This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/qrG9XLPl84E40eGjaluMQlHH30g.roa
File:                     qrG9XLPl84E40eGjaluMQlHH30g.roa (raw, json)
Hash identifier:          JZCVwj3aTdfzcFTKEfr0xBq4Umu2aHhpSpk1hh5GgSQ=
Subject key identifier:   AA:B1:BD:5C:B3:E5:F3:81:38:D1:E1:A3:6A:5B:8C:42:51:C7:DF:48
Certificate issuer:       /CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
Certificate serial:       019B7DCB48213342323795E8A809F04E4E16
Authority key identifier: 4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/qrG9XLPl84E40eGjaluMQlHH30g.roa
Signing time:             Fri 02 Jan 2026 08:20:32 +0000
ROA not before:           Fri 02 Jan 2026 08:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50330
IP address blocks:        213.244.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:48:21:33:42:32:37:95:e8:a8:09:f0:4e:4e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
        Validity
            Not Before: Jan  2 08:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aab1bd5cb3e5f38138d1e1a36a5b8c4251c7df48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:81:5e:42:33:f3:91:9f:38:65:60:10:27:96:
                    27:19:b1:64:67:fd:17:b3:fc:82:1b:21:5f:1c:d2:
                    c8:52:bd:50:10:e1:ff:46:18:d5:78:88:07:32:56:
                    eb:eb:a3:9b:e1:a6:41:2d:e6:1c:fa:94:bf:fa:3f:
                    7a:2d:14:d1:4c:30:0b:c4:a3:1b:bb:6c:b7:78:e8:
                    da:bf:b6:fa:b2:2a:39:ea:16:81:2a:43:c0:7b:2a:
                    3f:2a:92:97:a4:e0:9a:5a:cf:b8:a5:7a:72:24:de:
                    9d:cc:da:44:d2:30:42:3d:dc:bb:c1:6b:08:4a:95:
                    66:16:a2:92:8f:50:3c:28:25:ae:bd:5f:c9:f2:d3:
                    a0:cd:27:bb:52:73:a5:df:aa:0a:aa:08:8c:2a:2d:
                    da:30:80:cd:7f:10:13:a4:66:e3:89:5c:d8:3d:21:
                    30:c9:80:8d:9a:77:82:fc:3b:33:40:78:30:5f:cb:
                    e8:b2:af:3a:63:f0:6e:ee:98:4f:07:a6:f8:05:85:
                    b8:8e:0a:85:2d:67:d6:2d:48:e3:8b:b9:14:23:72:
                    8d:de:83:de:a2:8b:7f:af:78:fd:bb:d5:40:ab:e5:
                    d9:d0:25:25:3b:b5:c2:f7:40:36:97:41:56:a3:a2:
                    7b:f2:7f:02:bd:59:27:70:b0:72:48:c0:f9:3a:6d:
                    b9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B1:BD:5C:B3:E5:F3:81:38:D1:E1:A3:6A:5B:8C:42:51:C7:DF:48
            X509v3 Authority Key Identifier:
                keyid:4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/qrG9XLPl84E40eGjaluMQlHH30g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.244.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:d3:27:9f:eb:0c:58:72:5e:14:b2:5c:8f:86:da:44:8c:e6:
         68:46:d9:36:d1:d0:7a:7a:e7:c2:94:12:d1:f9:60:37:70:1e:
         81:23:e1:81:10:41:78:d7:9a:aa:93:a6:26:f7:24:17:6b:f6:
         f5:4f:2d:06:64:8a:75:35:02:65:f7:ff:84:fe:6d:06:e4:0f:
         cc:3b:db:14:fb:1b:dd:e6:82:cf:24:11:ba:46:4a:26:7e:41:
         d1:4b:7a:e6:e5:0b:36:bd:11:12:05:b7:59:f3:a3:a0:dd:08:
         37:50:5e:f7:17:c8:ce:fe:81:0f:16:46:1f:55:86:41:e8:39:
         27:f6:57:88:b5:2a:e5:6f:34:ce:06:00:fb:f6:57:88:ab:61:
         9a:0d:8f:23:3e:c3:8f:d2:08:5e:28:2c:48:36:1d:a1:0c:bb:
         ec:90:02:be:e7:dc:9d:d9:78:a0:ea:7a:b5:23:05:d2:b6:39:
         65:d4:6f:98:17:2a:aa:28:37:b0:16:80:f6:5f:f5:d6:fa:38:
         37:fa:34:55:e4:c2:3f:4d:5d:26:1a:54:67:c3:c7:20:93:e0:
         6f:b2:65:f8:5e:60:b0:1c:7c:90:00:bc:2c:07:21:59:f4:f8:
         20:5e:57:64:bc:e9:5e:0c:98:29:81:d1:d5:c7:72:4d:51:1a:
         e0:6f:3b:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y0ghM0IyN5XoqAnwTk4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzdmMjdlYjQ5OTdiM2JlZjlmMjgyNjZhMzk2OTQwNTBm
ZTc0ZjkwHhcNMjYwMTAyMDgyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWIxYmQ1Y2IzZTVmMzgxMzhkMWUxYTM2YTViOGM0MjUxYzdkZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4FeQjPzkZ84ZWAQJ5YnGbFkZ/0X
s/yCGyFfHNLIUr1QEOH/RhjVeIgHMlbr66Ob4aZBLeYc+pS/+j96LRTRTDALxKMb
u2y3eOjav7b6sio56haBKkPAeyo/KpKXpOCaWs+4pXpyJN6dzNpE0jBCPdy7wWsI
SpVmFqKSj1A8KCWuvV/J8tOgzSe7UnOl36oKqgiMKi3aMIDNfxATpGbjiVzYPSEw
yYCNmneC/DszQHgwX8vosq86Y/Bu7phPB6b4BYW4jgqFLWfWLUjji7kUI3KN3oPe
oot/r3j9u9VAq+XZ0CUlO7XC90A2l0FWo6J78n8CvVkncLBySMD5Om25HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqxvVyz5fOBONHho2pbjEJRx99IMB8GA1UdIwQY
MBaAFEw38n60mXs7758oJmo5aUBQ/nT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEt
ZWI1YTYyN2U3NmEzLzEvcXJHOVhMUGw4NEU0MGVHamFsdU1RbEhIMzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEtZWI1YTYyN2U3NmEz
LzEvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fR5MA0G
CSqGSIb3DQEBCwUAA4IBAQAR0yef6wxYcl4UslyPhtpEjOZoRtk20dB6eufClBLR
+WA3cB6BI+GBEEF415qqk6Ym9yQXa/b1Ty0GZIp1NQJl9/+E/m0G5A/MO9sU+xvd
5oLPJBG6RkomfkHRS3rm5Qs2vRESBbdZ86Og3Qg3UF73F8jO/oEPFkYfVYZB6Dkn
9leItSrlbzTOBgD79leIq2GaDY8jPsOP0gheKCxINh2hDLvskAK+59yd2Xig6nq1
IwXStjll1G+YFyqqKDewFoD2X/XW+jg3+jRV5MI/TV0mGlRnw8cgk+BvsmX4XmCw
HHyQALwsByFZ9PggXldkvOleDJgpgdHVx3JNURrgbzth
-----END CERTIFICATE-----