This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a1811b-617f-469f-acde-63e1c104a8db/1/qDTCMJHmL38g7Q3yN-YIXsmnvn4.roa
File:                     qDTCMJHmL38g7Q3yN-YIXsmnvn4.roa (raw, json)
Hash identifier:          S3eC/w96DFQPDgFJUFEhb7780RHsrN7s0rIndTg2a1E=
Subject key identifier:   A8:34:C2:30:91:E6:2F:7F:20:ED:0D:F2:37:E6:08:5E:C9:A7:BE:7E
Certificate issuer:       /CN=9fb41d252f120acb140d0fc84334152114b6c826
Certificate serial:       019B7A5AAAF05DDC201A093EA3151D328B95
Authority key identifier: 9F:B4:1D:25:2F:12:0A:CB:14:0D:0F:C8:43:34:15:21:14:B6:C8:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7QdJS8SCssUDQ_IQzQVIRS2yCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a1811b-617f-469f-acde-63e1c104a8db/1/qDTCMJHmL38g7Q3yN-YIXsmnvn4.roa
Signing time:             Thu 01 Jan 2026 16:18:40 +0000
ROA not before:           Thu 01 Jan 2026 16:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        217.71.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/a1811b-617f-469f-acde-63e1c104a8db/1/n7QdJS8SCssUDQ_IQzQVIRS2yCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/a1811b-617f-469f-acde-63e1c104a8db/1/n7QdJS8SCssUDQ_IQzQVIRS2yCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7QdJS8SCssUDQ_IQzQVIRS2yCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:aa:f0:5d:dc:20:1a:09:3e:a3:15:1d:32:8b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb41d252f120acb140d0fc84334152114b6c826
        Validity
            Not Before: Jan  1 16:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a834c23091e62f7f20ed0df237e6085ec9a7be7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c1:d4:a1:2d:27:a2:04:55:b5:2f:62:32:de:
                    1a:14:84:b0:ce:fc:ec:7d:16:ca:9f:39:84:e3:24:
                    de:e8:37:e0:da:e4:3b:5a:e8:1c:93:45:f3:7a:50:
                    85:79:d7:c9:f6:3c:fb:2f:c0:99:f8:e6:da:5b:76:
                    f9:ec:0a:1e:12:3c:39:b1:5b:f6:26:fc:7a:ff:35:
                    00:b4:cd:8f:62:b8:8b:ea:c5:c2:bf:39:5f:c4:bf:
                    a2:5a:97:6f:6f:5e:8e:eb:67:f0:d0:ac:2a:53:49:
                    54:4c:80:8d:78:f9:eb:16:55:88:e5:a8:f6:95:3d:
                    a5:84:b5:a8:84:d1:63:fb:c3:a1:c3:2e:6d:1e:ca:
                    9d:30:66:84:e6:33:98:bf:c4:6b:66:bb:b0:7f:a8:
                    ae:f5:01:f8:d0:15:7f:55:a2:e0:86:9a:3c:2f:54:
                    49:34:59:23:19:fa:6b:f2:ff:b0:19:1c:3d:cf:77:
                    45:5d:53:94:0f:53:60:c8:be:b4:b7:ee:94:a2:32:
                    45:d8:11:46:38:5e:47:d4:36:e1:57:d9:e7:ff:49:
                    85:be:f9:ba:12:bc:ba:8e:d2:b3:f4:c8:c1:99:fa:
                    de:5d:d9:a7:8d:22:1f:fc:b0:06:dc:78:b0:27:ac:
                    a9:26:05:cf:5e:02:72:8a:f2:ee:61:22:b6:3d:bf:
                    fb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:34:C2:30:91:E6:2F:7F:20:ED:0D:F2:37:E6:08:5E:C9:A7:BE:7E
            X509v3 Authority Key Identifier:
                keyid:9F:B4:1D:25:2F:12:0A:CB:14:0D:0F:C8:43:34:15:21:14:B6:C8:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7QdJS8SCssUDQ_IQzQVIRS2yCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a1811b-617f-469f-acde-63e1c104a8db/1/qDTCMJHmL38g7Q3yN-YIXsmnvn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a1811b-617f-469f-acde-63e1c104a8db/1/n7QdJS8SCssUDQ_IQzQVIRS2yCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.71.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:d8:50:a2:ca:33:a7:48:db:98:4d:ed:7a:91:f1:86:98:f7:
         03:e2:06:3f:b7:d0:42:7a:31:20:44:f2:f4:33:75:33:c4:72:
         3a:25:ef:55:a7:23:e6:67:d9:72:22:83:8f:e9:6f:95:00:80:
         5b:16:5e:43:03:e1:7b:4d:9f:47:c4:b8:d1:0f:ed:45:4a:a1:
         ec:be:2d:75:0a:a0:b6:61:ea:a6:5f:2b:bc:f5:89:c7:cd:9a:
         a2:b4:9e:03:52:a5:de:ab:16:46:bf:7e:f6:93:32:9f:7f:de:
         82:9d:db:6b:5e:c1:a3:65:ee:43:fe:b4:28:b0:63:90:48:45:
         8b:5c:60:20:b2:89:89:f3:6f:3f:18:84:6b:81:57:d8:aa:20:
         11:ad:9c:8b:34:c9:d3:90:07:cb:67:6d:26:c5:a0:3f:0f:84:
         bd:10:f1:92:fd:b2:0c:29:f2:8f:e1:22:8b:dc:e8:71:95:0d:
         33:f7:20:ae:26:ad:2b:6f:1e:1a:63:36:92:9a:73:e8:01:9b:
         33:c3:85:45:4b:bc:80:5c:c4:5f:f2:49:99:7e:22:03:69:ef:
         37:dc:a9:53:e2:1b:ba:85:95:96:34:33:53:5c:0c:59:63:da:
         40:19:ef:fe:6f:17:f0:de:86:a0:f8:8b:52:d6:4c:e5:af:f4:
         3f:72:79:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WqrwXdwgGgk+oxUdMouVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjQxZDI1MmYxMjBhY2IxNDBkMGZjODQzMzQxNTIxMTRi
NmM4MjYwHhcNMjYwMTAxMTYxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODM0YzIzMDkxZTYyZjdmMjBlZDBkZjIzN2U2MDg1ZWM5YTdiZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMHUoS0nogRVtS9iMt4aFISwzvzs
fRbKnzmE4yTe6Dfg2uQ7Wugck0XzelCFedfJ9jz7L8CZ+ObaW3b57AoeEjw5sVv2
Jvx6/zUAtM2PYriL6sXCvzlfxL+iWpdvb16O62fw0KwqU0lUTICNePnrFlWI5aj2
lT2lhLWohNFj+8Ohwy5tHsqdMGaE5jOYv8RrZruwf6iu9QH40BV/VaLghpo8L1RJ
NFkjGfpr8v+wGRw9z3dFXVOUD1NgyL60t+6UojJF2BFGOF5H1DbhV9nn/0mFvvm6
Ery6jtKz9MjBmfreXdmnjSIf/LAG3HiwJ6ypJgXPXgJyivLuYSK2Pb/7WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKg0wjCR5i9/IO0N8jfmCF7Jp75+MB8GA1UdIwQY
MBaAFJ+0HSUvEgrLFA0PyEM0FSEUtsgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdRZEpTOFNDc3NVRFFfSVF6UVZJUlMyeUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hMTgxMWItNjE3Zi00NjlmLWFjZGUt
NjNlMWMxMDRhOGRiLzEvcURUQ01KSG1MMzhnN1EzeU4tWUlYc21udm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hMTgxMWItNjE3Zi00NjlmLWFjZGUtNjNlMWMxMDRhOGRi
LzEvbjdRZEpTOFNDc3NVRFFfSVF6UVZJUlMyeUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Ue9MA0G
CSqGSIb3DQEBCwUAA4IBAQAs2FCiyjOnSNuYTe16kfGGmPcD4gY/t9BCejEgRPL0
M3UzxHI6Je9VpyPmZ9lyIoOP6W+VAIBbFl5DA+F7TZ9HxLjRD+1FSqHsvi11CqC2
YeqmXyu89YnHzZqitJ4DUqXeqxZGv372kzKff96CndtrXsGjZe5D/rQosGOQSEWL
XGAgsomJ828/GIRrgVfYqiARrZyLNMnTkAfLZ20mxaA/D4S9EPGS/bIMKfKP4SKL
3OhxlQ0z9yCuJq0rbx4aYzaSmnPoAZszw4VFS7yAXMRf8kmZfiIDae833KlT4hu6
hZWWNDNTXAxZY9pAGe/+bxfw3oag+ItS1kzlr/Q/cnmg
-----END CERTIFICATE-----