This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/qm1N6afKIHDIeVkklPLOLKGaS4s.roa
File:                     qm1N6afKIHDIeVkklPLOLKGaS4s.roa (raw, json)
Hash identifier:          ewBUJyCJZqBY4ReNaWU+ZIFZCEk2IZ7kEhQ4Bd+n260=
Subject key identifier:   AA:6D:4D:E9:A7:CA:20:70:C8:79:59:24:94:F2:CE:2C:A1:9A:4B:8B
Certificate issuer:       /CN=f497673c78efae5f6bd80a25ace3d3c37193e789
Certificate serial:       019B775953B5128D9B208E4B95D9D340FB52
Authority key identifier: F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/qm1N6afKIHDIeVkklPLOLKGaS4s.roa
Signing time:             Thu 01 Jan 2026 02:18:21 +0000
ROA not before:           Thu 01 Jan 2026 02:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33567
IP address blocks:        217.15.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:53:b5:12:8d:9b:20:8e:4b:95:d9:d3:40:fb:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f497673c78efae5f6bd80a25ace3d3c37193e789
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa6d4de9a7ca2070c879592494f2ce2ca19a4b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:42:55:92:70:12:b6:f9:e1:fd:28:4c:68:d2:
                    a3:45:55:6b:44:02:40:07:22:73:94:9a:57:2f:bf:
                    0a:73:c7:8f:c8:c7:b8:cb:70:b9:57:2f:b3:c1:a9:
                    40:94:1a:e5:0e:2f:24:89:4e:a0:0c:7f:3d:b4:98:
                    60:ad:17:61:2c:af:b0:9b:7d:99:fa:79:0e:7d:eb:
                    00:59:aa:d7:80:83:a8:a2:30:5b:c2:22:f3:40:bb:
                    8e:9d:cf:7e:83:85:99:8b:ed:4a:56:67:80:12:f0:
                    69:25:40:bd:60:88:8e:32:4b:05:fc:23:1f:28:b5:
                    95:24:9a:f6:d9:9c:30:aa:02:07:b7:8f:1a:f8:23:
                    81:56:7f:dd:62:cc:76:46:bf:a5:7f:75:1e:2d:c4:
                    66:b3:1f:dd:00:91:0a:41:ed:d6:f1:af:0d:bf:07:
                    e0:4b:91:6f:dc:25:8c:f9:95:d0:95:9f:b1:84:64:
                    49:67:ce:23:e3:00:cd:70:dc:00:4a:fd:ad:60:37:
                    cb:12:2b:57:4e:11:29:11:9d:f8:02:3e:d0:bb:23:
                    02:48:0b:3d:20:b0:2f:43:53:f1:63:22:ac:5f:f3:
                    18:ca:48:a2:d4:92:79:7e:3a:e7:2b:f8:ef:67:4f:
                    4c:4b:6b:6c:bb:a0:ae:40:f2:7e:06:a7:4b:15:6f:
                    07:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:6D:4D:E9:A7:CA:20:70:C8:79:59:24:94:F2:CE:2C:A1:9A:4B:8B
            X509v3 Authority Key Identifier:
                keyid:F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/qm1N6afKIHDIeVkklPLOLKGaS4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.15.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:83:1a:98:25:1d:3b:9d:db:bc:d0:cb:84:cd:ab:66:19:96:
         20:a2:28:9f:7a:11:69:3c:62:06:54:2c:f7:6a:5d:ca:2d:b5:
         57:0d:ed:24:ec:2e:22:b8:11:3f:7b:fa:21:bd:2c:11:8d:ef:
         e6:94:5a:4a:d1:5e:12:50:8c:da:c9:da:c3:6a:79:aa:54:aa:
         f7:ff:23:f8:e4:d2:b6:4c:0d:a2:59:40:eb:83:f1:d0:02:50:
         c3:b1:d4:23:8c:50:a7:3e:40:61:cc:04:70:e2:7a:b0:21:e8:
         cd:37:d7:4b:bc:4e:9d:7e:c8:6c:66:d1:28:bf:d9:65:11:1d:
         40:32:ff:29:09:ce:42:fb:1a:ed:e6:af:ca:6c:60:6c:5f:66:
         7a:93:56:71:a2:f5:4e:d2:47:37:9e:5a:76:98:b5:58:03:09:
         8c:ee:57:bf:24:38:19:74:79:79:c3:1d:eb:bc:21:58:7f:c8:
         5a:29:3f:bd:ee:7b:b7:45:9c:a3:61:ab:70:58:82:a7:e0:01:
         55:61:08:73:08:8b:32:7e:4e:f5:42:e9:cd:c6:76:06:6c:15:
         80:f5:e2:18:73:fb:5c:80:e8:77:7e:ce:9f:af:7b:25:7b:32:
         da:1f:77:7d:2a:8c:b5:3c:26:53:8c:65:98:17:07:91:80:0b:
         cb:f1:41:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WVO1Eo2bII5LldnTQPtSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OTc2NzNjNzhlZmFlNWY2YmQ4MGEyNWFjZTNkM2MzNzE5
M2U3ODkwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTZkNGRlOWE3Y2EyMDcwYzg3OTU5MjQ5NGYyY2UyY2ExOWE0YjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkJVknAStvnh/ShMaNKjRVVrRAJA
ByJzlJpXL78Kc8ePyMe4y3C5Vy+zwalAlBrlDi8kiU6gDH89tJhgrRdhLK+wm32Z
+nkOfesAWarXgIOoojBbwiLzQLuOnc9+g4WZi+1KVmeAEvBpJUC9YIiOMksF/CMf
KLWVJJr22ZwwqgIHt48a+COBVn/dYsx2Rr+lf3UeLcRmsx/dAJEKQe3W8a8Nvwfg
S5Fv3CWM+ZXQlZ+xhGRJZ84j4wDNcNwASv2tYDfLEitXThEpEZ34Aj7QuyMCSAs9
ILAvQ1PxYyKsX/MYykii1JJ5fjrnK/jvZ09MS2tsu6CuQPJ+BqdLFW8H9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKptTemnyiBwyHlZJJTyziyhmkuLMB8GA1UdIwQY
MBaAFPSXZzx4765fa9gKJazj08Nxk+eJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYt
NmUwNjk2ZmVlOGU2LzEvcW0xTjZhZktJSERJZVZra2xQTE9MS0dhUzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYtNmUwNjk2ZmVlOGU2
LzEvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Q99MA0G
CSqGSIb3DQEBCwUAA4IBAQBWgxqYJR07ndu80MuEzatmGZYgoiifehFpPGIGVCz3
al3KLbVXDe0k7C4iuBE/e/ohvSwRje/mlFpK0V4SUIzaydrDanmqVKr3/yP45NK2
TA2iWUDrg/HQAlDDsdQjjFCnPkBhzARw4nqwIejNN9dLvE6dfshsZtEov9llER1A
Mv8pCc5C+xrt5q/KbGBsX2Z6k1ZxovVO0kc3nlp2mLVYAwmM7le/JDgZdHl5wx3r
vCFYf8haKT+97nu3RZyjYatwWIKn4AFVYQhzCIsyfk71QunNxnYGbBWA9eIYc/tc
gOh3fs6fr3slezLaH3d9Koy1PCZTjGWYFweRgAvL8UHj
-----END CERTIFICATE-----