This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/QKYlrKpZ6X2KQl9hLK2wLVu9mA4.roa
File:                     QKYlrKpZ6X2KQl9hLK2wLVu9mA4.roa (raw, json)
Hash identifier:          UFYV8MCcAUa5xElyPFAoCBS6hLf85nWkSt/+WnYwZxs=
Subject key identifier:   40:A6:25:AC:AA:59:E9:7D:8A:42:5F:61:2C:AD:B0:2D:5B:BD:98:0E
Certificate issuer:       /CN=0620eadb2e1562b4e2e4f480772c36887a777f24
Certificate serial:       019B7DC878F3540830B6CD8C13BC096C984F
Authority key identifier: 06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/QKYlrKpZ6X2KQl9hLK2wLVu9mA4.roa
Signing time:             Fri 02 Jan 2026 08:17:28 +0000
ROA not before:           Fri 02 Jan 2026 08:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49175
IP address blocks:        217.195.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c8:78:f3:54:08:30:b6:cd:8c:13:bc:09:6c:98:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0620eadb2e1562b4e2e4f480772c36887a777f24
        Validity
            Not Before: Jan  2 08:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40a625acaa59e97d8a425f612cadb02d5bbd980e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7e:1f:68:0c:36:32:05:4c:f9:30:82:c3:c9:
                    c6:fc:20:5b:41:e2:5b:2e:a5:1e:95:b8:0b:b6:43:
                    28:89:4f:ff:bb:ba:de:9d:49:6c:21:36:61:76:a6:
                    7e:55:f9:50:d3:80:28:00:59:45:0e:f9:41:31:00:
                    42:e8:9f:ac:95:6b:8d:f2:d7:06:e6:05:a1:59:ee:
                    fa:a7:1b:3a:ae:56:90:64:82:16:4b:84:8a:d7:fa:
                    a2:62:98:0c:10:6e:ae:15:9e:49:61:17:78:5d:6a:
                    00:e5:fc:c2:ee:88:95:63:b8:ec:f1:67:58:f0:a3:
                    25:16:92:59:e0:62:97:6b:ce:19:12:df:f0:03:0d:
                    44:b8:20:52:51:9d:33:44:b3:84:3b:7e:8f:6e:a8:
                    bb:04:0f:ba:b8:14:0e:5b:c3:19:cd:e5:a7:8c:56:
                    12:7f:e5:25:07:e2:3a:be:02:74:a8:39:eb:b7:43:
                    82:7d:72:31:68:53:08:1a:0c:1f:18:4f:32:94:43:
                    f6:73:78:a2:28:5f:d4:12:49:c3:e0:0e:e3:9a:d0:
                    b0:29:a5:72:8c:b2:8a:d7:a7:0a:b1:91:4d:ee:5e:
                    7c:f8:d4:fb:4b:41:50:9b:93:50:c5:28:d7:b9:3d:
                    eb:14:4f:4b:37:be:5a:8d:7e:ff:bd:17:ec:63:a7:
                    10:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A6:25:AC:AA:59:E9:7D:8A:42:5F:61:2C:AD:B0:2D:5B:BD:98:0E
            X509v3 Authority Key Identifier:
                keyid:06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/QKYlrKpZ6X2KQl9hLK2wLVu9mA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.195.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:07:c7:4b:7a:32:c5:f7:bd:29:03:b7:70:95:cb:6e:6d:fe:
         56:b7:ea:d8:d5:0a:d3:dd:e4:ab:36:03:a3:c8:14:55:cd:a0:
         fa:1a:4b:a8:47:ce:a9:c8:70:25:11:e5:f5:96:c9:bb:ec:a2:
         46:c2:58:6b:99:5e:6c:72:4c:c0:fa:66:b7:96:3a:17:65:e6:
         73:be:92:43:c4:ea:e7:92:24:c7:7e:0c:28:12:7f:2a:f9:36:
         04:4e:4e:74:a2:ac:1a:e0:19:8a:fe:81:e1:a0:a5:7b:51:6c:
         86:16:0b:e0:3c:68:f1:16:cf:00:0d:84:1f:2f:84:84:9c:a9:
         65:8e:71:1b:ff:38:b0:05:1c:d2:73:b3:42:c4:b1:d4:11:b9:
         7b:28:9b:d6:84:da:0a:be:e6:93:7f:7c:ad:15:65:42:74:a8:
         5e:6c:03:b5:59:c4:64:35:ed:ca:b9:a5:99:fd:e2:57:d1:62:
         69:ac:7d:0b:39:80:dc:1f:10:46:71:1a:38:cf:72:f3:c5:da:
         2a:ab:db:79:93:49:e3:72:2f:b8:da:f3:53:db:7a:b4:5e:bb:
         8d:78:da:fa:80:84:62:18:42:63:2e:49:f6:22:00:a7:3e:38:
         f9:5e:81:40:84:98:9a:8f:19:96:61:3c:af:90:b9:5a:10:82:
         16:1a:66:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yHjzVAgwts2ME7wJbJhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MjBlYWRiMmUxNTYyYjRlMmU0ZjQ4MDc3MmMzNjg4N2E3
NzdmMjQwHhcNMjYwMTAyMDgxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE2MjVhY2FhNTllOTdkOGE0MjVmNjEyY2FkYjAyZDViYmQ5ODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo34faAw2MgVM+TCCw8nG/CBbQeJb
LqUelbgLtkMoiU//u7renUlsITZhdqZ+VflQ04AoAFlFDvlBMQBC6J+slWuN8tcG
5gWhWe76pxs6rlaQZIIWS4SK1/qiYpgMEG6uFZ5JYRd4XWoA5fzC7oiVY7js8WdY
8KMlFpJZ4GKXa84ZEt/wAw1EuCBSUZ0zRLOEO36Pbqi7BA+6uBQOW8MZzeWnjFYS
f+UlB+I6vgJ0qDnrt0OCfXIxaFMIGgwfGE8ylEP2c3iiKF/UEknD4A7jmtCwKaVy
jLKK16cKsZFN7l58+NT7S0FQm5NQxSjXuT3rFE9LN75ajX7/vRfsY6cQEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECmJayqWel9ikJfYSytsC1bvZgOMB8GA1UdIwQY
MBaAFAYg6tsuFWK04uT0gHcsNoh6d38kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmlEcTJ5NFZZclRpNVBTQWR5dzJpSHAzZnlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jYzhiZmEtMmIxMy00Njc0LWE5ODQt
YTVmZGI1NzBmZTlhLzEvUUtZbHJLcFo2WDJLUWw5aExLMndMVnU5bUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jYzhiZmEtMmIxMy00Njc0LWE5ODQtYTVmZGI1NzBmZTlh
LzEvQmlEcTJ5NFZZclRpNVBTQWR5dzJpSHAzZnlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cPFMA0G
CSqGSIb3DQEBCwUAA4IBAQAUB8dLejLF970pA7dwlctubf5Wt+rY1QrT3eSrNgOj
yBRVzaD6GkuoR86pyHAlEeX1lsm77KJGwlhrmV5sckzA+ma3ljoXZeZzvpJDxOrn
kiTHfgwoEn8q+TYETk50oqwa4BmK/oHhoKV7UWyGFgvgPGjxFs8ADYQfL4SEnKll
jnEb/ziwBRzSc7NCxLHUEbl7KJvWhNoKvuaTf3ytFWVCdKhebAO1WcRkNe3KuaWZ
/eJX0WJprH0LOYDcHxBGcRo4z3Lzxdoqq9t5k0njci+42vNT23q0XruNeNr6gIRi
GEJjLkn2IgCnPjj5XoFAhJiajxmWYTyvkLlaEIIWGmbL
-----END CERTIFICATE-----