This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/QJmnWjrF5SckYqXHMQVWx6L7kxc.roa
File:                     QJmnWjrF5SckYqXHMQVWx6L7kxc.roa (raw, json)
Hash identifier:          ZzvvSvqGh3FCeEYQX83Fju97+ka1cm0UIM/Bcb7Vjew=
Subject key identifier:   40:99:A7:5A:3A:C5:E5:27:24:62:A5:C7:31:05:56:C7:A2:FB:93:17
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019B7EA5597545803DD8EE06F30C4AFD4889
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/QJmnWjrF5SckYqXHMQVWx6L7kxc.roa
Signing time:             Fri 02 Jan 2026 12:18:44 +0000
ROA not before:           Fri 02 Jan 2026 12:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200063
IP address blocks:        2a10:4646:290::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:59:75:45:80:3d:d8:ee:06:f3:0c:4a:fd:48:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 12:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4099a75a3ac5e5272462a5c7310556c7a2fb9317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d6:27:84:60:b2:8d:91:86:75:6a:82:cf:03:
                    9b:67:1c:eb:39:a5:22:a5:2a:d8:40:24:eb:97:ba:
                    e0:1a:a5:55:61:0b:64:7e:74:5b:fc:93:4c:e1:63:
                    c8:0c:42:16:fb:2d:14:a3:8c:80:64:d8:c5:cb:1e:
                    dc:cb:fc:b2:7c:cf:86:0a:51:c5:a5:b9:ac:93:c5:
                    00:00:13:06:ad:14:a8:fb:f0:d7:90:f0:7d:88:be:
                    85:9a:c0:56:70:1b:53:14:44:ea:26:4a:1f:6a:11:
                    ea:63:21:70:55:e9:a0:55:1b:63:9b:c9:22:37:e1:
                    30:fc:73:00:6c:e0:dd:4c:60:9c:93:89:a1:fb:47:
                    a0:55:c8:77:91:db:31:21:bf:3f:b3:63:54:8f:37:
                    2e:e5:c4:f1:f5:43:19:56:c4:b6:b6:ba:5d:2d:55:
                    f1:50:fa:14:77:28:21:bf:d3:f6:89:9f:90:0e:6a:
                    bf:a6:1f:10:3b:86:50:fb:cd:74:58:b5:37:bf:de:
                    33:8a:1f:d6:41:65:5e:65:c4:91:fa:4c:66:81:00:
                    de:88:55:18:54:13:13:27:23:d7:3c:cb:a8:c2:53:
                    ca:98:37:03:78:fc:79:c1:7e:35:a4:14:e0:68:2d:
                    6d:af:ef:54:f1:c2:69:5b:13:00:a4:da:a5:e8:3a:
                    9c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:99:A7:5A:3A:C5:E5:27:24:62:A5:C7:31:05:56:C7:A2:FB:93:17
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/QJmnWjrF5SckYqXHMQVWx6L7kxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:290::/44

    Signature Algorithm: sha256WithRSAEncryption
         af:23:05:a5:07:53:94:4c:50:64:bb:3b:73:f2:8f:10:a7:53:
         87:cc:f5:47:29:4c:de:85:e0:37:a2:d4:23:a4:dc:5f:85:31:
         4e:7b:90:14:23:fe:70:a8:cb:a0:dd:24:bb:12:a9:1c:58:91:
         e9:b6:4b:65:08:68:89:5c:f6:b8:57:97:2b:5e:5c:c6:87:1b:
         a7:89:bf:da:a3:d4:90:0c:d7:32:4f:f1:44:65:83:31:5e:4c:
         17:49:e5:f5:44:07:58:1b:27:43:d2:0f:ee:2f:33:36:16:df:
         54:d6:d6:ec:a1:6e:25:5d:33:54:5b:5e:51:53:30:be:09:57:
         c3:d9:d3:2d:87:55:88:29:2b:af:e8:ae:4c:9b:34:7f:72:80:
         4f:d4:a7:c4:2d:d4:2b:3a:f1:42:37:17:1b:4b:c6:eb:33:58:
         39:63:6f:7f:a8:22:ee:d0:66:4b:f5:5e:68:9d:91:94:59:e9:
         84:e7:fb:14:7c:dc:d3:f7:20:44:d8:bd:cc:09:f4:c9:88:8f:
         e4:56:ce:98:a2:a8:5d:89:26:bc:47:ef:83:c4:4d:94:d3:64:
         cb:bc:39:5a:51:ce:53:31:e6:04:07:1b:e2:77:77:99:3e:76:
         1d:a3:89:f9:df:9d:a5:2d:c1:35:cc:a5:8a:9c:15:9c:d7:e5:
         9e:99:ec:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pVl1RYA92O4G8wxK/UiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwMTAyMTIxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDk5YTc1YTNhYzVlNTI3MjQ2MmE1YzczMTA1NTZjN2EyZmI5MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9YnhGCyjZGGdWqCzwObZxzrOaUi
pSrYQCTrl7rgGqVVYQtkfnRb/JNM4WPIDEIW+y0Uo4yAZNjFyx7cy/yyfM+GClHF
pbmsk8UAABMGrRSo+/DXkPB9iL6FmsBWcBtTFETqJkofahHqYyFwVemgVRtjm8ki
N+Ew/HMAbODdTGCck4mh+0egVch3kdsxIb8/s2NUjzcu5cTx9UMZVsS2trpdLVXx
UPoUdyghv9P2iZ+QDmq/ph8QO4ZQ+810WLU3v94zih/WQWVeZcSR+kxmgQDeiFUY
VBMTJyPXPMuowlPKmDcDePx5wX41pBTgaC1tr+9U8cJpWxMApNql6DqcCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFECZp1o6xeUnJGKlxzEFVsei+5MXMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvUUptbldqckY1U2NrWXFYSE1RVld4Nkw3a3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCvIwWlB1OUTFBkuztz8o8Qp1OHzPVHKUzeheA3
otQjpNxfhTFOe5AUI/5wqMug3SS7EqkcWJHptktlCGiJXPa4V5crXlzGhxunib/a
o9SQDNcyT/FEZYMxXkwXSeX1RAdYGydD0g/uLzM2Ft9U1tbsoW4lXTNUW15RUzC+
CVfD2dMth1WIKSuv6K5MmzR/coBP1KfELdQrOvFCNxcbS8brM1g5Y29/qCLu0GZL
9V5onZGUWemE5/sUfNzT9yBE2L3MCfTJiI/kVs6YoqhdiSa8R++DxE2U02TLvDla
Uc5TMeYEBxvid3eZPnYdo4n5352lLcE1zKWKnBWc1+Wemey4
-----END CERTIFICATE-----