This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Q8JnlSDaHQqhjfYuPQ-UIYeSCcs.roa
File:                     Q8JnlSDaHQqhjfYuPQ-UIYeSCcs.roa (raw, json)
Hash identifier:          W0/IaX174ZASP5N9SaB7gkpLGYtBfRFQnsBP9nkdHHY=
Subject key identifier:   43:C2:67:95:20:DA:1D:0A:A1:8D:F6:2E:3D:0F:94:21:87:92:09:CB
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA53561A301429D74BF0266D84AB338
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Q8JnlSDaHQqhjfYuPQ-UIYeSCcs.roa
Signing time:             Thu 01 Jan 2026 22:19:43 +0000
ROA not before:           Thu 01 Jan 2026 22:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43202
IP address blocks:        77.85.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:35:61:a3:01:42:9d:74:bf:02:66:d8:4a:b3:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43c2679520da1d0aa18df62e3d0f9421879209cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:72:5d:7c:df:97:1e:82:01:fb:45:28:88:2a:
                    f6:ee:12:a9:fb:c4:f2:51:cd:56:97:0d:ec:54:cd:
                    e0:0e:b9:5a:e8:c0:87:7d:de:b1:78:00:b8:36:76:
                    dd:78:c2:91:ea:a9:32:6b:56:e6:49:9e:8f:54:d9:
                    9c:72:92:a9:fe:57:a6:e7:4e:c6:33:51:0d:d6:d8:
                    32:d8:5b:e1:76:c4:72:58:2d:0d:4f:17:f0:7a:8d:
                    60:b1:df:34:b9:48:38:2b:65:94:30:ec:0d:77:27:
                    05:b2:5f:e4:26:88:74:e2:7b:c7:de:e6:e5:b5:43:
                    e9:10:e3:bb:70:0e:88:eb:a2:46:93:26:68:a2:63:
                    d8:51:d0:3e:e4:79:a8:d1:ba:c0:7f:95:71:5c:2f:
                    56:26:69:d8:f7:31:20:56:61:f7:1f:68:25:ef:08:
                    77:2c:e4:1c:7d:1d:1e:73:7b:d8:77:9d:ca:6f:c8:
                    51:7a:da:38:09:c9:a3:57:76:6d:be:66:48:ed:08:
                    96:73:81:b1:43:d0:09:b0:fb:8f:99:9f:ac:9d:e5:
                    2a:f1:23:47:19:8c:2d:16:4b:06:3b:6a:1f:db:fa:
                    2a:4b:3d:3a:4d:14:2c:b6:c7:68:41:3c:4c:20:a7:
                    55:8a:0c:a3:28:c7:9c:41:83:39:af:96:47:b5:92:
                    dc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C2:67:95:20:DA:1D:0A:A1:8D:F6:2E:3D:0F:94:21:87:92:09:CB
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Q8JnlSDaHQqhjfYuPQ-UIYeSCcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.85.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:a0:94:e8:0a:d5:75:4e:22:1d:8c:75:18:2f:a7:c9:e5:6f:
         07:a8:07:ad:4c:b4:5c:d8:25:c8:ea:63:4f:78:fb:d6:35:80:
         37:4c:26:d1:1d:1a:72:cd:3c:0a:7b:b8:be:b7:29:86:3b:e5:
         4f:3d:87:c9:16:71:b8:0c:9d:f2:60:a9:be:7c:7a:47:bd:a6:
         75:d1:40:55:09:28:33:55:b2:01:a3:0d:5c:85:8c:29:1f:98:
         20:b6:bd:28:91:65:88:52:1f:78:d2:d2:0c:89:17:4b:81:1e:
         0e:42:0c:46:6f:50:61:68:ff:bf:57:47:d5:73:cf:93:fc:64:
         96:c4:60:34:cc:cf:1c:e4:9c:2d:16:40:a4:a8:82:e3:7e:aa:
         21:d2:67:46:18:6a:92:cd:2b:0a:96:e0:81:1b:ce:7d:f0:d2:
         68:60:66:95:41:86:dc:d1:90:9f:83:89:50:6f:ae:43:5d:f0:
         7b:80:6d:6d:8c:66:62:9c:9e:fd:52:7c:96:d6:a1:a8:b6:4e:
         ed:ca:fb:cc:88:64:52:98:df:03:ff:d5:1a:af:17:87:82:d2:
         6c:74:04:9b:c8:68:89:5b:47:da:ec:e4:95:76:b6:70:8e:02:
         13:92:a0:cd:39:9b:fd:10:50:18:66:de:87:15:3f:c0:46:e1:
         1f:c6:f2:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTVhowFCnXS/AmbYSrM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2MyNjc5NTIwZGExZDBhYTE4ZGY2MmUzZDBmOTQyMTg3OTIwOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3JdfN+XHoIB+0UoiCr27hKp+8Ty
Uc1Wlw3sVM3gDrla6MCHfd6xeAC4NnbdeMKR6qkya1bmSZ6PVNmccpKp/lem507G
M1EN1tgy2FvhdsRyWC0NTxfweo1gsd80uUg4K2WUMOwNdycFsl/kJoh04nvH3ubl
tUPpEOO7cA6I66JGkyZoomPYUdA+5Hmo0brAf5VxXC9WJmnY9zEgVmH3H2gl7wh3
LOQcfR0ec3vYd53Kb8hReto4CcmjV3ZtvmZI7QiWc4GxQ9AJsPuPmZ+sneUq8SNH
GYwtFksGO2of2/oqSz06TRQstsdoQTxMIKdVigyjKMecQYM5r5ZHtZLcyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPCZ5Ug2h0KoY32Lj0PlCGHkgnLMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvUThKbmxTRGFIUXFoamZZdVBRLVVJWWVTQ2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVWuMA0G
CSqGSIb3DQEBCwUAA4IBAQAMoJToCtV1TiIdjHUYL6fJ5W8HqAetTLRc2CXI6mNP
ePvWNYA3TCbRHRpyzTwKe7i+tymGO+VPPYfJFnG4DJ3yYKm+fHpHvaZ10UBVCSgz
VbIBow1chYwpH5ggtr0okWWIUh940tIMiRdLgR4OQgxGb1BhaP+/V0fVc8+T/GSW
xGA0zM8c5JwtFkCkqILjfqoh0mdGGGqSzSsKluCBG8598NJoYGaVQYbc0ZCfg4lQ
b65DXfB7gG1tjGZinJ79UnyW1qGotk7tyvvMiGRSmN8D/9UarxeHgtJsdASbyGiJ
W0fa7OSVdrZwjgITkqDNOZv9EFAYZt6HFT/ARuEfxvIU
-----END CERTIFICATE-----