This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qKZkNP8K6J7GgylG2tsz2J3EM_Q.roa
File:                     qKZkNP8K6J7GgylG2tsz2J3EM_Q.roa (raw, json)
Hash identifier:          LJVUIk3zye0BXJJfKD6EawnloiGeAn/N2nnIcpmz2EA=
Subject key identifier:   A8:A6:64:34:FF:0A:E8:9E:C6:83:29:46:DA:DB:33:D8:9D:C4:33:F4
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C13A694BEA6B889BF6477A4EC27646F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qKZkNP8K6J7GgylG2tsz2J3EM_Q.roa
Signing time:             Fri 02 Jan 2026 00:20:21 +0000
ROA not before:           Fri 02 Jan 2026 00:20:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395374
IP address blocks:        185.108.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:a6:94:be:a6:b8:89:bf:64:77:a4:ec:27:64:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8a66434ff0ae89ec6832946dadb33d89dc433f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4a:9f:c9:bd:1d:c1:94:0b:59:70:c6:14:f3:
                    16:d0:b1:6c:48:4d:0a:ea:b5:e8:fd:8d:71:ac:56:
                    67:cf:1d:4f:91:05:ef:33:9f:1f:ce:76:59:20:5a:
                    9f:06:51:f1:12:e7:60:67:6c:eb:d3:e8:f7:29:e4:
                    1b:af:91:62:75:30:ed:a3:19:c2:2f:c8:a9:b2:30:
                    0c:82:c8:63:fd:97:83:d5:c5:c1:71:bb:a0:ae:eb:
                    04:9a:af:cb:02:be:8e:3c:1b:dc:5d:88:a0:6d:79:
                    50:39:f9:91:99:b8:0e:2a:c9:e3:7f:c3:26:34:60:
                    28:ac:42:47:f7:31:21:b6:49:37:2d:99:24:79:29:
                    12:09:de:fe:8a:61:6d:fc:7a:28:49:eb:2d:70:c6:
                    8c:72:66:7f:ff:4f:60:90:6e:79:a6:19:89:56:f6:
                    b5:90:ef:fb:bb:35:e9:df:73:cf:c8:4e:db:8d:07:
                    a6:04:8c:cc:b2:14:a3:98:3e:b8:b9:6d:66:5e:57:
                    ea:7a:6c:79:4c:92:e8:bf:64:a4:d6:9f:e4:48:24:
                    66:89:d3:cd:53:a5:83:e2:42:34:25:42:72:05:8b:
                    1d:3d:76:e5:6e:c3:2c:07:8b:39:26:aa:ce:b9:4a:
                    0e:bc:19:fa:eb:1f:ce:95:61:5f:a4:59:9d:84:20:
                    c4:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A6:64:34:FF:0A:E8:9E:C6:83:29:46:DA:DB:33:D8:9D:C4:33:F4
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qKZkNP8K6J7GgylG2tsz2J3EM_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d9:76:56:f3:d6:d7:78:52:83:b7:51:c1:aa:1c:58:1e:e0:
         f6:00:71:72:77:b7:56:a9:98:b5:13:de:1f:db:42:44:0a:15:
         88:27:ac:10:40:ff:16:dc:73:98:79:6e:72:e5:51:90:36:75:
         89:c4:49:cc:de:b5:cb:45:2c:cb:1c:8a:41:32:f8:0b:84:c5:
         65:fc:74:49:2d:e0:f8:7e:fe:1b:04:31:25:82:0c:97:bf:12:
         c9:9b:c7:a9:be:ab:88:8a:fa:6d:f6:d2:99:2d:6e:f9:53:ff:
         7a:16:07:94:d6:4e:46:7e:c3:a7:b9:0a:12:a6:90:02:26:2f:
         d2:d2:bb:42:f0:23:32:77:46:c3:a2:9b:ce:02:cc:ca:3a:78:
         f4:d4:82:88:f8:26:00:9a:b6:c2:5b:39:aa:19:27:6a:be:f0:
         4a:32:e6:0d:c7:cc:9a:6a:75:cf:8d:0c:33:9e:d4:57:35:8f:
         26:97:88:80:f2:04:d0:bb:8b:09:7a:f1:87:e1:c0:a7:14:3b:
         8f:60:a5:f3:c8:5a:e7:b0:89:c7:81:57:67:ba:ff:2a:11:c3:
         16:c7:dd:65:3a:00:1f:e0:bc:46:e4:0c:60:41:10:6b:4b:6d:
         32:3a:6a:74:f5:f3:db:0e:28:00:20:4e:03:41:5a:20:09:e6:
         1c:a7:9c:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E6aUvqa4ib9kd6TsJ2RvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE2NjQzNGZmMGFlODllYzY4MzI5NDZkYWRiMzNkODlkYzQzM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50qfyb0dwZQLWXDGFPMW0LFsSE0K
6rXo/Y1xrFZnzx1PkQXvM58fznZZIFqfBlHxEudgZ2zr0+j3KeQbr5FidTDtoxnC
L8ipsjAMgshj/ZeD1cXBcbugrusEmq/LAr6OPBvcXYigbXlQOfmRmbgOKsnjf8Mm
NGAorEJH9zEhtkk3LZkkeSkSCd7+imFt/HooSestcMaMcmZ//09gkG55phmJVva1
kO/7uzXp33PPyE7bjQemBIzMshSjmD64uW1mXlfqemx5TJLov2Sk1p/kSCRmidPN
U6WD4kI0JUJyBYsdPXblbsMsB4s5JqrOuUoOvBn66x/OlWFfpFmdhCDEPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKimZDT/CuiexoMpRtrbM9idxDP0MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcUtaa05QOEs2SjdHZ3lsRzJ0c3oySjNFTV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWzMMA0G
CSqGSIb3DQEBCwUAA4IBAQA82XZW89bXeFKDt1HBqhxYHuD2AHFyd7dWqZi1E94f
20JEChWIJ6wQQP8W3HOYeW5y5VGQNnWJxEnM3rXLRSzLHIpBMvgLhMVl/HRJLeD4
fv4bBDElggyXvxLJm8epvquIivpt9tKZLW75U/96FgeU1k5GfsOnuQoSppACJi/S
0rtC8CMyd0bDopvOAszKOnj01IKI+CYAmrbCWzmqGSdqvvBKMuYNx8yaanXPjQwz
ntRXNY8ml4iA8gTQu4sJevGH4cCnFDuPYKXzyFrnsInHgVdnuv8qEcMWx91lOgAf
4LxG5AxgQRBrS20yOmp09fPbDigAIE4DQVogCeYcp5yw
-----END CERTIFICATE-----