This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/baqSF0nqYusoIFECKjM-YPjRpPk.roa
File:                     baqSF0nqYusoIFECKjM-YPjRpPk.roa (raw, json)
Hash identifier:          Qah7uqDRXltB4WrVjydJLT6cz2tOioqH5UQyq3ujOpo=
Subject key identifier:   6D:AA:92:17:49:EA:62:EB:28:20:51:02:2A:33:3E:60:F8:D1:A4:F9
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019B7910724F6913BEEF15593263ACE1E43F
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/baqSF0nqYusoIFECKjM-YPjRpPk.roa
Signing time:             Thu 01 Jan 2026 10:17:59 +0000
ROA not before:           Thu 01 Jan 2026 10:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        217.147.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 04:45:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:72:4f:69:13:be:ef:15:59:32:63:ac:e1:e4:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  1 10:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6daa921749ea62eb282051022a333e60f8d1a4f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a1:04:7f:0c:69:95:1a:99:ba:23:0f:f1:f2:
                    d0:77:0d:a0:e0:2b:0b:29:a0:6f:e3:57:8d:72:8b:
                    8c:81:9c:5a:b4:7f:a6:7c:66:fa:10:1c:a8:a5:ff:
                    65:3a:36:e7:8e:c3:11:5d:a2:2e:ac:0f:31:bd:71:
                    74:88:c7:bb:39:30:12:38:af:4d:c8:1b:d3:3e:06:
                    16:f9:c1:5a:b4:f2:6a:4c:74:1e:4b:0b:7b:18:9d:
                    f8:41:eb:c4:43:bc:41:ba:61:fb:0d:32:66:65:3a:
                    93:6b:42:6c:80:42:54:7b:6a:d2:79:65:95:2b:a1:
                    6b:89:a9:55:2c:fd:c6:82:1e:f0:f7:09:c8:08:83:
                    7f:12:21:34:c2:b7:04:fd:5f:7d:9a:55:18:b4:44:
                    9d:c1:b3:65:73:6f:ca:3c:bf:c5:ec:6e:60:72:f8:
                    e8:0e:db:1d:87:fd:34:ee:c8:e7:a0:63:ee:c7:7a:
                    1d:df:e6:40:e5:4a:87:46:a5:d0:1c:cd:1a:54:c8:
                    43:c6:19:0a:22:52:b4:02:40:67:2e:34:4a:83:49:
                    bb:49:bf:08:43:a9:4f:2d:fe:80:74:1e:87:1d:18:
                    a6:67:cd:c1:9f:04:63:d8:49:58:c4:9c:92:6d:89:
                    8d:35:72:72:9f:1e:df:ce:24:3a:4d:89:b9:15:76:
                    04:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:AA:92:17:49:EA:62:EB:28:20:51:02:2A:33:3E:60:F8:D1:A4:F9
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/baqSF0nqYusoIFECKjM-YPjRpPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:d7:91:f3:e7:20:7b:e2:04:fa:0f:62:54:23:ba:f3:1b:64:
         ff:02:61:8c:aa:0c:15:4a:1d:ed:e7:3b:90:f4:36:72:f2:e9:
         45:a0:55:bc:d9:53:ba:de:0c:4f:05:65:10:84:f8:a7:a1:4a:
         f5:8c:07:eb:b0:b6:d3:96:90:65:32:fc:25:08:e4:59:57:25:
         c4:b9:77:6c:a9:96:57:d0:10:6c:93:62:f1:c7:19:61:d1:09:
         08:c7:b6:f3:07:8b:a2:9e:99:2c:79:25:04:61:47:9a:f7:2a:
         31:87:6f:1e:74:eb:9f:06:77:a2:5c:18:8b:b9:a8:49:0e:93:
         c1:e4:fd:e5:45:20:11:e4:8b:5c:77:4a:0d:60:1a:2c:a6:59:
         56:5f:2e:de:59:35:54:75:ce:98:c8:5d:76:4c:a1:5e:86:1f:
         65:2b:0d:83:07:10:a9:5c:84:88:de:41:5d:ef:41:a1:34:4f:
         f5:f5:b1:45:e1:57:8f:e4:5e:83:10:d5:9e:b3:1e:2a:3f:42:
         0c:02:ce:1f:b4:a6:70:05:ec:6b:c7:64:be:28:63:b6:60:bc:
         6d:2c:7a:f1:07:21:49:54:ba:9f:ed:c9:e5:01:99:1e:d6:13:
         31:63:b2:b6:e4:6d:44:e2:5d:c5:97:b2:bc:b7:ee:8d:ad:00:
         fa:e4:71:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHJPaRO+7xVZMmOs4eQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjYwMTAxMTAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGFhOTIxNzQ5ZWE2MmViMjgyMDUxMDIyYTMzM2U2MGY4ZDFhNGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6EEfwxplRqZuiMP8fLQdw2g4CsL
KaBv41eNcouMgZxatH+mfGb6EByopf9lOjbnjsMRXaIurA8xvXF0iMe7OTASOK9N
yBvTPgYW+cFatPJqTHQeSwt7GJ34QevEQ7xBumH7DTJmZTqTa0JsgEJUe2rSeWWV
K6FrialVLP3Ggh7w9wnICIN/EiE0wrcE/V99mlUYtESdwbNlc2/KPL/F7G5gcvjo
Dtsdh/007sjnoGPux3od3+ZA5UqHRqXQHM0aVMhDxhkKIlK0AkBnLjRKg0m7Sb8I
Q6lPLf6AdB6HHRimZ83BnwRj2ElYxJySbYmNNXJynx7fziQ6TYm5FXYEzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2qkhdJ6mLrKCBRAiozPmD40aT5MB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvYmFxU0YwbnFZdXNvSUZFQ0tqTS1ZUGpScFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOmMA0G
CSqGSIb3DQEBCwUAA4IBAQCT15Hz5yB74gT6D2JUI7rzG2T/AmGMqgwVSh3t5zuQ
9DZy8ulFoFW82VO63gxPBWUQhPinoUr1jAfrsLbTlpBlMvwlCORZVyXEuXdsqZZX
0BBsk2Lxxxlh0QkIx7bzB4uinpkseSUEYUea9yoxh28edOufBneiXBiLuahJDpPB
5P3lRSAR5Itcd0oNYBospllWXy7eWTVUdc6YyF12TKFehh9lKw2DBxCpXISI3kFd
70GhNE/19bFF4VeP5F6DENWesx4qP0IMAs4ftKZwBexrx2S+KGO2YLxtLHrxByFJ
VLqf7cnlAZke1hMxY7K25G1E4l3Fl7K8t+6NrQD65HGJ
-----END CERTIFICATE-----