This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qSOY8k6Hve3MFX9kjQn7-bhbEJ8.roa
File:                     qSOY8k6Hve3MFX9kjQn7-bhbEJ8.roa (raw, json)
Hash identifier:          yOWc3AyZlBgoqFySupfIfScc3txg1yxiTwh8L1MydbE=
Subject key identifier:   A9:23:98:F2:4E:87:BD:ED:CC:15:7F:64:8D:09:FB:F9:B8:5B:10:9F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCB80B075A82F80929EF9D1B4704FD3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qSOY8k6Hve3MFX9kjQn7-bhbEJ8.roa
Signing time:             Fri 02 Jan 2026 08:20:47 +0000
ROA not before:           Fri 02 Jan 2026 08:20:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210476
IP address blocks:        151.243.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:80:b0:75:a8:2f:80:92:9e:f9:d1:b4:70:4f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a92398f24e87bdedcc157f648d09fbf9b85b109f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:47:ba:94:cb:b4:b5:33:7d:89:a8:ce:db:ff:
                    c7:9b:4a:23:91:d8:4e:4d:e3:81:4a:e3:8f:c0:8b:
                    28:ed:ca:7e:f5:e7:c2:e2:f0:2d:56:6d:45:24:b8:
                    03:61:a8:10:f2:78:44:79:c9:cd:df:9c:c2:c5:c3:
                    72:ba:39:4d:8a:b7:af:a0:2d:17:d7:f0:cb:3e:cf:
                    b6:ce:e8:7f:6d:52:c0:c6:44:65:9b:78:ee:70:49:
                    4a:cd:d2:db:2a:a6:d1:c0:e4:16:a0:e2:0e:42:ab:
                    95:e0:a6:24:ac:a5:1a:56:f7:a5:b6:23:6c:38:8f:
                    66:f4:43:a2:84:82:c7:23:a5:f9:60:77:a2:7c:c8:
                    c5:63:dc:3e:0b:83:58:52:14:5b:fd:cc:10:f3:2f:
                    1e:11:ce:40:c9:66:ce:c1:e2:1b:ae:91:12:5b:4e:
                    48:b5:d9:21:02:ad:da:43:58:f2:e8:b5:88:45:92:
                    17:1a:fd:23:cd:fa:4b:99:5a:e3:a7:32:d0:8d:17:
                    66:59:8b:fb:a6:af:b5:5c:f0:9b:4f:71:41:48:8c:
                    0e:71:5b:9b:0b:6e:b2:4a:50:6c:50:34:03:63:ae:
                    94:ec:bd:5a:34:69:b6:bd:db:cb:18:bf:cf:9e:c9:
                    7a:fd:d0:17:7c:32:e2:b4:f3:59:a5:20:3f:27:5c:
                    ea:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:23:98:F2:4E:87:BD:ED:CC:15:7F:64:8D:09:FB:F9:B8:5B:10:9F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qSOY8k6Hve3MFX9kjQn7-bhbEJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:38:d9:0f:a3:b4:78:63:d9:cf:77:c6:f2:9d:39:f8:47:bf:
         54:c5:cc:89:0a:e4:fc:2a:b0:41:a6:51:c7:70:64:a4:9c:44:
         1a:60:f3:21:e4:25:8f:e0:01:8c:fa:52:6f:0d:48:fe:af:1b:
         d6:1e:6f:6a:6d:bd:b2:e4:83:74:26:cd:f7:4f:c1:83:f0:d0:
         12:ef:bf:35:f1:28:fd:24:04:21:d7:0c:e4:93:2d:b9:34:9e:
         8d:b1:09:d3:bb:39:0c:1f:3e:d9:7b:7d:95:ff:f1:a7:63:5c:
         73:1b:ed:d2:73:b7:d7:39:8e:ea:0b:77:ee:f0:65:66:00:94:
         94:5a:dc:6c:99:f0:a3:01:e1:f4:2f:64:09:a9:6a:db:35:b8:
         9a:16:0c:31:b2:72:dc:ed:3f:19:f2:39:77:f3:ec:2f:31:c4:
         18:15:36:af:b7:c9:13:56:31:85:fd:ad:5b:6f:8d:41:ab:14:
         40:31:26:f0:49:44:dc:ec:37:4b:64:22:5e:d6:30:2e:0b:15:
         c6:5d:ca:33:d9:2b:18:2f:36:38:ee:17:5e:7b:17:23:a8:b6:
         51:25:df:0b:47:02:92:28:22:ce:86:33:9e:17:ff:49:cc:3e:
         7e:a8:41:8d:ad:8a:c4:bf:a2:90:73:37:c5:02:ca:06:a0:87:
         b3:e1:65:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y4CwdagvgJKe+dG0cE/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIzOThmMjRlODdiZGVkY2MxNTdmNjQ4ZDA5ZmJmOWI4NWIxMDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ke6lMu0tTN9iajO2//Hm0ojkdhO
TeOBSuOPwIso7cp+9efC4vAtVm1FJLgDYagQ8nhEecnN35zCxcNyujlNirevoC0X
1/DLPs+2zuh/bVLAxkRlm3jucElKzdLbKqbRwOQWoOIOQquV4KYkrKUaVveltiNs
OI9m9EOihILHI6X5YHeifMjFY9w+C4NYUhRb/cwQ8y8eEc5AyWbOweIbrpESW05I
tdkhAq3aQ1jy6LWIRZIXGv0jzfpLmVrjpzLQjRdmWYv7pq+1XPCbT3FBSIwOcVub
C26ySlBsUDQDY66U7L1aNGm2vdvLGL/Pnsl6/dAXfDLitPNZpSA/J1zquQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkjmPJOh73tzBV/ZI0J+/m4WxCfMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcVNPWThrNkh2ZTNNRlg5a2pRbjctYmhiRUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/PyMA0G
CSqGSIb3DQEBCwUAA4IBAQBQONkPo7R4Y9nPd8bynTn4R79UxcyJCuT8KrBBplHH
cGSknEQaYPMh5CWP4AGM+lJvDUj+rxvWHm9qbb2y5IN0Js33T8GD8NAS77818Sj9
JAQh1wzkky25NJ6NsQnTuzkMHz7Ze32V//GnY1xzG+3Sc7fXOY7qC3fu8GVmAJSU
WtxsmfCjAeH0L2QJqWrbNbiaFgwxsnLc7T8Z8jl38+wvMcQYFTavt8kTVjGF/a1b
b41BqxRAMSbwSUTc7DdLZCJe1jAuCxXGXcoz2SsYLzY47hdeexcjqLZRJd8LRwKS
KCLOhjOeF/9JzD5+qEGNrYrEv6KQczfFAsoGoIez4WVX
-----END CERTIFICATE-----