This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/qFB2EJT-dRDHAj_TTnZeCHZ9Gcw.roa
File:                     qFB2EJT-dRDHAj_TTnZeCHZ9Gcw.roa (raw, json)
Hash identifier:          sFTYpyONZM4849OiQuWMraeanFpbFNLi3ztibzARdQc=
Subject key identifier:   A8:50:76:10:94:FE:75:10:C7:02:3F:D3:4E:76:5E:08:76:7D:19:CC
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       019B76EB7E112DC97F55304F3D01587E9B5C
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/qFB2EJT-dRDHAj_TTnZeCHZ9Gcw.roa
Signing time:             Thu 01 Jan 2026 00:18:23 +0000
ROA not before:           Thu 01 Jan 2026 00:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203213
IP address blocks:        185.142.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:7e:11:2d:c9:7f:55:30:4f:3d:01:58:7e:9b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 00:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a850761094fe7510c7023fd34e765e08767d19cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ad:85:12:65:92:34:41:e0:f7:15:31:06:ef:
                    d4:8f:b7:35:3d:19:47:05:74:f4:22:7b:89:38:ed:
                    fc:54:45:af:64:f6:c5:02:c1:86:06:6f:e4:0c:93:
                    39:f8:20:ba:79:26:37:5e:95:4a:2d:a9:2d:e7:40:
                    a0:11:b1:33:f6:6a:d5:eb:f0:70:73:20:e8:ee:49:
                    2e:69:e3:c9:dc:b3:34:76:ec:a5:6a:88:29:4e:2a:
                    bc:90:8b:ed:ea:9c:fc:38:0b:d1:28:df:c6:40:6d:
                    f8:68:d2:6a:f5:8f:f6:70:02:13:d9:56:52:be:a0:
                    d5:7c:09:a9:fc:f1:7f:6d:e0:9e:0b:a2:d6:7f:f1:
                    10:5d:7f:74:64:b1:6b:9b:7e:9f:28:1e:9d:97:78:
                    c4:a4:b8:0b:8a:81:f5:75:42:c5:e1:1c:83:78:7a:
                    63:60:5d:f1:09:d6:cb:a3:cc:24:f2:a5:f0:89:fe:
                    ca:75:f0:f0:f0:da:22:4c:ba:c2:0d:f8:ea:f3:8c:
                    e7:12:52:43:7d:bf:24:7a:31:f3:14:aa:f9:7c:69:
                    90:0a:9c:e4:e9:22:da:48:76:9d:b0:af:c8:3e:8c:
                    19:61:03:ec:98:9d:35:6c:8e:d1:21:b4:4a:de:2e:
                    e2:64:9f:00:51:77:bc:32:5f:80:01:86:22:40:c7:
                    45:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:50:76:10:94:FE:75:10:C7:02:3F:D3:4E:76:5E:08:76:7D:19:CC
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/qFB2EJT-dRDHAj_TTnZeCHZ9Gcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:a2:9f:93:f8:98:d1:51:06:57:61:1e:8b:06:f4:63:3b:0b:
         6d:d5:11:60:c5:69:8f:2d:e4:a7:91:c3:c5:f5:a6:39:ac:21:
         a5:67:09:4c:d3:1f:ac:c0:2a:fe:a1:28:d1:ee:39:7d:88:c3:
         34:59:35:ad:23:ec:28:11:c5:5e:1a:19:db:a4:be:2b:52:6b:
         d5:43:81:23:0b:1c:28:60:3f:b6:91:80:65:a5:38:9c:37:74:
         6d:51:51:59:bc:62:2c:12:bd:be:4b:f9:2a:69:83:0e:04:83:
         6f:a0:e4:bb:27:c0:17:8f:49:c9:a3:b7:39:7b:43:1f:c3:46:
         a9:09:40:4e:35:db:ad:cc:9d:9a:78:1d:ac:dd:11:9d:42:cc:
         71:d6:ed:ee:8d:43:b8:e2:77:f8:d6:c1:62:52:d9:cb:5a:b2:
         97:ed:e6:10:b2:4c:80:d4:65:b6:6c:9f:8e:c7:81:f7:75:a8:
         ef:40:2a:5f:ee:8f:21:2b:04:b9:4a:9c:14:a2:02:d6:a1:b2:
         e2:21:eb:fe:cd:8c:ae:ba:e6:ec:1e:bf:aa:9b:af:f9:75:4c:
         50:da:5a:06:37:24:af:27:48:59:2e:7c:27:a6:d5:63:96:e8:
         c0:67:d5:bb:03:76:c0:b9:f8:b6:7d:35:11:db:53:10:b9:ac:
         4a:0c:b1:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt2634RLcl/VTBPPQFYfptcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjYwMTAxMDAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODUwNzYxMDk0ZmU3NTEwYzcwMjNmZDM0ZTc2NWUwODc2N2QxOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua2FEmWSNEHg9xUxBu/Uj7c1PRlH
BXT0InuJOO38VEWvZPbFAsGGBm/kDJM5+CC6eSY3XpVKLakt50CgEbEz9mrV6/Bw
cyDo7kkuaePJ3LM0duylaogpTiq8kIvt6pz8OAvRKN/GQG34aNJq9Y/2cAIT2VZS
vqDVfAmp/PF/beCeC6LWf/EQXX90ZLFrm36fKB6dl3jEpLgLioH1dULF4RyDeHpj
YF3xCdbLo8wk8qXwif7KdfDw8NoiTLrCDfjq84znElJDfb8kejHzFKr5fGmQCpzk
6SLaSHadsK/IPowZYQPsmJ01bI7RIbRK3i7iZJ8AUXe8Ml+AAYYiQMdFWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhQdhCU/nUQxwI/0052Xgh2fRnMMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvcUZCMkVKVC1kUkRIQWpfVFRuWmVDSFo5R2N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY5QMA0G
CSqGSIb3DQEBCwUAA4IBAQBzop+T+JjRUQZXYR6LBvRjOwtt1RFgxWmPLeSnkcPF
9aY5rCGlZwlM0x+swCr+oSjR7jl9iMM0WTWtI+woEcVeGhnbpL4rUmvVQ4EjCxwo
YD+2kYBlpTicN3RtUVFZvGIsEr2+S/kqaYMOBINvoOS7J8AXj0nJo7c5e0Mfw0ap
CUBONdutzJ2aeB2s3RGdQsxx1u3ujUO44nf41sFiUtnLWrKX7eYQskyA1GW2bJ+O
x4H3dajvQCpf7o8hKwS5SpwUogLWobLiIev+zYyuuubsHr+qm6/5dUxQ2loGNySv
J0hZLnwnptVjlujAZ9W7A3bAufi2fTUR21MQuaxKDLEI
-----END CERTIFICATE-----