This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/qTJkke2DmFNJyiG7jfJcZx_vW34.roa
File:                     qTJkke2DmFNJyiG7jfJcZx_vW34.roa (raw, json)
Hash identifier:          vKcHwa2tV+EZb/fHgrN6A1horjD1vZRSzMun772SEGY=
Subject key identifier:   A9:32:64:91:ED:83:98:53:49:CA:21:BB:8D:F2:5C:67:1F:EF:5B:7E
Certificate issuer:       /CN=5a5125afc5ec978b2a321291c2a5570fe619159e
Certificate serial:       019B7C7FFAD966C1C4F644145D71218C6003
Authority key identifier: 5A:51:25:AF:C5:EC:97:8B:2A:32:12:91:C2:A5:57:0F:E6:19:15:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/qTJkke2DmFNJyiG7jfJcZx_vW34.roa
Signing time:             Fri 02 Jan 2026 02:18:40 +0000
ROA not before:           Fri 02 Jan 2026 02:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        192.109.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:fa:d9:66:c1:c4:f6:44:14:5d:71:21:8c:60:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a5125afc5ec978b2a321291c2a5570fe619159e
        Validity
            Not Before: Jan  2 02:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9326491ed83985349ca21bb8df25c671fef5b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:06:b3:89:89:53:1b:50:2e:e9:4b:e8:04:d8:
                    4a:3f:8d:dd:ff:a5:10:cf:cd:d0:6a:e1:c2:31:40:
                    de:b8:10:9c:2f:d1:9c:39:52:d5:a4:3f:b7:d9:c9:
                    7f:43:ae:9d:da:06:10:e3:f8:d2:88:d0:b6:07:53:
                    b4:39:b2:e0:ac:6f:dc:e5:77:20:36:0c:05:4f:ed:
                    21:c5:d9:cb:e2:53:67:ed:29:bd:36:f3:6f:d8:0e:
                    93:ba:44:0e:55:3e:98:05:7e:32:08:16:34:64:ab:
                    c8:6e:9f:4f:54:7b:11:fc:9a:53:44:91:d3:8c:4f:
                    a4:61:bd:fe:e6:b2:f5:69:69:04:d8:d1:3a:3e:31:
                    72:e6:30:68:59:ff:1e:38:0f:4d:0b:61:0d:b8:1e:
                    ff:05:b4:ea:81:02:a4:09:18:c6:51:3b:ab:d4:fe:
                    1d:1b:ff:85:31:11:43:83:49:a4:61:9a:52:67:f0:
                    37:93:d9:10:4c:dc:9f:5d:16:4e:fa:c8:c3:ff:21:
                    6c:40:4c:7c:f1:bb:26:23:d7:8b:d2:78:65:70:f0:
                    fa:de:66:2d:70:a7:4e:52:27:f3:b5:51:f6:14:17:
                    1a:3f:b3:fb:67:1c:5a:84:42:89:f3:28:94:e6:52:
                    17:7d:b0:20:28:78:11:90:09:1b:cc:7a:09:b7:d5:
                    1e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:32:64:91:ED:83:98:53:49:CA:21:BB:8D:F2:5C:67:1F:EF:5B:7E
            X509v3 Authority Key Identifier:
                keyid:5A:51:25:AF:C5:EC:97:8B:2A:32:12:91:C2:A5:57:0F:E6:19:15:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/qTJkke2DmFNJyiG7jfJcZx_vW34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:16:d0:da:84:41:99:b2:d7:a5:28:0e:d7:cf:10:30:91:52:
         c6:b7:2a:cb:e1:2a:85:8a:9a:ab:7b:93:02:a1:76:57:cd:e9:
         01:20:2a:af:05:7b:39:8e:fb:11:d6:06:5a:30:22:d5:fa:71:
         01:12:ab:68:1c:48:11:01:a2:ad:98:b5:d6:d0:0a:a6:4f:27:
         21:89:66:4b:ef:10:ae:bc:05:8b:fa:2a:9f:16:dd:7b:df:f9:
         59:07:2c:17:09:46:cc:87:9c:ad:5c:1b:35:51:33:c5:f8:ee:
         e9:e9:54:39:e5:01:39:87:70:d6:97:b1:3d:ed:87:8f:c1:c0:
         e8:40:6c:c5:8b:55:4f:7f:2d:b5:9f:fe:26:88:8d:06:8f:a6:
         40:32:6b:88:7c:9f:f6:8b:0e:5f:10:1c:47:9b:3c:20:22:62:
         59:44:fb:75:0d:d5:98:d5:c2:61:a4:e9:b0:0c:f3:11:4c:47:
         5a:e2:97:aa:07:fc:b2:94:19:5d:fd:aa:85:6c:b1:6a:e3:a1:
         4c:6d:34:c7:93:5c:ad:ee:28:eb:9a:26:df:7b:59:43:4d:d2:
         02:a8:fb:d5:2d:ac:04:7b:ed:7a:b1:b4:51:35:ac:5d:54:72:
         b0:aa:55:41:ca:c5:bb:52:b3:0e:45:0a:84:a8:e6:f2:a7:b3:
         b9:28:35:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f/rZZsHE9kQUXXEhjGADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNTEyNWFmYzVlYzk3OGIyYTMyMTI5MWMyYTU1NzBmZTYx
OTE1OWUwHhcNMjYwMTAyMDIxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTMyNjQ5MWVkODM5ODUzNDljYTIxYmI4ZGYyNWM2NzFmZWY1YjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gaziYlTG1Au6UvoBNhKP43d/6UQ
z83QauHCMUDeuBCcL9GcOVLVpD+32cl/Q66d2gYQ4/jSiNC2B1O0ObLgrG/c5Xcg
NgwFT+0hxdnL4lNn7Sm9NvNv2A6TukQOVT6YBX4yCBY0ZKvIbp9PVHsR/JpTRJHT
jE+kYb3+5rL1aWkE2NE6PjFy5jBoWf8eOA9NC2ENuB7/BbTqgQKkCRjGUTur1P4d
G/+FMRFDg0mkYZpSZ/A3k9kQTNyfXRZO+sjD/yFsQEx88bsmI9eL0nhlcPD63mYt
cKdOUifztVH2FBcaP7P7ZxxahEKJ8yiU5lIXfbAgKHgRkAkbzHoJt9UeVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkyZJHtg5hTScohu43yXGcf71t+MB8GA1UdIwQY
MBaAFFpRJa/F7JeLKjISkcKlVw/mGRWeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2xFbHI4WHNsNHNxTWhLUndxVlhELVlaRlo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83OTQwYWItZjdjYS00YzA3LWExMjMt
YTZmYjRkZjU0ODFlLzEvcVRKa2tlMkRtRk5KeWlHN2pmSmNaeF92VzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83OTQwYWItZjdjYS00YzA3LWExMjMtYTZmYjRkZjU0ODFl
LzEvV2xFbHI4WHNsNHNxTWhLUndxVlhELVlaRlo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG1lMA0G
CSqGSIb3DQEBCwUAA4IBAQAzFtDahEGZstelKA7XzxAwkVLGtyrL4SqFipqre5MC
oXZXzekBICqvBXs5jvsR1gZaMCLV+nEBEqtoHEgRAaKtmLXW0AqmTychiWZL7xCu
vAWL+iqfFt173/lZBywXCUbMh5ytXBs1UTPF+O7p6VQ55QE5h3DWl7E97YePwcDo
QGzFi1VPfy21n/4miI0Gj6ZAMmuIfJ/2iw5fEBxHmzwgImJZRPt1DdWY1cJhpOmw
DPMRTEda4peqB/yylBld/aqFbLFq46FMbTTHk1yt7ijrmibfe1lDTdICqPvVLawE
e+16sbRRNaxdVHKwqlVBysW7UrMORQqEqObyp7O5KDUX
-----END CERTIFICATE-----