This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/Q7kbnNNnbSsZFlsov6ILXxHCTdM.roa
File:                     Q7kbnNNnbSsZFlsov6ILXxHCTdM.roa (raw, json)
Hash identifier:          VhgI6TuEjkaCFM/zUTKmnIt5ZWs9IQY5K9aBKoHxwD8=
Subject key identifier:   43:B9:1B:9C:D3:67:6D:2B:19:16:5B:28:BF:A2:0B:5F:11:C2:4D:D3
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       019B7DC95222478F52C5C4CBE115514009DD
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/Q7kbnNNnbSsZFlsov6ILXxHCTdM.roa
Signing time:             Fri 02 Jan 2026 08:18:24 +0000
ROA not before:           Fri 02 Jan 2026 08:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        14.102.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:52:22:47:8f:52:c5:c4:cb:e1:15:51:40:09:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jan  2 08:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43b91b9cd3676d2b19165b28bfa20b5f11c24dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ee:cb:05:7d:bc:62:bf:2e:0b:37:5b:ee:b3:
                    8f:2e:39:8f:e0:46:aa:c8:c5:b4:29:3f:2b:fe:26:
                    37:9e:b4:d6:64:93:2f:84:ad:a8:61:fb:c8:42:fd:
                    f8:0e:7b:b4:1b:94:ed:19:35:55:52:a8:2e:2e:2f:
                    d9:ae:06:93:21:5e:a4:f0:45:2a:a8:9c:99:84:f4:
                    37:2d:c9:1f:f1:a1:0f:1a:65:1e:73:95:cc:e5:4a:
                    84:ec:48:27:76:9b:a8:3d:ec:35:19:1b:3a:e1:d7:
                    1a:ee:32:ef:24:ec:4a:86:16:14:1b:33:2b:5c:27:
                    4f:77:94:da:28:13:ff:a2:f3:0f:85:2d:c5:6f:d2:
                    96:01:b8:96:0e:0a:6e:32:22:04:33:c7:c3:33:d3:
                    e4:6e:c5:41:4e:30:94:56:ed:40:16:61:83:82:b3:
                    24:74:b0:b4:4e:d3:d0:64:f8:bc:56:c3:97:ca:fc:
                    ef:a5:ec:48:0f:02:2c:95:6d:6f:e5:b3:99:1c:20:
                    80:1c:43:b0:55:4a:92:a9:ac:16:d4:22:fd:e6:5e:
                    41:67:e3:81:df:3f:de:a4:c8:64:ad:58:5e:a3:0c:
                    09:a3:89:cc:11:2a:9a:09:9f:2d:17:88:4a:2d:82:
                    f6:6a:ed:96:41:cf:3b:d4:77:95:8f:08:82:88:ec:
                    51:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B9:1B:9C:D3:67:6D:2B:19:16:5B:28:BF:A2:0B:5F:11:C2:4D:D3
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/Q7kbnNNnbSsZFlsov6ILXxHCTdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:ab:7c:10:50:2d:28:3f:76:96:12:7f:64:22:4c:13:51:e9:
         09:88:87:2c:1f:a7:48:48:5c:43:4a:db:9e:22:13:33:09:11:
         c8:96:f9:ad:7c:a4:8f:da:3d:91:43:57:f1:21:d6:0f:fa:50:
         e3:5b:ad:d8:f9:f5:66:66:71:66:90:82:4a:4b:fe:35:44:6f:
         4c:b6:19:9c:1c:9f:3b:3d:8f:69:1f:cf:c2:0b:48:77:26:55:
         2a:0c:cb:df:76:31:20:0e:62:59:79:1a:0a:0d:9a:6d:ed:6a:
         73:b2:8a:b2:94:be:d3:c0:3e:42:22:a9:be:4b:46:8b:21:5f:
         c8:44:0f:b2:d0:64:1c:41:79:37:6c:ff:64:e8:c8:69:31:14:
         93:47:a8:39:42:8b:27:f7:fb:2f:b7:ab:0e:7e:3d:76:07:9d:
         88:cb:61:55:ea:52:0a:51:26:71:55:88:92:16:59:ff:5e:a7:
         50:72:5b:13:d9:ce:42:9e:66:fb:31:13:67:ed:1d:2d:86:cc:
         0c:bd:93:10:e7:c7:2f:86:43:8b:ab:61:ea:83:58:fd:40:bc:
         36:0d:97:99:64:01:29:5c:4f:d8:1d:30:be:e7:8a:ce:5b:c4:
         78:59:3f:e0:a0:df:d6:79:d0:da:58:f0:0e:c5:f6:cd:ed:62:
         e5:e1:b5:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yVIiR49SxcTL4RVRQAndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjYwMTAyMDgxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2I5MWI5Y2QzNjc2ZDJiMTkxNjViMjhiZmEyMGI1ZjExYzI0ZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+7LBX28Yr8uCzdb7rOPLjmP4Eaq
yMW0KT8r/iY3nrTWZJMvhK2oYfvIQv34Dnu0G5TtGTVVUqguLi/ZrgaTIV6k8EUq
qJyZhPQ3Lckf8aEPGmUec5XM5UqE7EgndpuoPew1GRs64dca7jLvJOxKhhYUGzMr
XCdPd5TaKBP/ovMPhS3Fb9KWAbiWDgpuMiIEM8fDM9PkbsVBTjCUVu1AFmGDgrMk
dLC0TtPQZPi8VsOXyvzvpexIDwIslW1v5bOZHCCAHEOwVUqSqawW1CL95l5BZ+OB
3z/epMhkrVheowwJo4nMESqaCZ8tF4hKLYL2au2WQc871HeVjwiCiOxRfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEO5G5zTZ20rGRZbKL+iC18Rwk3TMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvUTdrYm5OTm5iU3NaRmxzb3Y2SUxYeEhDVGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmZaMA0G
CSqGSIb3DQEBCwUAA4IBAQAkq3wQUC0oP3aWEn9kIkwTUekJiIcsH6dISFxDStue
IhMzCRHIlvmtfKSP2j2RQ1fxIdYP+lDjW63Y+fVmZnFmkIJKS/41RG9MthmcHJ87
PY9pH8/CC0h3JlUqDMvfdjEgDmJZeRoKDZpt7WpzsoqylL7TwD5CIqm+S0aLIV/I
RA+y0GQcQXk3bP9k6MhpMRSTR6g5Qosn9/svt6sOfj12B52Iy2FV6lIKUSZxVYiS
Fln/XqdQclsT2c5Cnmb7MRNn7R0thswMvZMQ58cvhkOLq2Hqg1j9QLw2DZeZZAEp
XE/YHTC+54rOW8R4WT/goN/WedDaWPAOxfbN7WLl4bVL
-----END CERTIFICATE-----