:85:48:
                    26:b6:3e:65:2e:c5:cf:cc:ca:9b:5a:82:3e:7a:ca:
                    1a:82:40:cf:64:a9:27:c9:cf:b8:05:95:83:0b:1d:
                    a1:4c:ca:e5:40:3c:05:28:ce:ec:a2:6e:6b:7d:2d:
                    98:40:82:d1:5d:a6:80:d5:a6:79:d4:f6:fd:42:f5:
                    0b:ce:19:45:7b:e3:59:00:ad:9b:b6:94:da:20:fe:
                    3c:ab:01:69:10:3f:a7:ba:72:bc:d6:08:ec:90:96:
                    51:0f:cb:90:bb:32:c4:86:f2:74:f3:f4:17:d2:dd:
                    14:6d:b2:ef:ea:da:0b:9c:39:4d:9e:35:b4:f4:db:
                    31:65:09:8a:80:90:22:3b:49:18:e8:16:28:54:07:
                    1d:ec:55:45:ba:fd:99:9b:cb:c8:3a:59:57:d5:05:
                    ab:12:07:61:57:ec:4f:19:cf:33:4f:2b:4a:f4:42:
                    38:9c:6c:d4:66:03:46:fb:fa:3e:16:9c:f0:a7:45:
                    7d:04:e1:89:59:7c:03:a2:f6:04:8e:34:43:38:a9:
                    c4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:AE:3B:FA:3F:E8:A8:AD:C8:A2:EC:A7:1E:74:59:F5:F5:B2:D8:E7
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/qa47-j_oqK3IouynHnRZ9fWy2Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.22.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:ee:99:59:ca:b5:83:00:64:21:66:d6:33:54:8a:b5:f0:e9:
         b8:bc:77:76:15:13:7a:d3:df:28:10:fc:1e:7f:d2:c3:d2:b5:
         68:8b:fa:53:cd:9e:b3:91:a7:8f:8c:42:51:4e:9e:7a:01:72:
         02:1d:51:1a:f2:ac:11:f6:a5:67:68:39:8d:4a:43:68:3a:4a:
         e8:a5:3e:44:15:1e:c7:1d:54:f4:8d:ca:e7:00:4e:86:2f:c1:
         8e:c9:e3:ee:fe:2a:c0:76:8c:e3:fa:4b:b7:f9:72:81:7d:c4:
         9d:6f:88:77:e0:fe:0c:23:bb:57:c8:cb:e3:06:b2:16:6b:af:
         28:66:70:cc:70:0e:f4:0a:fb:6a:5c:4e:e2:7f:db:c4:b3:13:
         52:e5:69:fc:8e:72:5f:50:a4:01:c6:9b:db:eb:fa:6e:74:49:
         c5:54:9d:8b:d5:9f:ff:a9:af:b3:f5:88:f1:8a:43:1d:18:76:
         5d:f1:36:d7:80:f9:b1:28:7b:85:7a:a0:81:a8:d4:16:42:a8:
         5b:04:76:4c:54:52:a4:4c:c1:bf:88:52:74:d9:fd:a5:17:d3:
         c0:c1:35:58:3d:27:2f:59:64:f0:1b:ce:1e:23:7e:8f:68:b1:
         ae:31:0b:16:79:15:a3:27:f1:ab:4e:f8:1c:54:b5:71:cc:8a:
         12:d7:2c:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FZu20FQ/WSPAASIPeDnuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMTAyMTQyMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWFlM2JmYTNmZThhOGFkYzhhMmVjYTcxZTc0NTlmNWY1YjJkOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNCvSn5sMyEUuymn55Orr7/340tH
zeEX7ycTNA5JbcYhkNOMoByKx+zgSsQzRWnOOqQIR71qjz4uhUgmtj5lLsXPzMqb
WoI+esoagkDPZKknyc+4BZWDCx2hTMrlQDwFKM7som5rfS2YQILRXaaA1aZ51Pb9
QvULzhlFe+NZAK2btpTaIP48qwFpED+nunK81gjskJZRD8uQuzLEhvJ08/QX0t0U
bbLv6toLnDlNnjW09NsxZQmKgJAiO0kY6BYoVAcd7FVFuv2Zm8vIOllX1QWrEgdh
V+xPGc8zTytK9EI4nGzUZgNG+/o+Fpzwp0V9BOGJWXwDovYEjjRDOKnETwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmuO/o/6KityKLspx50WfX1stjnMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvcWE0Ny1qX29xSzNJb3V5bkhuUlo5Zld5Mk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhbpMA0G
CSqGSIb3DQEBCwUAA4IBAQAv7plZyrWDAGQhZtYzVIq18Om4vHd2FRN6098oEPwe
f9LD0rVoi/pTzZ6zkaePjEJRTp56AXICHVEa8qwR9qVnaDmNSkNoOkropT5EFR7H
HVT0jcrnAE6GL8GOyePu/irAdozj+ku3+XKBfcSdb4h34P4MI7tXyMvjBrIWa68o
ZnDMcA70CvtqXE7if9vEsxNS5Wn8jnJfUKQBxpvb6/pudEnFVJ2L1Z//qa+z9Yjx
ikMdGHZd8TbXgPmxKHuFeqCBqNQWQqhbBHZMVFKkTMG/iFJ02f2lF9PAwTVYPScv
WWTwG84eI36PaLGuMQsWeRWjJ/GrTvgcVLVxzIoS1yxo
-----END CERTIFICATE-----