This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/qZ8aQgjdabGbDv-i6H620T5YhwY.roa
File:                     qZ8aQgjdabGbDv-i6H620T5YhwY.roa (raw, json)
Hash identifier:          UdXrLbOlQenxMN6hG/0L/eJWuifEwthlbNrK+9DhFyc=
Subject key identifier:   A9:9F:1A:42:08:DD:69:B1:9B:0E:FF:A2:E8:7E:B6:D1:3E:58:87:06
Certificate issuer:       /CN=771bce29a36cbde898ac00707db95143f86a7922
Certificate serial:       019B76EB7584B54E634046B6002605582C90
Authority key identifier: 77:1B:CE:29:A3:6C:BD:E8:98:AC:00:70:7D:B9:51:43:F8:6A:79:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dxvOKaNsveiYrABwfblRQ_hqeSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/qZ8aQgjdabGbDv-i6H620T5YhwY.roa
Signing time:             Thu 01 Jan 2026 00:18:21 +0000
ROA not before:           Thu 01 Jan 2026 00:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8893
IP address blocks:        194.105.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/dxvOKaNsveiYrABwfblRQ_hqeSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/dxvOKaNsveiYrABwfblRQ_hqeSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dxvOKaNsveiYrABwfblRQ_hqeSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:75:84:b5:4e:63:40:46:b6:00:26:05:58:2c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=771bce29a36cbde898ac00707db95143f86a7922
        Validity
            Not Before: Jan  1 00:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a99f1a4208dd69b19b0effa2e87eb6d13e588706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:20:6f:1e:6b:71:13:d7:dd:ac:03:45:ee:73:
                    36:a3:3e:83:5c:86:3f:5f:97:25:bb:f0:01:81:6b:
                    0f:ea:5c:01:ee:f9:c4:6f:6d:c6:6a:d5:fc:59:b4:
                    92:eb:cc:80:7f:9a:88:6a:36:40:9f:98:f7:07:de:
                    f2:2c:3b:39:58:b2:ad:dc:99:09:0a:d7:95:55:2c:
                    0e:3d:c2:a6:cf:c7:e3:fb:ed:4e:47:ba:52:ae:e7:
                    0b:bb:9b:24:5e:77:92:a5:77:93:33:57:a0:86:47:
                    e7:f8:bc:51:64:e0:76:41:2b:c9:d8:a5:74:bd:84:
                    76:6a:91:8b:a0:38:69:4f:95:36:00:d4:e9:8e:8d:
                    bd:15:0b:b4:55:38:a0:99:5f:97:c3:59:f8:eb:b8:
                    a6:30:65:ee:70:db:c3:bc:ec:82:bd:1b:19:97:d0:
                    38:ab:07:b9:fd:a3:53:16:3d:cc:ae:4c:a9:fa:8d:
                    98:db:78:f2:f2:f6:57:c9:c3:55:39:c7:fa:76:dc:
                    f9:71:33:da:b0:0c:f5:dc:a0:11:6c:b2:26:8a:d4:
                    32:d1:e3:af:62:f7:1c:09:b5:93:8d:61:55:be:24:
                    99:bb:64:0d:62:5d:87:74:d2:f2:21:df:62:5e:df:
                    8d:52:c0:6f:23:ea:fc:27:60:74:31:3e:28:e5:18:
                    85:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:9F:1A:42:08:DD:69:B1:9B:0E:FF:A2:E8:7E:B6:D1:3E:58:87:06
            X509v3 Authority Key Identifier:
                keyid:77:1B:CE:29:A3:6C:BD:E8:98:AC:00:70:7D:B9:51:43:F8:6A:79:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dxvOKaNsveiYrABwfblRQ_hqeSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/qZ8aQgjdabGbDv-i6H620T5YhwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/dxvOKaNsveiYrABwfblRQ_hqeSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:6d:b1:70:27:f9:20:dc:1a:d4:4a:d1:8f:06:6f:5a:71:e7:
         ae:36:fa:d9:cd:50:a3:66:43:21:3c:51:82:a4:ca:25:23:dc:
         0f:68:38:13:49:6c:99:0c:20:50:61:e9:49:46:dd:6b:20:11:
         40:a5:e1:9e:77:3e:83:c0:85:f3:f1:03:c3:06:70:ac:34:ec:
         60:8b:7e:87:b4:f3:31:75:e4:73:aa:c1:c9:23:a0:bf:fd:84:
         1f:d6:50:97:1a:87:c3:20:28:f7:78:12:0a:9f:72:51:1c:e8:
         52:6d:a0:cf:b4:63:f6:a1:25:21:e9:12:e7:0b:b0:e8:f0:7c:
         50:f8:c8:05:40:12:1c:b4:cf:e8:7b:7c:ee:86:30:20:ed:2d:
         2c:b4:54:df:af:b8:48:1e:0c:d2:49:ac:5b:87:0a:27:b3:30:
         f2:64:2f:16:4b:2b:7b:d8:b9:58:88:40:a7:f1:61:24:80:b4:
         ce:ba:d0:09:e3:40:2e:d5:df:2b:68:ae:36:75:6f:6d:72:0f:
         45:6e:86:2e:14:38:b5:52:ee:da:14:47:bb:8e:3a:b6:e8:e8:
         95:cd:7f:7d:2b:07:76:6f:0a:2b:84:e2:31:45:39:f8:11:92:
         74:1a:96:30:7c:3b:ee:19:57:1d:00:e6:06:83:3c:69:e8:41:
         86:e2:d2:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt263WEtU5jQEa2ACYFWCyQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MWJjZTI5YTM2Y2JkZTg5OGFjMDA3MDdkYjk1MTQzZjg2
YTc5MjIwHhcNMjYwMTAxMDAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTlmMWE0MjA4ZGQ2OWIxOWIwZWZmYTJlODdlYjZkMTNlNTg4NzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCBvHmtxE9fdrANF7nM2oz6DXIY/
X5clu/ABgWsP6lwB7vnEb23GatX8WbSS68yAf5qIajZAn5j3B97yLDs5WLKt3JkJ
CteVVSwOPcKmz8fj++1OR7pSrucLu5skXneSpXeTM1eghkfn+LxRZOB2QSvJ2KV0
vYR2apGLoDhpT5U2ANTpjo29FQu0VTigmV+Xw1n467imMGXucNvDvOyCvRsZl9A4
qwe5/aNTFj3Mrkyp+o2Y23jy8vZXycNVOcf6dtz5cTPasAz13KARbLImitQy0eOv
YvccCbWTjWFVviSZu2QNYl2HdNLyId9iXt+NUsBvI+r8J2B0MT4o5RiFyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmfGkII3Wmxmw7/ouh+ttE+WIcGMB8GA1UdIwQY
MBaAFHcbzimjbL3omKwAcH25UUP4ankiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHh2T0thTnN2ZWlZckFCd2ZibFJRX2hxZVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9kZDZlYTctYmRiOC00N2MzLTk2NGYt
MmFmOTE3ODM4MmZiLzEvcVo4YVFnamRhYkdiRHYtaTZINjIwVDVZaHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9kZDZlYTctYmRiOC00N2MzLTk2NGYtMmFmOTE3ODM4MmZi
LzEvZHh2T0thTnN2ZWlZckFCd2ZibFJRX2hxZVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmmSMA0G
CSqGSIb3DQEBCwUAA4IBAQApbbFwJ/kg3BrUStGPBm9aceeuNvrZzVCjZkMhPFGC
pMolI9wPaDgTSWyZDCBQYelJRt1rIBFApeGedz6DwIXz8QPDBnCsNOxgi36HtPMx
deRzqsHJI6C//YQf1lCXGofDICj3eBIKn3JRHOhSbaDPtGP2oSUh6RLnC7Do8HxQ
+MgFQBIctM/oe3zuhjAg7S0stFTfr7hIHgzSSaxbhwonszDyZC8WSyt72LlYiECn
8WEkgLTOutAJ40Au1d8raK42dW9tcg9FboYuFDi1Uu7aFEe7jjq26OiVzX99Kwd2
bworhOIxRTn4EZJ0GpYwfDvuGVcdAOYGgzxp6EGG4tKG
-----END CERTIFICATE-----