This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/SQRKv0Z6_hmqtMPRpJ8gU8-qRNg.roa
File:                     SQRKv0Z6_hmqtMPRpJ8gU8-qRNg.roa (raw, json)
Hash identifier:          2pACudLrBk6yGw4NBGywXzJ+cVqO1szI/T9hnvWe6SY=
Subject key identifier:   49:04:4A:BF:46:7A:FE:19:AA:B4:C3:D1:A4:9F:20:53:CF:AA:44:D8
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019B7F150165CFFFDBC5693375A0A2ED94F1
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/SQRKv0Z6_hmqtMPRpJ8gU8-qRNg.roa
Signing time:             Fri 02 Jan 2026 14:20:41 +0000
ROA not before:           Fri 02 Jan 2026 14:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5650
IP address blocks:        148.222.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:01:65:cf:ff:db:c5:69:33:75:a0:a2:ed:94:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  2 14:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=49044abf467afe19aab4c3d1a49f2053cfaa44d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:16:b3:48:7e:c4:30:97:45:0b:35:fe:cd:72:
                    72:56:24:90:00:10:eb:db:19:4a:ed:84:d0:42:df:
                    28:81:53:c6:2c:cd:3f:d8:4d:03:00:05:15:89:71:
                    90:71:0b:4a:2d:cc:e1:a7:f9:9a:0a:56:72:83:af:
                    ce:0b:bb:9a:cb:af:8c:a5:ef:36:73:70:c2:ef:f6:
                    4a:89:33:c1:c8:c4:0c:35:e5:7c:bd:f9:b0:ab:63:
                    35:b9:58:f1:cd:2e:b7:9d:2a:ef:db:56:e4:75:91:
                    04:77:0d:f2:92:6c:9c:47:ec:83:56:d9:85:70:dc:
                    cd:2b:f3:3e:08:96:9a:a1:01:0f:c4:5e:43:62:20:
                    2e:ae:c7:c3:39:1c:7a:4f:8d:7f:cd:4a:ed:cb:49:
                    6e:f3:0f:80:60:26:b3:4f:87:cf:a9:83:14:d9:82:
                    40:c6:10:a3:6a:b5:1b:6a:d3:81:53:2a:63:b2:0b:
                    67:df:81:9d:11:25:75:fb:15:cd:b7:bb:5b:89:e6:
                    eb:78:99:c8:c4:b5:67:25:87:a1:af:ab:ab:39:d8:
                    4e:af:7b:47:74:6e:a5:ab:f5:1b:fc:b2:cd:aa:22:
                    a5:ff:17:77:19:db:93:41:0e:74:20:10:5b:ea:5c:
                    34:b8:cf:1a:56:46:5f:ac:97:bb:4f:48:c3:4a:1a:
                    02:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:04:4A:BF:46:7A:FE:19:AA:B4:C3:D1:A4:9F:20:53:CF:AA:44:D8
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/SQRKv0Z6_hmqtMPRpJ8gU8-qRNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.222.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:9b:48:b1:96:ba:64:7d:c6:ac:3f:4d:39:b6:62:7e:e0:4a:
         7d:a3:ff:85:c4:15:4a:a1:f9:71:a9:54:6c:8d:58:ec:fd:a3:
         4d:b3:08:2b:6f:bd:74:a6:e9:7d:05:10:f7:55:86:e8:04:4e:
         88:f8:a3:37:05:b6:49:97:90:83:90:ec:50:9d:93:c6:3d:da:
         e8:9b:5c:84:4a:d8:d2:da:fc:b1:45:13:9a:36:32:ec:04:32:
         4b:05:52:6f:95:ac:fb:e6:93:8a:58:50:26:61:1e:ed:e1:d3:
         9e:ea:0b:2f:bd:6d:25:f6:6a:cd:41:b3:02:b2:ec:6b:d4:62:
         7e:7d:cc:50:ea:51:9e:06:52:c9:e8:47:07:1f:d8:31:5b:81:
         9a:a4:f6:3e:11:84:2f:61:11:79:b5:c3:58:9a:f4:7b:ca:05:
         37:b1:71:0a:94:e9:6a:64:69:95:d9:58:86:41:ef:3e:a4:04:
         4c:cc:c8:84:ee:e8:c1:d1:78:e9:a3:5f:32:6c:d5:fb:b1:82:
         f1:5b:b4:18:fe:d9:2a:bd:86:10:f0:02:aa:50:34:5b:9d:2b:
         c7:d2:41:07:48:19:09:62:07:78:51:cf:11:33:3f:d0:4f:5e:
         f9:ae:b2:54:32:2c:ab:6d:ae:73:a8:79:91:b2:70:9c:e3:63:
         72:6f:eb:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FQFlz//bxWkzdaCi7ZTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMTAyMTQyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTA0NGFiZjQ2N2FmZTE5YWFiNGMzZDFhNDlmMjA1M2NmYWE0NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRazSH7EMJdFCzX+zXJyViSQABDr
2xlK7YTQQt8ogVPGLM0/2E0DAAUViXGQcQtKLczhp/maClZyg6/OC7uay6+Mpe82
c3DC7/ZKiTPByMQMNeV8vfmwq2M1uVjxzS63nSrv21bkdZEEdw3ykmycR+yDVtmF
cNzNK/M+CJaaoQEPxF5DYiAursfDORx6T41/zUrty0lu8w+AYCazT4fPqYMU2YJA
xhCjarUbatOBUypjsgtn34GdESV1+xXNt7tbiebreJnIxLVnJYehr6urOdhOr3tH
dG6lq/Ub/LLNqiKl/xd3GduTQQ50IBBb6lw0uM8aVkZfrJe7T0jDShoCsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkESr9Gev4ZqrTD0aSfIFPPqkTYMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvU1FSS3YwWjZfaG1xdE1QUnBKOGdVOC1xUk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClN70MA0G
CSqGSIb3DQEBCwUAA4IBAQA4m0ixlrpkfcasP005tmJ+4Ep9o/+FxBVKoflxqVRs
jVjs/aNNswgrb710pul9BRD3VYboBE6I+KM3BbZJl5CDkOxQnZPGPdrom1yEStjS
2vyxRROaNjLsBDJLBVJvlaz75pOKWFAmYR7t4dOe6gsvvW0l9mrNQbMCsuxr1GJ+
fcxQ6lGeBlLJ6EcHH9gxW4GapPY+EYQvYRF5tcNYmvR7ygU3sXEKlOlqZGmV2ViG
Qe8+pARMzMiE7ujB0Xjpo18ybNX7sYLxW7QY/tkqvYYQ8AKqUDRbnSvH0kEHSBkJ
Ygd4Uc8RMz/QT175rrJUMiyrba5zqHmRsnCc42Nyb+vu
-----END CERTIFICATE-----