This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/tqXOVuDrdAyLecpEp2l4AMffHAw.roa
File:                     tqXOVuDrdAyLecpEp2l4AMffHAw.roa (raw, json)
Hash identifier:          zp13fmxJbku6zhMDC/zXyPJnhXVh8hRoWiN4PFSExOM=
Subject key identifier:   B6:A5:CE:56:E0:EB:74:0C:8B:79:CA:44:A7:69:78:00:C7:DF:1C:0C
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019B7EA73622BB489D0C524FFB5A7AF86292
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/tqXOVuDrdAyLecpEp2l4AMffHAw.roa
Signing time:             Fri 02 Jan 2026 12:20:46 +0000
ROA not before:           Fri 02 Jan 2026 12:20:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215074
IP address blocks:        185.185.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:36:22:bb:48:9d:0c:52:4f:fb:5a:7a:f8:62:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan  2 12:20:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6a5ce56e0eb740c8b79ca44a7697800c7df1c0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ac:a0:bc:b7:dc:c0:ac:fc:52:f0:33:b0:d2:
                    f8:b7:ce:68:b2:1f:e0:38:9e:19:98:9c:aa:27:09:
                    b5:86:54:19:54:f1:6e:a8:9b:f6:26:3e:ad:9a:fe:
                    d4:0f:d4:61:5c:ca:49:b5:11:bc:9f:72:df:8e:f8:
                    1e:98:fb:13:63:8f:5b:ea:f8:53:95:ad:fc:0c:7f:
                    41:c2:60:bd:bd:2b:fb:d8:42:b3:22:66:87:9c:36:
                    3f:c9:c9:4c:29:b6:35:b1:22:e7:29:21:56:94:e9:
                    3a:82:27:26:48:e5:f2:4a:84:96:c5:15:cf:76:2f:
                    92:6c:ce:09:ae:5e:67:46:49:40:36:58:48:cb:46:
                    c5:d2:f2:1f:62:56:03:2d:20:b1:9c:2d:e2:93:55:
                    67:78:2e:1a:88:e5:d4:f3:61:80:b5:f3:be:50:67:
                    f3:85:f0:eb:7c:b5:99:8a:21:46:cb:42:d0:6e:ef:
                    bb:ba:f6:f6:27:c4:b0:90:c7:06:8c:a6:bc:af:96:
                    3f:91:63:21:a3:df:2d:76:ec:2b:c1:95:35:20:82:
                    fc:00:dc:ce:84:20:81:33:cd:31:76:cd:7b:f8:8b:
                    8a:7c:54:c7:3d:56:53:66:ce:ee:c2:7c:cb:eb:f9:
                    70:ca:de:de:86:db:71:72:d7:0a:77:2d:50:fb:d9:
                    40:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A5:CE:56:E0:EB:74:0C:8B:79:CA:44:A7:69:78:00:C7:DF:1C:0C
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/tqXOVuDrdAyLecpEp2l4AMffHAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:60:99:ea:13:01:54:5a:35:5a:fe:f8:fd:96:65:15:22:a0:
         69:f4:dd:06:a6:65:0c:6a:a6:b3:2f:f5:0a:a6:9f:97:b5:80:
         c5:a3:f2:cf:ee:bc:65:83:77:06:0f:9d:51:fc:d5:29:6d:13:
         96:e7:2c:cf:fa:29:23:d3:e9:bc:06:7e:32:20:f6:97:78:ea:
         9e:4d:17:b1:78:e4:b5:82:a8:d5:15:52:80:79:1a:35:10:92:
         88:10:d2:74:23:13:5a:1f:00:87:a7:2d:29:03:81:bb:13:8c:
         7f:ef:87:0c:53:d5:34:70:a2:35:ce:ba:41:1c:63:da:87:76:
         9e:86:f3:3c:39:2c:80:2a:05:0c:da:9c:69:bc:8d:55:a2:db:
         06:5c:31:62:8e:17:b7:37:0e:b3:61:8c:78:08:80:22:4f:42:
         3f:d1:3b:36:63:ab:0a:96:01:fe:31:a0:9e:4b:c7:17:78:7b:
         04:b7:a7:22:8c:aa:f2:88:fb:c2:8e:02:32:18:e4:9f:07:fc:
         46:14:bf:1c:e9:94:8b:ac:60:99:07:98:39:a7:cf:fa:48:be:
         31:1b:de:ad:e3:c5:9f:61:f9:d8:8d:d4:7d:ab:71:31:79:0b:
         96:59:f3:1c:3a:e9:3e:fd:32:65:1a:ad:ec:39:08:2a:0b:34:
         a2:bb:38:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pzYiu0idDFJP+1p6+GKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjYwMTAyMTIyMDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmE1Y2U1NmUwZWI3NDBjOGI3OWNhNDRhNzY5NzgwMGM3ZGYxYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaygvLfcwKz8UvAzsNL4t85osh/g
OJ4ZmJyqJwm1hlQZVPFuqJv2Jj6tmv7UD9RhXMpJtRG8n3LfjvgemPsTY49b6vhT
la38DH9BwmC9vSv72EKzImaHnDY/yclMKbY1sSLnKSFWlOk6gicmSOXySoSWxRXP
di+SbM4Jrl5nRklANlhIy0bF0vIfYlYDLSCxnC3ik1VneC4aiOXU82GAtfO+UGfz
hfDrfLWZiiFGy0LQbu+7uvb2J8SwkMcGjKa8r5Y/kWMho98tduwrwZU1IIL8ANzO
hCCBM80xds17+IuKfFTHPVZTZs7uwnzL6/lwyt7ehttxctcKdy1Q+9lAzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLalzlbg63QMi3nKRKdpeADH3xwMMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvdHFYT1Z1RHJkQXlMZWNwRXAybDRBTWZmSEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubmNMA0G
CSqGSIb3DQEBCwUAA4IBAQBLYJnqEwFUWjVa/vj9lmUVIqBp9N0GpmUMaqazL/UK
pp+XtYDFo/LP7rxlg3cGD51R/NUpbROW5yzP+ikj0+m8Bn4yIPaXeOqeTRexeOS1
gqjVFVKAeRo1EJKIENJ0IxNaHwCHpy0pA4G7E4x/74cMU9U0cKI1zrpBHGPah3ae
hvM8OSyAKgUM2pxpvI1VotsGXDFijhe3Nw6zYYx4CIAiT0I/0Ts2Y6sKlgH+MaCe
S8cXeHsEt6cijKryiPvCjgIyGOSfB/xGFL8c6ZSLrGCZB5g5p8/6SL4xG96t48Wf
YfnYjdR9q3ExeQuWWfMcOuk+/TJlGq3sOQgqCzSiuzhx
-----END CERTIFICATE-----