This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/QAF_d8JSOaJa5ePcJEuhIcWijDg.roa
File:                     QAF_d8JSOaJa5ePcJEuhIcWijDg.roa (raw, json)
Hash identifier:          TdbbkOA72vcnj4Xcj7+YbTdpoWTInlYqPn8xkPfG47c=
Subject key identifier:   40:01:7F:77:C2:52:39:A2:5A:E5:E3:DC:24:4B:A1:21:C5:A2:8C:38
Certificate issuer:       /CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
Certificate serial:       019B7BA4CA155E43836090F8789B1BE37701
Authority key identifier: B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/QAF_d8JSOaJa5ePcJEuhIcWijDg.roa
Signing time:             Thu 01 Jan 2026 22:19:15 +0000
ROA not before:           Thu 01 Jan 2026 22:19:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50563
IP address blocks:        185.102.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:ca:15:5e:43:83:60:90:f8:78:9b:1b:e3:77:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
        Validity
            Not Before: Jan  1 22:19:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40017f77c25239a25ae5e3dc244ba121c5a28c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e9:b3:42:16:0c:b0:f5:f6:d4:69:80:e8:45:
                    4b:d9:42:f5:45:b6:42:57:a7:d6:47:30:6b:f9:b1:
                    fa:c4:a1:51:f6:7c:76:33:2a:ca:8e:77:e4:77:38:
                    47:d2:7c:63:80:80:aa:6f:2d:77:bb:87:4d:1e:a7:
                    59:31:b2:32:bf:47:44:14:da:ab:a6:73:84:d3:a5:
                    67:01:d6:8c:07:ac:a5:17:ab:cb:3a:30:8b:0a:e5:
                    49:8e:e7:7b:19:30:3d:d6:56:23:e3:3f:4f:c0:5c:
                    bf:57:80:63:aa:e4:de:24:0d:43:c9:d6:3e:99:e0:
                    cc:3f:41:c3:8c:35:2f:e8:21:1d:fa:9e:50:5b:e8:
                    6e:68:88:81:1b:27:12:9d:97:cd:dd:8d:ff:99:4a:
                    e3:7f:27:04:41:5a:92:44:e3:51:09:d8:e7:16:c0:
                    05:2f:8f:91:e2:f2:fd:c2:13:a5:fb:b2:ea:64:28:
                    7f:94:2a:31:17:7f:8e:4d:26:d7:2e:1b:ae:ce:7a:
                    3c:65:16:de:bd:17:f6:79:a3:c0:65:83:0a:bb:e1:
                    40:08:d1:9b:e4:fe:d5:d7:89:2f:82:fd:a5:89:dc:
                    7e:37:98:e0:9b:1f:47:36:d4:eb:7c:60:47:7c:eb:
                    7d:15:a2:75:3f:e9:15:f5:88:ae:9a:62:11:46:a6:
                    41:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:01:7F:77:C2:52:39:A2:5A:E5:E3:DC:24:4B:A1:21:C5:A2:8C:38
            X509v3 Authority Key Identifier:
                keyid:B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/QAF_d8JSOaJa5ePcJEuhIcWijDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:57:7b:41:7b:45:0e:25:c3:f1:13:52:02:dd:13:44:c7:b2:
         1c:a9:ec:b3:08:ae:7c:1b:f6:de:d4:db:76:37:a1:17:93:20:
         a2:35:90:43:f1:e5:42:eb:c9:bd:b8:63:f2:fa:f9:04:5f:24:
         d8:37:7e:34:63:54:13:6b:07:38:0e:12:ce:f1:61:dc:03:2b:
         70:c8:8d:cf:b4:77:13:e6:dc:1b:b2:25:de:98:ff:95:7a:d8:
         e2:30:86:cc:c7:92:66:e1:42:cd:52:67:77:56:a1:63:52:ec:
         bc:d6:09:47:e8:7b:68:a6:96:b2:9c:d0:39:a2:d6:4f:f6:83:
         f2:e9:52:54:9c:4d:6f:d3:c5:a4:f0:e4:77:00:d7:d5:42:0e:
         4d:6b:63:00:17:ba:00:e4:62:9f:46:af:e7:c3:1d:0f:62:89:
         c1:aa:41:e4:1e:d4:20:6a:00:d5:bf:eb:66:0b:d3:f5:62:6d:
         17:ec:7b:ca:d3:fb:e4:c3:76:93:b2:85:61:5b:2e:44:e5:50:
         90:16:b1:96:26:5c:ab:17:e3:48:bc:08:87:69:51:36:64:c7:
         4d:34:39:5e:05:66:41:38:eb:2f:7c:53:8f:ba:b4:65:9f:7a:
         b9:1a:eb:1e:c1:39:36:10:c0:21:a0:2d:03:7d:9c:7c:ce:44:
         53:90:b7:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pMoVXkODYJD4eJsb43cBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMTY4ZDA2MmEwYzJlNjE2NmE4MjYyYzRkNzI5OGQ3NmRl
ZGQwNGYwHhcNMjYwMTAxMjIxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDAxN2Y3N2MyNTIzOWEyNWFlNWUzZGMyNDRiYTEyMWM1YTI4YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+mzQhYMsPX21GmA6EVL2UL1RbZC
V6fWRzBr+bH6xKFR9nx2MyrKjnfkdzhH0nxjgICqby13u4dNHqdZMbIyv0dEFNqr
pnOE06VnAdaMB6ylF6vLOjCLCuVJjud7GTA91lYj4z9PwFy/V4BjquTeJA1DydY+
meDMP0HDjDUv6CEd+p5QW+huaIiBGycSnZfN3Y3/mUrjfycEQVqSRONRCdjnFsAF
L4+R4vL9whOl+7LqZCh/lCoxF3+OTSbXLhuuzno8ZRbevRf2eaPAZYMKu+FACNGb
5P7V14kvgv2lidx+N5jgmx9HNtTrfGBHfOt9FaJ1P+kV9YiummIRRqZBXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEABf3fCUjmiWuXj3CRLoSHFoow4MB8GA1UdIwQY
MBaAFLEWjQYqDC5hZqgmLE1ymNdt7dBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMt
OTY1YTM0MTgwMTM2LzEvUUFGX2Q4SlNPYUphNWVQY0pFdWhJY1dpakRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMtOTY1YTM0MTgwMTM2
LzEvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWbSMA0G
CSqGSIb3DQEBCwUAA4IBAQAnV3tBe0UOJcPxE1IC3RNEx7IcqeyzCK58G/be1Nt2
N6EXkyCiNZBD8eVC68m9uGPy+vkEXyTYN340Y1QTawc4DhLO8WHcAytwyI3PtHcT
5twbsiXemP+VetjiMIbMx5Jm4ULNUmd3VqFjUuy81glH6HtoppaynNA5otZP9oPy
6VJUnE1v08Wk8OR3ANfVQg5Na2MAF7oA5GKfRq/nwx0PYonBqkHkHtQgagDVv+tm
C9P1Ym0X7HvK0/vkw3aTsoVhWy5E5VCQFrGWJlyrF+NIvAiHaVE2ZMdNNDleBWZB
OOsvfFOPurRln3q5GusewTk2EMAhoC0DfZx8zkRTkLdj
-----END CERTIFICATE-----