This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/2a4561-f2d3-46d2-a4f2-3f6868b2de98/1/qnNx4BbcqCKw4qU9ggM-AvK2t-g.roa
File:                     qnNx4BbcqCKw4qU9ggM-AvK2t-g.roa (raw, json)
Hash identifier:          IB/xWqsQwwimaAQrVy3VNbAYORDCQE0bYCHpAZf/Bpw=
Subject key identifier:   AA:73:71:E0:16:DC:A8:22:B0:E2:A5:3D:82:03:3E:02:F2:B6:B7:E8
Certificate issuer:       /CN=336f977dc3d5ac63bdbd6f0f8ad5e6baa7c54d86
Certificate serial:       019B7F854C05D9A0E39C4107B5991B2F923E
Authority key identifier: 33:6F:97:7D:C3:D5:AC:63:BD:BD:6F:0F:8A:D5:E6:BA:A7:C5:4D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M2-XfcPVrGO9vW8PitXmuqfFTYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/2a4561-f2d3-46d2-a4f2-3f6868b2de98/1/qnNx4BbcqCKw4qU9ggM-AvK2t-g.roa
Signing time:             Fri 02 Jan 2026 16:23:20 +0000
ROA not before:           Fri 02 Jan 2026 16:23:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57538
IP address blocks:        91.232.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/2a4561-f2d3-46d2-a4f2-3f6868b2de98/1/M2-XfcPVrGO9vW8PitXmuqfFTYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/2a4561-f2d3-46d2-a4f2-3f6868b2de98/1/M2-XfcPVrGO9vW8PitXmuqfFTYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M2-XfcPVrGO9vW8PitXmuqfFTYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:4c:05:d9:a0:e3:9c:41:07:b5:99:1b:2f:92:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=336f977dc3d5ac63bdbd6f0f8ad5e6baa7c54d86
        Validity
            Not Before: Jan  2 16:23:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa7371e016dca822b0e2a53d82033e02f2b6b7e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0d:92:16:58:08:bf:33:dd:ba:c5:8c:d2:31:
                    5e:38:0c:68:0c:ea:4e:5b:ca:e5:51:3e:4d:7c:2d:
                    76:29:e4:b2:70:7b:87:49:19:d0:6c:38:b4:60:29:
                    e5:2e:6e:99:24:01:98:b6:db:02:bf:18:9c:7a:f0:
                    53:06:03:19:c6:6f:8b:bf:64:7a:c6:da:a7:fa:b0:
                    c0:ad:f5:12:44:23:1f:60:15:7b:be:00:43:8f:9c:
                    2b:6e:64:36:ca:cf:66:fe:4e:df:54:73:e1:af:c7:
                    31:f1:ae:bb:97:4c:cd:17:d8:3b:e7:71:f1:46:0c:
                    e8:e5:f4:5e:44:ed:53:fe:52:bb:31:ba:be:48:96:
                    d7:ef:53:23:2c:e5:1c:59:0c:df:10:4d:53:1a:a5:
                    15:6b:b8:94:50:51:0e:cd:62:80:01:80:b2:c3:60:
                    7b:33:92:ec:6a:8b:df:1b:24:47:58:44:78:50:95:
                    ae:7c:f9:08:94:7d:bc:4f:c9:15:69:b2:51:ca:25:
                    76:22:61:ac:ec:6c:e8:23:a6:36:99:90:b6:6e:48:
                    e0:b1:a3:7b:7c:fb:d2:8b:d5:dd:1f:b1:b2:9c:eb:
                    43:b8:b2:14:fb:11:c3:0f:ab:bb:52:6c:c2:62:4a:
                    25:50:9e:cd:65:e7:ca:1b:02:10:3c:44:4b:fe:d9:
                    3d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:73:71:E0:16:DC:A8:22:B0:E2:A5:3D:82:03:3E:02:F2:B6:B7:E8
            X509v3 Authority Key Identifier:
                keyid:33:6F:97:7D:C3:D5:AC:63:BD:BD:6F:0F:8A:D5:E6:BA:A7:C5:4D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M2-XfcPVrGO9vW8PitXmuqfFTYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2a4561-f2d3-46d2-a4f2-3f6868b2de98/1/qnNx4BbcqCKw4qU9ggM-AvK2t-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2a4561-f2d3-46d2-a4f2-3f6868b2de98/1/M2-XfcPVrGO9vW8PitXmuqfFTYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:20:67:91:6c:e0:d3:89:f4:9a:fd:13:e8:ca:a3:96:69:b0:
         fb:53:c1:e6:c9:01:a6:7c:66:ed:3e:85:79:55:63:67:b9:79:
         7f:bc:82:f1:6b:56:1d:d6:ac:f6:80:33:86:60:a2:65:ed:34:
         bb:27:89:6e:9e:6e:77:2f:81:af:69:0e:75:63:64:2d:a8:e6:
         45:3a:2c:8f:a2:6b:99:ee:da:a0:75:6a:14:b6:34:cb:fc:20:
         59:7e:8f:12:2c:64:a3:29:4d:c9:ab:52:01:28:02:79:c2:71:
         c2:90:f4:ce:7c:7e:5c:0b:db:2d:0b:0c:59:bf:e8:3f:09:9d:
         7a:3e:3c:e2:d8:0a:bb:ed:93:cc:6c:0b:21:de:ce:e9:49:68:
         1f:e3:5c:cb:7b:cb:25:e8:8f:8f:ea:28:00:67:e8:c6:e2:87:
         f1:29:9b:62:20:dc:05:6b:e0:d5:ea:fa:fa:1f:61:df:a1:bb:
         bf:31:2c:02:00:c0:58:79:8b:7c:84:f8:f3:9d:93:76:45:2a:
         73:20:e6:c4:2b:55:05:b9:91:c8:2b:41:cc:93:3a:47:bb:7c:
         fb:31:fb:f7:2c:4e:42:39:14:e7:99:7d:18:ec:ab:bc:9d:b3:
         af:1a:48:bd:b4:4f:89:ce:1b:c0:22:e2:1b:22:18:37:e0:04:
         03:80:68:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUwF2aDjnEEHtZkbL5I+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNmY5NzdkYzNkNWFjNjNiZGJkNmYwZjhhZDVlNmJhYTdj
NTRkODYwHhcNMjYwMTAyMTYyMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTczNzFlMDE2ZGNhODIyYjBlMmE1M2Q4MjAzM2UwMmYyYjZiN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ2SFlgIvzPdusWM0jFeOAxoDOpO
W8rlUT5NfC12KeSycHuHSRnQbDi0YCnlLm6ZJAGYttsCvxicevBTBgMZxm+Lv2R6
xtqn+rDArfUSRCMfYBV7vgBDj5wrbmQ2ys9m/k7fVHPhr8cx8a67l0zNF9g753Hx
Rgzo5fReRO1T/lK7Mbq+SJbX71MjLOUcWQzfEE1TGqUVa7iUUFEOzWKAAYCyw2B7
M5LsaovfGyRHWER4UJWufPkIlH28T8kVabJRyiV2ImGs7GzoI6Y2mZC2bkjgsaN7
fPvSi9XdH7GynOtDuLIU+xHDD6u7UmzCYkolUJ7NZefKGwIQPERL/tk9nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpzceAW3KgisOKlPYIDPgLytrfoMB8GA1UdIwQY
MBaAFDNvl33D1axjvb1vD4rV5rqnxU2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTItWGZjUFZyR085dlc4UGl0WG11cWZGVFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8yYTQ1NjEtZjJkMy00NmQyLWE0ZjIt
M2Y2ODY4YjJkZTk4LzEvcW5OeDRCYmNxQ0t3NHFVOWdnTS1BdksydC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8yYTQ1NjEtZjJkMy00NmQyLWE0ZjItM2Y2ODY4YjJkZTk4
LzEvTTItWGZjUFZyR085dlc4UGl0WG11cWZGVFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+jRMA0G
CSqGSIb3DQEBCwUAA4IBAQAuIGeRbODTifSa/RPoyqOWabD7U8HmyQGmfGbtPoV5
VWNnuXl/vILxa1Yd1qz2gDOGYKJl7TS7J4lunm53L4GvaQ51Y2QtqOZFOiyPomuZ
7tqgdWoUtjTL/CBZfo8SLGSjKU3Jq1IBKAJ5wnHCkPTOfH5cC9stCwxZv+g/CZ16
Pjzi2Aq77ZPMbAsh3s7pSWgf41zLe8sl6I+P6igAZ+jG4ofxKZtiINwFa+DV6vr6
H2Hfobu/MSwCAMBYeYt8hPjznZN2RSpzIObEK1UFuZHIK0HMkzpHu3z7Mfv3LE5C
ORTnmX0Y7Ku8nbOvGki9tE+JzhvAIuIbIhg34AQDgGh5
-----END CERTIFICATE-----