This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/_qA7-iuYEvTbfVREYl9q7tay4Bk.roa
File:                     _qA7-iuYEvTbfVREYl9q7tay4Bk.roa (raw, json)
Hash identifier:          Z/glgCy5dfzogAACVBlWtKvnqFreHrzxfTJl0PSlZgA=
Subject key identifier:   FE:A0:3B:FA:2B:98:12:F4:DB:7D:54:44:62:5F:6A:EE:D6:B2:E0:19
Certificate issuer:       /CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
Certificate serial:       019B7B365057C48A899369E60E5A4D36B874
Authority key identifier: DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/_qA7-iuYEvTbfVREYl9q7tay4Bk.roa
Signing time:             Thu 01 Jan 2026 20:18:35 +0000
ROA not before:           Thu 01 Jan 2026 20:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48642
IP address blocks:        213.109.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:50:57:c4:8a:89:93:69:e6:0e:5a:4d:36:b8:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
        Validity
            Not Before: Jan  1 20:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fea03bfa2b9812f4db7d5444625f6aeed6b2e019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:45:b5:7e:eb:4e:86:4c:d2:3e:db:ad:fc:40:
                    4f:3e:4f:0e:cf:dc:86:90:ef:30:76:b9:9b:8f:dc:
                    03:63:45:03:f1:b0:bc:22:78:1f:74:ec:c1:96:32:
                    32:79:98:f3:7f:9f:00:cd:df:1b:b1:81:e2:78:36:
                    d1:2c:43:56:21:9b:d5:3b:f9:9e:64:42:1e:5f:f9:
                    20:d8:18:65:7c:b5:70:cb:71:53:55:18:9c:84:6f:
                    f2:4a:1e:d3:a3:09:16:c0:e8:25:d7:20:e4:be:30:
                    ab:1f:21:2f:06:a8:73:b1:47:94:75:58:d6:25:92:
                    10:77:52:61:b3:3a:65:df:6c:1e:b1:fb:81:9f:f9:
                    a4:bd:84:2f:f1:54:5e:b3:da:b5:df:7d:24:24:e6:
                    22:91:c5:03:09:99:08:61:74:77:dc:86:df:b1:33:
                    1f:f4:f9:b0:a8:72:1b:09:d7:1c:b2:77:ee:1a:18:
                    aa:52:53:1d:ea:ea:9b:b8:8e:e0:05:46:af:b4:e0:
                    c6:77:2d:83:38:b9:2a:af:d5:38:70:cc:36:4f:12:
                    94:a7:9c:a4:d9:13:f6:b4:4a:68:a1:bf:35:26:91:
                    83:72:bb:33:a6:23:73:7e:67:f0:69:1b:cd:53:04:
                    96:fb:8f:e1:6f:4a:88:85:76:68:63:6f:ed:a5:c3:
                    f5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A0:3B:FA:2B:98:12:F4:DB:7D:54:44:62:5F:6A:EE:D6:B2:E0:19
            X509v3 Authority Key Identifier:
                keyid:DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/_qA7-iuYEvTbfVREYl9q7tay4Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         18:09:47:2a:90:5b:21:5b:0e:aa:3b:c6:f0:11:a4:62:05:d5:
         b9:46:4d:24:da:eb:cf:be:a0:98:39:69:fc:5a:e8:84:1b:44:
         1b:a6:00:55:98:ed:a3:9c:e7:7e:b2:31:d1:15:14:e6:d8:12:
         8d:44:c4:76:27:54:03:24:e8:8a:aa:a0:52:a1:96:18:b9:c7:
         b8:a4:bd:13:a7:49:54:ab:89:75:2c:b2:2d:5b:71:0f:3e:fe:
         95:39:33:2d:95:45:79:c2:70:1e:dd:1d:78:e0:76:6c:f2:db:
         11:b7:91:ba:cb:ac:ed:0b:99:af:18:1b:89:a2:95:8e:07:92:
         b6:66:51:45:8f:51:47:1e:c9:ad:d2:1b:e9:2f:15:c7:90:51:
         ce:a5:06:c3:4c:1d:85:d8:c5:2a:a2:8c:ac:f1:f7:b8:d5:60:
         b6:e5:17:d6:f1:5c:29:89:64:5e:a3:72:20:e7:98:37:b6:7b:
         a4:1b:c1:b1:9b:50:b7:3a:eb:e6:2d:4d:df:c6:7d:f1:a3:b7:
         47:56:7a:53:c9:df:47:3b:71:3e:d1:53:76:b7:c5:bd:f6:9b:
         eb:c8:e5:19:8f:c8:84:98:91:d4:c1:d4:21:2f:39:12:89:6f:
         2f:49:07:78:13:15:a7:b7:ff:30:fd:40:d8:d6:53:e9:df:80:
         41:58:e0:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NlBXxIqJk2nmDlpNNrh0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzI1YzRkMDk1M2U3ZWNmNDZmMzdlMTRmY2ExNGZkMDlh
MTJkMTYwHhcNMjYwMTAxMjAxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWEwM2JmYTJiOTgxMmY0ZGI3ZDU0NDQ2MjVmNmFlZWQ2YjJlMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykW1futOhkzSPtut/EBPPk8Oz9yG
kO8wdrmbj9wDY0UD8bC8IngfdOzBljIyeZjzf58Azd8bsYHieDbRLENWIZvVO/me
ZEIeX/kg2BhlfLVwy3FTVRichG/ySh7TowkWwOgl1yDkvjCrHyEvBqhzsUeUdVjW
JZIQd1Jhszpl32wesfuBn/mkvYQv8VRes9q1330kJOYikcUDCZkIYXR33IbfsTMf
9PmwqHIbCdccsnfuGhiqUlMd6uqbuI7gBUavtODGdy2DOLkqr9U4cMw2TxKUp5yk
2RP2tEpoob81JpGDcrszpiNzfmfwaRvNUwSW+4/hb0qIhXZoY2/tpcP1uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6gO/ormBL0231URGJfau7WsuAZMB8GA1UdIwQY
MBaAFN1yXE0JU+fs9G834U/KFP0JoS0WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYt
OGYyMGNiNzM0NDg4LzEvX3FBNy1pdVlFdlRiZlZSRVlsOXE3dGF5NEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYtOGYyMGNiNzM0NDg4
LzEvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1W0wMA0G
CSqGSIb3DQEBCwUAA4IBAQAYCUcqkFshWw6qO8bwEaRiBdW5Rk0k2uvPvqCYOWn8
WuiEG0QbpgBVmO2jnOd+sjHRFRTm2BKNRMR2J1QDJOiKqqBSoZYYuce4pL0Tp0lU
q4l1LLItW3EPPv6VOTMtlUV5wnAe3R144HZs8tsRt5G6y6ztC5mvGBuJopWOB5K2
ZlFFj1FHHsmt0hvpLxXHkFHOpQbDTB2F2MUqooys8fe41WC25RfW8VwpiWReo3Ig
55g3tnukG8Gxm1C3OuvmLU3fxn3xo7dHVnpTyd9HO3E+0VN2t8W99pvryOUZj8iE
mJHUwdQhLzkSiW8vSQd4ExWnt/8w/UDY1lPp34BBWOCG
-----END CERTIFICATE-----