This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/b15658-10b6-4041-a3da-8d3a6d165da3/1/q2Eizro8coJ0vQbXr19bHJH4bc0.roa
File:                     q2Eizro8coJ0vQbXr19bHJH4bc0.roa (raw, json)
Hash identifier:          tmAf20SndhrgKXo0idQ98M/X9oFaPmCTdoXsGpxVz5o=
Subject key identifier:   AB:61:22:CE:BA:3C:72:82:74:BD:06:D7:AF:5F:5B:1C:91:F8:6D:CD
Certificate issuer:       /CN=bfe3542dd63fed250de5cb65f6eca487e7f47847
Certificate serial:       019B77C70FAC728CD3C321D70489CF47ADD9
Authority key identifier: BF:E3:54:2D:D6:3F:ED:25:0D:E5:CB:65:F6:EC:A4:87:E7:F4:78:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-NULdY_7SUN5ctl9uykh-f0eEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/b15658-10b6-4041-a3da-8d3a6d165da3/1/q2Eizro8coJ0vQbXr19bHJH4bc0.roa
Signing time:             Thu 01 Jan 2026 04:18:12 +0000
ROA not before:           Thu 01 Jan 2026 04:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48590
IP address blocks:        195.70.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/b15658-10b6-4041-a3da-8d3a6d165da3/1/v-NULdY_7SUN5ctl9uykh-f0eEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/b15658-10b6-4041-a3da-8d3a6d165da3/1/v-NULdY_7SUN5ctl9uykh-f0eEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-NULdY_7SUN5ctl9uykh-f0eEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:0f:ac:72:8c:d3:c3:21:d7:04:89:cf:47:ad:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe3542dd63fed250de5cb65f6eca487e7f47847
        Validity
            Not Before: Jan  1 04:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab6122ceba3c728274bd06d7af5f5b1c91f86dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b0:b8:48:84:0d:bd:bf:f3:a4:fb:38:7b:4d:
                    09:31:de:a1:74:f7:13:00:e1:aa:e5:1b:47:0e:57:
                    0a:8f:67:df:88:97:8e:9e:f1:16:5f:8b:e8:41:3d:
                    c0:3a:ef:ea:ad:6a:44:53:03:b5:a2:37:95:b1:54:
                    42:4f:a2:29:3a:92:31:4d:1a:13:5e:1a:39:52:06:
                    d2:6d:5a:4c:5a:55:15:e0:5d:32:ca:ed:45:0b:f9:
                    4b:61:83:3f:98:ce:89:83:60:28:f2:21:80:8b:9d:
                    18:b1:a9:d5:44:6e:3f:a1:20:16:9c:c0:d1:d2:e4:
                    60:de:e8:75:90:2d:80:86:22:af:39:b0:75:9a:1d:
                    e4:59:7c:42:63:d7:c3:11:a8:76:22:0b:42:48:49:
                    33:1e:b3:c8:db:f4:d0:c6:82:f3:22:00:3b:05:46:
                    a7:1c:8f:e0:d8:67:43:c5:b5:b7:96:8c:95:d8:f6:
                    da:36:7b:e7:7a:49:ef:37:44:98:c6:18:95:96:89:
                    ad:84:35:b6:84:60:c3:81:f9:fb:ea:89:a1:79:5a:
                    44:25:f3:f7:2b:f3:41:02:85:26:9b:4c:78:af:f4:
                    3e:d0:c2:d0:01:77:fa:fb:02:70:c1:11:d9:28:a5:
                    3e:40:04:a1:e0:ef:f1:4f:0f:67:34:7a:cd:65:91:
                    b4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:61:22:CE:BA:3C:72:82:74:BD:06:D7:AF:5F:5B:1C:91:F8:6D:CD
            X509v3 Authority Key Identifier:
                keyid:BF:E3:54:2D:D6:3F:ED:25:0D:E5:CB:65:F6:EC:A4:87:E7:F4:78:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-NULdY_7SUN5ctl9uykh-f0eEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b15658-10b6-4041-a3da-8d3a6d165da3/1/q2Eizro8coJ0vQbXr19bHJH4bc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b15658-10b6-4041-a3da-8d3a6d165da3/1/v-NULdY_7SUN5ctl9uykh-f0eEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.70.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:e0:84:55:55:2f:a2:86:56:ce:cb:cd:e2:dc:b5:7f:c3:a8:
         d7:cd:6c:36:a2:4e:e8:bd:23:39:f4:3e:85:e8:0d:6e:4e:c0:
         7e:be:96:7c:e9:7f:fb:71:ef:94:5d:e4:8d:e6:c0:14:1a:73:
         73:12:2f:8e:d2:fe:ca:31:6d:4e:ff:d0:d6:b2:bc:04:b8:09:
         03:be:ad:57:ba:82:90:72:31:6b:d7:7a:19:c5:6c:d4:9c:99:
         41:37:1a:cc:fa:d1:5f:cd:8a:af:e6:f6:29:67:70:79:0e:08:
         e4:ae:f3:ba:bb:e3:f6:6a:fa:f7:3a:da:52:ac:3a:ea:6f:f1:
         3d:60:f7:e4:a2:c3:86:90:d1:b2:86:f9:07:1b:45:7c:a2:3c:
         d6:6a:d9:b6:b9:db:d1:0d:50:61:4a:bf:24:2b:aa:58:90:f0:
         f7:3e:09:f2:c8:00:8b:2b:01:2f:6c:c9:d6:92:60:b8:6a:87:
         5e:49:1a:1f:bf:62:0c:56:51:54:82:3b:47:ec:2f:75:5c:de:
         27:df:a7:b5:a7:d0:14:51:3c:d5:36:c4:ba:9d:60:99:93:f8:
         5a:ee:c6:28:0f:b7:d8:79:27:30:ea:ba:7d:ef:9a:0b:f0:34:
         1e:78:a5:43:6c:1d:2b:74:8a:0c:f9:cc:ab:2c:19:aa:25:27:
         c3:59:06:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xw+scozTwyHXBInPR63ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTM1NDJkZDYzZmVkMjUwZGU1Y2I2NWY2ZWNhNDg3ZTdm
NDc4NDcwHhcNMjYwMTAxMDQxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjYxMjJjZWJhM2M3MjgyNzRiZDA2ZDdhZjVmNWIxYzkxZjg2ZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrC4SIQNvb/zpPs4e00JMd6hdPcT
AOGq5RtHDlcKj2ffiJeOnvEWX4voQT3AOu/qrWpEUwO1ojeVsVRCT6IpOpIxTRoT
Xho5UgbSbVpMWlUV4F0yyu1FC/lLYYM/mM6Jg2Ao8iGAi50YsanVRG4/oSAWnMDR
0uRg3uh1kC2AhiKvObB1mh3kWXxCY9fDEah2IgtCSEkzHrPI2/TQxoLzIgA7BUan
HI/g2GdDxbW3loyV2PbaNnvneknvN0SYxhiVlomthDW2hGDDgfn76omheVpEJfP3
K/NBAoUmm0x4r/Q+0MLQAXf6+wJwwRHZKKU+QASh4O/xTw9nNHrNZZG0aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKthIs66PHKCdL0G169fWxyR+G3NMB8GA1UdIwQY
MBaAFL/jVC3WP+0lDeXLZfbspIfn9HhHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1OVUxkWV83U1VONWN0bDl1eWtoLWYwZUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9iMTU2NTgtMTBiNi00MDQxLWEzZGEt
OGQzYTZkMTY1ZGEzLzEvcTJFaXpybzhjb0owdlFiWHIxOWJISkg0YmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9iMTU2NTgtMTBiNi00MDQxLWEzZGEtOGQzYTZkMTY1ZGEz
LzEvdi1OVUxkWV83U1VONWN0bDl1eWtoLWYwZUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0YdMA0G
CSqGSIb3DQEBCwUAA4IBAQCT4IRVVS+ihlbOy83i3LV/w6jXzWw2ok7ovSM59D6F
6A1uTsB+vpZ86X/7ce+UXeSN5sAUGnNzEi+O0v7KMW1O/9DWsrwEuAkDvq1XuoKQ
cjFr13oZxWzUnJlBNxrM+tFfzYqv5vYpZ3B5DgjkrvO6u+P2avr3OtpSrDrqb/E9
YPfkosOGkNGyhvkHG0V8ojzWatm2udvRDVBhSr8kK6pYkPD3PgnyyACLKwEvbMnW
kmC4aodeSRofv2IMVlFUgjtH7C91XN4n36e1p9AUUTzVNsS6nWCZk/ha7sYoD7fY
eScw6rp975oL8DQeeKVDbB0rdIoM+cyrLBmqJSfDWQZa
-----END CERTIFICATE-----