This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/NQ75nb1-xJ7HIs6FdHfLr_Qn5o8.roa
File:                     NQ75nb1-xJ7HIs6FdHfLr_Qn5o8.roa (raw, json)
Hash identifier:          0/Ed5GPxhq59pa7mSV6ONsdGXpQguRmYVeDEeOnkcHU=
Subject key identifier:   35:0E:F9:9D:BD:7E:C4:9E:C7:22:CE:85:74:77:CB:AF:F4:27:E6:8F
Certificate issuer:       /CN=41ef4b060a8b79b2893d3309ad50d1cccb2b9e31
Certificate serial:       019B7EA453C3610C7ACAA3116D70F2989ADE
Authority key identifier: 41:EF:4B:06:0A:8B:79:B2:89:3D:33:09:AD:50:D1:CC:CB:2B:9E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/NQ75nb1-xJ7HIs6FdHfLr_Qn5o8.roa
Signing time:             Fri 02 Jan 2026 12:17:36 +0000
ROA not before:           Fri 02 Jan 2026 12:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29404
IP address blocks:        217.73.148.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:53:c3:61:0c:7a:ca:a3:11:6d:70:f2:98:9a:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41ef4b060a8b79b2893d3309ad50d1cccb2b9e31
        Validity
            Not Before: Jan  2 12:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=350ef99dbd7ec49ec722ce857477cbaff427e68f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e3:f5:eb:a9:11:c9:23:9a:5f:ff:8f:b2:d7:
                    48:d0:8d:c1:1f:5b:8a:d1:75:36:14:99:33:a6:94:
                    12:ac:5f:6f:b7:e5:fc:39:72:36:e0:e7:a8:04:69:
                    a7:3e:5d:d3:5a:39:f3:b0:33:01:9d:ec:eb:81:cb:
                    09:7e:23:ef:0c:0d:f8:f9:39:26:9a:5e:09:2b:bb:
                    a0:37:7e:28:4a:1a:66:bc:d9:ab:99:65:83:38:58:
                    e8:06:11:b1:c1:62:16:e7:1c:f3:cc:3f:37:19:3c:
                    26:43:be:38:c4:77:88:df:79:67:97:54:0f:51:fe:
                    0c:9b:6f:2f:3c:66:66:d3:e0:32:f6:7a:06:c7:7b:
                    7c:a5:70:e6:20:83:38:81:fc:81:28:b7:f0:b6:fa:
                    34:93:c0:ca:1a:8e:f4:76:d2:2f:5b:eb:be:6b:9f:
                    1a:f8:14:38:20:58:30:2e:47:96:01:cd:ed:71:42:
                    cf:17:32:66:40:07:4b:a9:8b:32:35:52:3c:d2:48:
                    6d:36:b2:51:34:ac:48:7e:95:8d:07:c3:fd:4e:c1:
                    93:4a:6a:69:f3:8a:55:16:19:d8:8e:2e:4d:92:44:
                    53:18:fd:fd:ac:e6:73:d2:51:da:d4:1d:78:2a:0e:
                    28:cf:5e:df:13:c7:06:05:08:8b:2d:67:9d:75:39:
                    e0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:0E:F9:9D:BD:7E:C4:9E:C7:22:CE:85:74:77:CB:AF:F4:27:E6:8F
            X509v3 Authority Key Identifier:
                keyid:41:EF:4B:06:0A:8B:79:B2:89:3D:33:09:AD:50:D1:CC:CB:2B:9E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/NQ75nb1-xJ7HIs6FdHfLr_Qn5o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.73.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:18:60:46:e8:25:32:7c:2e:f2:65:39:3d:78:cf:ea:2b:cc:
         cd:dc:8b:2d:e4:5d:9d:bc:88:cb:fc:26:41:a0:f7:0d:53:cf:
         69:6d:f5:df:f4:21:74:eb:f0:b2:e4:52:db:a8:c0:99:ef:26:
         d5:0c:fe:8e:86:1a:c5:ad:23:4b:ab:6c:60:0d:af:99:9a:86:
         69:9a:46:9e:96:b8:5e:3b:c6:e6:84:58:20:85:c7:04:68:3f:
         cb:c7:a3:dc:f6:99:66:9e:c4:a2:bd:4e:25:cd:dc:a4:35:8f:
         43:d5:b0:b6:c5:02:e8:b9:72:b5:9a:d8:30:06:9e:64:43:3c:
         67:0b:10:29:14:4e:34:2d:bd:ac:6f:37:eb:7f:3b:62:6b:32:
         db:4b:e0:64:89:7e:50:3e:99:e7:6f:d3:a4:05:48:8c:25:a5:
         d7:71:3b:fe:4a:6d:ce:ae:48:65:e2:8b:9a:a7:82:74:cd:28:
         7f:8f:aa:cb:c6:1b:be:f1:c0:83:d6:7c:8d:05:e7:17:89:55:
         5e:40:33:86:85:be:39:d7:ae:3b:e8:5a:16:66:ef:79:31:1c:
         55:11:77:c6:db:84:9b:1b:fd:ce:a7:ec:f2:59:2c:b5:04:ba:
         c4:9b:01:ec:2a:39:81:95:d2:dd:85:d1:d3:b3:f1:2f:4a:d7:
         fe:14:a0:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pFPDYQx6yqMRbXDymJreMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZWY0YjA2MGE4Yjc5YjI4OTNkMzMwOWFkNTBkMWNjY2Iy
YjllMzEwHhcNMjYwMTAyMTIxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTBlZjk5ZGJkN2VjNDllYzcyMmNlODU3NDc3Y2JhZmY0MjdlNjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeP166kRySOaX/+PstdI0I3BH1uK
0XU2FJkzppQSrF9vt+X8OXI24OeoBGmnPl3TWjnzsDMBnezrgcsJfiPvDA34+Tkm
ml4JK7ugN34oShpmvNmrmWWDOFjoBhGxwWIW5xzzzD83GTwmQ744xHeI33lnl1QP
Uf4Mm28vPGZm0+Ay9noGx3t8pXDmIIM4gfyBKLfwtvo0k8DKGo70dtIvW+u+a58a
+BQ4IFgwLkeWAc3tcULPFzJmQAdLqYsyNVI80khtNrJRNKxIfpWNB8P9TsGTSmpp
84pVFhnYji5NkkRTGP39rOZz0lHa1B14Kg4oz17fE8cGBQiLLWeddTngpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUO+Z29fsSexyLOhXR3y6/0J+aPMB8GA1UdIwQY
MBaAFEHvSwYKi3myiT0zCa1Q0czLK54xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWU5TEJncUxlYktKUFRNSnJWRFJ6TXNybmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xMTFiODEtYWE2Yy00MGRhLWJlZDEt
YmY4ZTVkODI2NWEyLzEvTlE3NW5iMS14SjdISXM2RmRIZkxyX1FuNW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xMTFiODEtYWE2Yy00MGRhLWJlZDEtYmY4ZTVkODI2NWEy
LzEvUWU5TEJncUxlYktKUFRNSnJWRFJ6TXNybmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UmUMA0G
CSqGSIb3DQEBCwUAA4IBAQABGGBG6CUyfC7yZTk9eM/qK8zN3Ist5F2dvIjL/CZB
oPcNU89pbfXf9CF06/Cy5FLbqMCZ7ybVDP6OhhrFrSNLq2xgDa+ZmoZpmkaelrhe
O8bmhFgghccEaD/Lx6Pc9plmnsSivU4lzdykNY9D1bC2xQLouXK1mtgwBp5kQzxn
CxApFE40Lb2sbzfrfztiazLbS+BkiX5QPpnnb9OkBUiMJaXXcTv+Sm3Orkhl4oua
p4J0zSh/j6rLxhu+8cCD1nyNBecXiVVeQDOGhb4516476FoWZu95MRxVEXfG24Sb
G/3Op+zyWSy1BLrEmwHsKjmBldLdhdHTs/EvStf+FKCQ
-----END CERTIFICATE-----