This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qb53d3CTyFwE2u_OaxERY0TOO_E.roa
File:                     qb53d3CTyFwE2u_OaxERY0TOO_E.roa (raw, json)
Hash identifier:          ttpjuNJe828o5fi9g8ppYVxhQqTSUgZIlY+ASlP+JZg=
Subject key identifier:   A9:BE:77:77:70:93:C8:5C:04:DA:EF:CE:6B:11:11:63:44:CE:3B:F1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F8498A0629D9B41EE7097EAC9666E92
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qb53d3CTyFwE2u_OaxERY0TOO_E.roa
Signing time:             Fri 02 Jan 2026 16:22:34 +0000
ROA not before:           Fri 02 Jan 2026 16:22:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205536
IP address blocks:        217.60.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:98:a0:62:9d:9b:41:ee:70:97:ea:c9:66:6e:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9be77777093c85c04daefce6b11116344ce3bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:47:25:8d:8b:4e:52:23:c1:6e:46:5c:2b:4b:
                    40:96:8d:ae:cd:32:3f:1a:2f:56:48:9f:cb:d6:d2:
                    dc:7d:54:19:59:81:b3:e4:c2:f1:0a:bb:10:ec:0f:
                    f9:9c:42:c2:99:8c:c9:ea:43:3c:06:4c:b4:97:b2:
                    bb:46:da:77:46:32:c6:60:91:2d:ff:ca:c3:7c:31:
                    60:f3:66:c9:6b:24:b4:70:cb:a6:fb:c2:60:7e:71:
                    06:58:4e:33:fd:87:97:40:f8:74:55:36:4a:87:b5:
                    2b:b1:8c:32:4f:b7:7a:a8:e0:ee:fe:d7:a5:ea:6f:
                    ad:ba:02:f6:c7:a3:61:98:91:82:87:c8:70:e3:e8:
                    ff:2c:ca:ea:c6:23:e0:1d:8c:b5:bb:ed:91:86:3c:
                    8c:b5:ce:5e:d5:02:e1:44:af:17:75:b0:31:f6:c8:
                    f7:bd:8e:e7:16:33:84:de:f3:be:40:d8:d7:79:dc:
                    e8:4f:d8:72:43:f8:c8:fd:c0:ec:82:76:a8:b2:2d:
                    c6:10:78:49:ad:f6:74:93:c7:ae:d2:37:81:92:ac:
                    e4:7a:37:a3:93:70:84:5f:db:d4:50:b5:62:b5:e5:
                    ee:d6:48:ff:0c:e8:db:6b:3b:81:9a:12:bb:34:0d:
                    c8:f3:40:eb:31:5d:36:da:53:48:24:94:ed:0c:20:
                    a1:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BE:77:77:70:93:C8:5C:04:DA:EF:CE:6B:11:11:63:44:CE:3B:F1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qb53d3CTyFwE2u_OaxERY0TOO_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:02:40:26:dd:96:b3:b7:af:21:51:c6:9a:7e:0b:d1:a5:f2:
         a1:99:49:9d:cc:64:12:6a:11:f3:ea:ce:fa:aa:a5:85:a9:e7:
         b2:4f:6a:44:9e:7b:6f:dd:68:77:9e:a3:29:f3:6d:1b:04:1f:
         2f:9e:ca:33:79:31:0d:25:c8:37:c1:b3:10:60:98:42:0e:b4:
         f8:d3:26:e2:93:9c:30:cd:10:f3:ff:52:39:7c:fc:8e:50:f3:
         04:40:e5:26:70:8d:4c:44:b3:cd:f1:2b:73:5d:9b:4a:80:41:
         96:2d:8a:1e:e4:12:40:b3:06:62:a4:be:ae:9e:00:d1:7d:2c:
         97:d3:47:2f:56:0f:02:02:59:2c:8b:db:cf:b4:db:5c:65:39:
         4f:6d:7e:34:b3:b0:28:0e:10:db:81:9e:7c:6f:5e:56:34:81:
         ed:43:33:7e:0e:83:cd:e1:64:a7:57:9c:b1:eb:7d:e6:d2:d4:
         6c:26:e7:a9:7d:1b:50:85:ee:27:e1:ff:4a:e4:4c:bc:62:fd:
         e5:41:c7:3b:cd:55:98:63:7b:99:fc:ca:1c:85:c4:08:26:2e:
         21:2a:15:63:9f:53:9e:ad:6f:bd:b4:54:45:e8:98:a3:4b:5d:
         b2:43:c7:ae:12:3e:85:ea:99:d0:9e:23:a4:c4:3f:c6:64:5d:
         48:dc:0b:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hJigYp2bQe5wl+rJZm6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJlNzc3NzcwOTNjODVjMDRkYWVmY2U2YjExMTE2MzQ0Y2UzYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10cljYtOUiPBbkZcK0tAlo2uzTI/
Gi9WSJ/L1tLcfVQZWYGz5MLxCrsQ7A/5nELCmYzJ6kM8Bky0l7K7Rtp3RjLGYJEt
/8rDfDFg82bJayS0cMum+8JgfnEGWE4z/YeXQPh0VTZKh7UrsYwyT7d6qODu/tel
6m+tugL2x6NhmJGCh8hw4+j/LMrqxiPgHYy1u+2RhjyMtc5e1QLhRK8XdbAx9sj3
vY7nFjOE3vO+QNjXedzoT9hyQ/jI/cDsgnaosi3GEHhJrfZ0k8eu0jeBkqzkejej
k3CEX9vUULViteXu1kj/DOjbazuBmhK7NA3I80DrMV022lNIJJTtDCChIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKm+d3dwk8hcBNrvzmsREWNEzjvxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcWI1M2QzQ1R5RndFMnVfT2F4RVJZMFRPT19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TzwMA0G
CSqGSIb3DQEBCwUAA4IBAQCHAkAm3Zazt68hUcaafgvRpfKhmUmdzGQSahHz6s76
qqWFqeeyT2pEnntv3Wh3nqMp820bBB8vnsozeTENJcg3wbMQYJhCDrT40ybik5ww
zRDz/1I5fPyOUPMEQOUmcI1MRLPN8StzXZtKgEGWLYoe5BJAswZipL6ungDRfSyX
00cvVg8CAlksi9vPtNtcZTlPbX40s7AoDhDbgZ58b15WNIHtQzN+DoPN4WSnV5yx
633m0tRsJuepfRtQhe4n4f9K5Ey8Yv3lQcc7zVWYY3uZ/MochcQIJi4hKhVjn1Oe
rW+9tFRF6JijS12yQ8euEj6F6pnQniOkxD/GZF1I3Atd
-----END CERTIFICATE-----