This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Q5u2S4-3JlD2i7Mz_Pbt-3YJSzM.roa
File:                     Q5u2S4-3JlD2i7Mz_Pbt-3YJSzM.roa (raw, json)
Hash identifier:          y4j9omKte+p90qEB2VZHYcPopmE92da1d10svzjCT6c=
Subject key identifier:   43:9B:B6:4B:8F:B7:26:50:F6:8B:B3:33:FC:F6:ED:FB:76:09:4B:33
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019B77C737EBECF4AC779D529E2102054C04
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Q5u2S4-3JlD2i7Mz_Pbt-3YJSzM.roa
Signing time:             Thu 01 Jan 2026 04:18:23 +0000
ROA not before:           Thu 01 Jan 2026 04:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48724
IP address blocks:        212.193.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:37:eb:ec:f4:ac:77:9d:52:9e:21:02:05:4c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 04:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=439bb64b8fb72650f68bb333fcf6edfb76094b33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:76:e7:0a:fa:b0:b8:21:4c:06:7c:ff:dd:6e:
                    fd:df:69:ec:23:76:4c:c4:cd:62:0c:92:a6:4a:74:
                    54:3c:ee:4e:91:5e:ac:f3:51:08:5b:26:fa:31:89:
                    77:2e:04:b4:f2:87:55:de:51:95:0f:29:cf:8d:98:
                    b2:20:b5:ce:2f:11:dd:cb:d1:a0:af:21:2a:ee:7c:
                    8f:fc:88:6b:ce:c0:3d:b8:32:57:0e:cc:21:62:ad:
                    81:2f:9b:0b:a3:99:c9:f9:e5:86:bc:8c:30:52:db:
                    98:b6:3f:82:02:a0:6d:e5:75:db:d2:fa:25:c9:e9:
                    2d:b6:04:ca:79:1a:55:f1:37:1b:ce:3d:03:cc:2b:
                    fb:3d:ef:e5:ca:a3:71:2a:20:fe:c3:69:f1:5b:e3:
                    de:54:b7:29:4a:46:75:85:00:50:33:ca:b4:c6:c3:
                    41:c6:31:9f:7a:13:27:bc:14:a1:de:9d:e6:8e:5d:
                    68:dc:cb:10:81:87:4e:d7:07:25:1b:6b:e6:be:41:
                    b2:9f:3f:6a:13:26:68:60:c9:70:5e:c5:57:71:fa:
                    32:b0:7a:cf:c0:11:dc:94:bb:c0:73:71:98:ab:69:
                    f9:ef:55:5e:90:08:93:6b:a7:ca:50:06:86:51:0d:
                    2a:b8:a8:81:84:96:99:97:27:56:be:c5:81:97:37:
                    d5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9B:B6:4B:8F:B7:26:50:F6:8B:B3:33:FC:F6:ED:FB:76:09:4B:33
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Q5u2S4-3JlD2i7Mz_Pbt-3YJSzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:90:c3:cb:89:53:76:45:48:23:e8:88:18:e6:cf:da:c3:13:
         8f:90:c8:b0:00:06:5f:11:e3:21:79:d2:bc:5b:ac:9a:10:3d:
         de:73:7d:a3:c1:11:ac:d3:db:7d:cd:47:03:08:6b:09:3f:4e:
         b9:0b:7f:6f:f9:5a:92:1b:fa:83:1b:f6:b3:ba:e5:cd:66:27:
         c6:11:0c:eb:9d:58:61:41:c4:0b:a8:9a:02:df:9c:0e:4d:cd:
         ae:e3:ef:31:66:1e:87:da:c2:97:2b:63:a1:db:9f:fb:19:36:
         ed:a8:30:b4:9a:de:1c:4d:bb:54:4a:63:e3:34:54:ad:4d:a5:
         60:27:ca:9d:c8:97:f8:bd:5f:8b:6a:58:44:20:d9:5c:ed:78:
         fa:27:3c:3d:08:ce:5b:68:8b:e1:c8:92:51:5d:46:26:d8:ef:
         bb:fc:02:43:cb:dd:07:56:11:06:9a:7f:83:15:f9:d6:6c:eb:
         1c:90:79:2d:7a:ca:30:79:65:16:8d:f2:8b:00:c6:a7:62:b5:
         49:06:40:c2:31:2a:5b:89:10:40:42:55:c1:25:31:5f:6f:a9:
         c2:f7:b9:71:e8:03:84:ee:15:a3:21:86:a0:44:0f:ca:3f:53:
         f2:ae:92:b6:91:82:c0:ec:0c:f1:fe:76:23:66:52:ca:b7:71:
         42:f5:c0:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xzfr7PSsd51SniECBUwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMTAxMDQxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzliYjY0YjhmYjcyNjUwZjY4YmIzMzNmY2Y2ZWRmYjc2MDk0YjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHbnCvqwuCFMBnz/3W7932nsI3ZM
xM1iDJKmSnRUPO5OkV6s81EIWyb6MYl3LgS08odV3lGVDynPjZiyILXOLxHdy9Gg
ryEq7nyP/IhrzsA9uDJXDswhYq2BL5sLo5nJ+eWGvIwwUtuYtj+CAqBt5XXb0vol
yekttgTKeRpV8Tcbzj0DzCv7Pe/lyqNxKiD+w2nxW+PeVLcpSkZ1hQBQM8q0xsNB
xjGfehMnvBSh3p3mjl1o3MsQgYdO1wclG2vmvkGynz9qEyZoYMlwXsVXcfoysHrP
wBHclLvAc3GYq2n571VekAiTa6fKUAaGUQ0quKiBhJaZlydWvsWBlzfVkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEObtkuPtyZQ9ouzM/z27ft2CUszMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvUTV1MlM0LTNKbEQyaTdNel9QYnQtM1lKU3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MFjMA0G
CSqGSIb3DQEBCwUAA4IBAQBKkMPLiVN2RUgj6IgY5s/awxOPkMiwAAZfEeMhedK8
W6yaED3ec32jwRGs09t9zUcDCGsJP065C39v+VqSG/qDG/azuuXNZifGEQzrnVhh
QcQLqJoC35wOTc2u4+8xZh6H2sKXK2Oh25/7GTbtqDC0mt4cTbtUSmPjNFStTaVg
J8qdyJf4vV+LalhEINlc7Xj6Jzw9CM5baIvhyJJRXUYm2O+7/AJDy90HVhEGmn+D
FfnWbOsckHktesoweWUWjfKLAManYrVJBkDCMSpbiRBAQlXBJTFfb6nC97lx6AOE
7hWjIYagRA/KP1PyrpK2kYLA7Azx/nYjZlLKt3FC9cAi
-----END CERTIFICATE-----