This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/TQ7ysTGQIakmu4CVTNc31GK2dfs.roa
File:                     TQ7ysTGQIakmu4CVTNc31GK2dfs.roa (raw, json)
Hash identifier:          MScEjjiTLmx3/HT0srp+gqbybWKE16rip04S7ew+ay8=
Subject key identifier:   4D:0E:F2:B1:31:90:21:A9:26:BB:80:95:4C:D7:37:D4:62:B6:75:FB
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019B7E38B0BEB208B80C70A92C88815BCA78
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/TQ7ysTGQIakmu4CVTNc31GK2dfs.roa
Signing time:             Fri 02 Jan 2026 10:20:03 +0000
ROA not before:           Fri 02 Jan 2026 10:20:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        93.89.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 07:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:b0:be:b2:08:b8:0c:70:a9:2c:88:81:5b:ca:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Jan  2 10:20:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d0ef2b1319021a926bb80954cd737d462b675fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:18:a2:eb:a7:63:4a:bd:00:b4:73:10:01:75:
                    c7:3c:b9:f1:52:8a:d8:6e:a7:8f:2c:20:26:bb:98:
                    fb:03:fb:e2:89:ce:8d:ae:85:78:50:c7:57:43:aa:
                    63:b3:0b:b0:8a:ad:32:d6:da:b8:8b:47:12:d2:10:
                    10:ca:a3:f0:8b:0b:56:29:1e:90:20:4c:65:36:c1:
                    f7:46:3d:ca:f8:c0:88:a4:88:e8:83:d0:96:dc:6e:
                    c7:93:64:59:05:ca:2e:d6:2b:50:1e:e8:df:17:5c:
                    55:94:fe:75:76:4a:21:9c:1c:05:e0:f3:3a:36:93:
                    d2:7a:2c:37:7e:8d:a2:e0:77:11:69:fd:f0:f0:84:
                    e5:c8:c7:5f:a2:f9:51:f6:f7:f9:9b:2d:b8:7f:70:
                    e1:f1:cd:17:95:9a:3f:39:12:2c:3c:31:c3:a3:19:
                    3b:e5:fc:09:18:94:03:f4:39:86:62:b2:76:1d:2f:
                    74:6a:7f:2a:8f:99:23:f2:da:74:74:02:e6:f2:86:
                    3b:2e:c7:90:18:4a:28:11:02:6a:ab:46:b1:bd:e5:
                    ea:fa:f3:cf:d6:d2:80:87:8c:4d:99:6a:ad:f2:10:
                    9f:23:7f:55:08:72:fa:b5:66:98:c9:fb:ed:d3:a0:
                    b4:99:68:6a:0d:ef:d0:f7:04:cc:4d:06:9a:86:cd:
                    9f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:0E:F2:B1:31:90:21:A9:26:BB:80:95:4C:D7:37:D4:62:B6:75:FB
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/TQ7ysTGQIakmu4CVTNc31GK2dfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.89.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:4d:33:68:7a:18:91:d0:cd:5b:b1:df:c8:fe:73:c0:96:fc:
         49:33:76:21:5f:20:30:4c:54:3c:f1:59:ea:8d:53:68:06:4c:
         bd:be:a2:c3:cf:85:95:7d:7f:d5:a5:18:3d:85:39:d1:c7:4c:
         0b:53:14:e7:6d:7c:fe:74:6c:f0:3d:b0:7e:cb:e4:75:5e:0e:
         dd:c1:98:9a:25:27:53:e1:5c:bd:52:68:86:1b:e7:c2:fa:a6:
         b2:a2:b4:77:1d:13:82:80:62:43:a0:9d:c6:fc:1d:13:c6:8f:
         a7:b1:77:02:15:ba:83:29:b3:79:98:1c:e4:ab:97:c9:9b:db:
         25:54:90:0a:b3:c6:0f:56:dd:19:8c:2c:9e:16:c0:1d:d1:96:
         36:15:60:06:5b:ce:22:a7:1f:5e:67:51:b5:97:09:2c:17:2c:
         b1:99:a0:cf:f4:a6:1e:85:d1:6c:62:02:0e:a1:d6:a8:15:a9:
         fc:63:31:46:80:01:bf:3e:73:a9:59:86:79:a5:66:bd:a2:7e:
         e5:4b:ef:55:21:68:80:cb:ea:94:72:ef:ea:72:f5:96:ec:84:
         95:a3:ea:42:4a:8f:c7:04:40:a1:e1:ba:b5:d6:b4:6b:12:1c:
         64:c7:80:dc:91:2e:1b:e9:42:f6:41:92:64:0c:1a:fa:2c:8d:
         fa:e1:1e:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OLC+sgi4DHCpLIiBW8p4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjYwMTAyMTAyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDBlZjJiMTMxOTAyMWE5MjZiYjgwOTU0Y2Q3MzdkNDYyYjY3NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxii66djSr0AtHMQAXXHPLnxUorY
bqePLCAmu5j7A/viic6NroV4UMdXQ6pjswuwiq0y1tq4i0cS0hAQyqPwiwtWKR6Q
IExlNsH3Rj3K+MCIpIjog9CW3G7Hk2RZBcou1itQHujfF1xVlP51dkohnBwF4PM6
NpPSeiw3fo2i4HcRaf3w8ITlyMdfovlR9vf5my24f3Dh8c0XlZo/ORIsPDHDoxk7
5fwJGJQD9DmGYrJ2HS90an8qj5kj8tp0dALm8oY7LseQGEooEQJqq0axveXq+vPP
1tKAh4xNmWqt8hCfI39VCHL6tWaYyfvt06C0mWhqDe/Q9wTMTQaahs2fUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0O8rExkCGpJruAlUzXN9RitnX7MB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvVFE3eXNUR1FJYWttdTRDVlROYzMxR0syZGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVnXMA0G
CSqGSIb3DQEBCwUAA4IBAQBoTTNoehiR0M1bsd/I/nPAlvxJM3YhXyAwTFQ88Vnq
jVNoBky9vqLDz4WVfX/VpRg9hTnRx0wLUxTnbXz+dGzwPbB+y+R1Xg7dwZiaJSdT
4Vy9UmiGG+fC+qayorR3HROCgGJDoJ3G/B0Txo+nsXcCFbqDKbN5mBzkq5fJm9sl
VJAKs8YPVt0ZjCyeFsAd0ZY2FWAGW84ipx9eZ1G1lwksFyyxmaDP9KYehdFsYgIO
odaoFan8YzFGgAG/PnOpWYZ5pWa9on7lS+9VIWiAy+qUcu/qcvWW7ISVo+pCSo/H
BECh4bq11rRrEhxkx4DckS4b6UL2QZJkDBr6LI364R6J
-----END CERTIFICATE-----