This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/qpaxq7ZhsWj2r4DwD72krm1lajU.roa
File:                     qpaxq7ZhsWj2r4DwD72krm1lajU.roa (raw, json)
Hash identifier:          MqKBfCOBRTEgrXSIFmc+vLs4pABsdPRMHJhH8wTcfXk=
Subject key identifier:   AA:96:B1:AB:B6:61:B1:68:F6:AF:80:F0:0F:BD:A4:AE:6D:65:6A:35
Certificate issuer:       /CN=b60aac104376b79dd6829091947b779c989af68b
Certificate serial:       019B7EA45118AD15EA5BC389D9E0A676BEB4
Authority key identifier: B6:0A:AC:10:43:76:B7:9D:D6:82:90:91:94:7B:77:9C:98:9A:F6:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tgqsEEN2t53WgpCRlHt3nJia9os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/qpaxq7ZhsWj2r4DwD72krm1lajU.roa
Signing time:             Fri 02 Jan 2026 12:17:36 +0000
ROA not before:           Fri 02 Jan 2026 12:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29551
IP address blocks:        194.153.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/tgqsEEN2t53WgpCRlHt3nJia9os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/tgqsEEN2t53WgpCRlHt3nJia9os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tgqsEEN2t53WgpCRlHt3nJia9os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:51:18:ad:15:ea:5b:c3:89:d9:e0:a6:76:be:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b60aac104376b79dd6829091947b779c989af68b
        Validity
            Not Before: Jan  2 12:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa96b1abb661b168f6af80f00fbda4ae6d656a35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:23:f9:d2:9f:84:22:c6:d6:99:90:60:3d:59:
                    0f:b8:7d:d8:2f:3e:c4:9a:66:c9:0f:c4:4f:d5:3e:
                    c5:da:34:a1:da:0e:54:9a:c1:48:0c:8a:3f:be:fc:
                    45:49:1a:67:0a:56:2c:a6:91:9e:d8:a5:5e:8a:5c:
                    13:06:b6:70:5d:ac:d1:21:00:61:3f:be:8c:7b:6b:
                    28:53:fb:19:e6:bf:44:5b:61:bb:db:c1:52:e3:44:
                    f0:af:53:b4:f5:54:de:09:02:11:ed:5a:e3:95:76:
                    01:34:48:6a:ff:7f:30:08:5a:39:51:b4:bc:43:d4:
                    92:07:dc:c5:2f:08:d7:b7:dc:66:d0:14:cb:43:f4:
                    17:94:0e:b9:ae:cb:a7:fc:20:0b:a8:de:0d:a8:ef:
                    a7:8c:b6:7e:fd:1c:a8:c0:3e:9b:87:12:61:f8:b5:
                    66:eb:e4:91:f0:ce:ce:e1:e1:8a:69:a0:65:8f:98:
                    c8:cf:61:75:1c:cd:d8:51:f8:8f:0e:e1:6b:7d:2c:
                    d6:5b:33:a0:55:c7:db:46:91:a6:76:3c:ad:14:17:
                    76:92:0a:68:b4:e5:23:cd:f2:6c:05:64:b0:24:dc:
                    e4:24:5e:70:bd:14:73:67:5b:64:fe:16:a4:92:0c:
                    d6:6a:1d:24:12:fc:f9:8a:7d:11:73:8c:54:d4:7b:
                    99:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:96:B1:AB:B6:61:B1:68:F6:AF:80:F0:0F:BD:A4:AE:6D:65:6A:35
            X509v3 Authority Key Identifier:
                keyid:B6:0A:AC:10:43:76:B7:9D:D6:82:90:91:94:7B:77:9C:98:9A:F6:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tgqsEEN2t53WgpCRlHt3nJia9os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/qpaxq7ZhsWj2r4DwD72krm1lajU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/eabb9a-9a07-4867-970b-2b1da624f7bc/1/tgqsEEN2t53WgpCRlHt3nJia9os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:64:a0:e2:5b:a8:f2:68:68:91:5f:d5:03:04:79:75:f9:11:
         d7:f1:68:3b:ec:50:89:4a:7e:f6:13:f6:c5:8b:4a:79:37:a7:
         57:1f:3b:5e:04:38:98:c1:2d:c4:70:84:be:35:dd:42:04:4b:
         92:a5:88:28:09:bd:6e:3d:e7:3c:ad:11:4f:14:8b:77:3a:f7:
         6a:c6:1d:24:82:6a:d7:68:5a:a9:bf:c9:5b:6f:5f:e8:90:a1:
         28:db:a0:52:9b:fd:d7:31:83:5d:ab:ac:90:6a:b7:b8:8e:ac:
         c1:44:8f:eb:9f:70:ea:71:5b:43:e6:0d:30:8b:e3:12:38:d2:
         91:6c:96:6a:29:55:82:1e:e8:9a:c3:ae:6a:e0:f8:d1:20:0b:
         43:51:6d:2d:b6:20:55:f5:49:c4:c2:29:08:b0:82:76:45:e9:
         20:2d:68:08:26:5f:b4:8d:d6:7b:36:cc:51:80:af:db:06:67:
         15:ac:c4:c5:15:6c:78:5e:6f:16:0a:56:6c:7c:1c:2b:cc:22:
         18:08:42:77:03:7b:6d:10:1a:92:ed:b7:43:b8:fa:f0:75:9f:
         fa:dc:3c:f1:79:74:bf:89:b7:e3:87:43:32:0f:3a:a7:4c:01:
         d4:65:f0:19:5b:52:ed:01:25:df:6b:cd:63:d1:1f:2e:33:75:
         86:c6:b0:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pFEYrRXqW8OJ2eCmdr60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MGFhYzEwNDM3NmI3OWRkNjgyOTA5MTk0N2I3NzljOTg5
YWY2OGIwHhcNMjYwMTAyMTIxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTk2YjFhYmI2NjFiMTY4ZjZhZjgwZjAwZmJkYTRhZTZkNjU2YTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSP50p+EIsbWmZBgPVkPuH3YLz7E
mmbJD8RP1T7F2jSh2g5UmsFIDIo/vvxFSRpnClYsppGe2KVeilwTBrZwXazRIQBh
P76Me2soU/sZ5r9EW2G728FS40Twr1O09VTeCQIR7VrjlXYBNEhq/38wCFo5UbS8
Q9SSB9zFLwjXt9xm0BTLQ/QXlA65rsun/CALqN4NqO+njLZ+/RyowD6bhxJh+LVm
6+SR8M7O4eGKaaBlj5jIz2F1HM3YUfiPDuFrfSzWWzOgVcfbRpGmdjytFBd2kgpo
tOUjzfJsBWSwJNzkJF5wvRRzZ1tk/hakkgzWah0kEvz5in0Rc4xU1HuZ6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqWsau2YbFo9q+A8A+9pK5tZWo1MB8GA1UdIwQY
MBaAFLYKrBBDdred1oKQkZR7d5yYmvaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGdxc0VFTjJ0NTNXZ3BDUmxIdDNuSmlhOW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9lYWJiOWEtOWEwNy00ODY3LTk3MGIt
MmIxZGE2MjRmN2JjLzEvcXBheHE3WmhzV2oycjREd0Q3MmtybTFsYWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9lYWJiOWEtOWEwNy00ODY3LTk3MGItMmIxZGE2MjRmN2Jj
LzEvdGdxc0VFTjJ0NTNXZ3BDUmxIdDNuSmlhOW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwplXMA0G
CSqGSIb3DQEBCwUAA4IBAQCGZKDiW6jyaGiRX9UDBHl1+RHX8Wg77FCJSn72E/bF
i0p5N6dXHzteBDiYwS3EcIS+Nd1CBEuSpYgoCb1uPec8rRFPFIt3Ovdqxh0kgmrX
aFqpv8lbb1/okKEo26BSm/3XMYNdq6yQare4jqzBRI/rn3DqcVtD5g0wi+MSONKR
bJZqKVWCHuiaw65q4PjRIAtDUW0ttiBV9UnEwikIsIJ2RekgLWgIJl+0jdZ7NsxR
gK/bBmcVrMTFFWx4Xm8WClZsfBwrzCIYCEJ3A3ttEBqS7bdDuPrwdZ/63DzxeXS/
ibfjh0MyDzqnTAHUZfAZW1LtASXfa81j0R8uM3WGxrBb
-----END CERTIFICATE-----