This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/q_yWhOE1u8NkVnmfu-sGr4_yURA.roa
File:                     q_yWhOE1u8NkVnmfu-sGr4_yURA.roa (raw, json)
Hash identifier:          HRuGFjObGLDXfB/BWdpcsDvaWDXd7seOoyazOo0/MYE=
Subject key identifier:   AB:FC:96:84:E1:35:BB:C3:64:56:79:9F:BB:EB:06:AF:8F:F2:51:10
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019B797F3B1358962F839B23696547EB6230
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/q_yWhOE1u8NkVnmfu-sGr4_yURA.roa
Signing time:             Thu 01 Jan 2026 12:18:59 +0000
ROA not before:           Thu 01 Jan 2026 12:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209133
IP address blocks:        170.168.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:3b:13:58:96:2f:83:9b:23:69:65:47:eb:62:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan  1 12:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abfc9684e135bbc36456799fbbeb06af8ff25110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:04:24:a0:21:85:23:67:ba:73:2d:5c:50:7e:
                    7f:20:70:8c:ed:a0:dd:ed:58:0e:0c:56:42:23:c1:
                    ec:ff:5f:ba:01:9a:3b:2f:c8:2f:63:9d:6d:35:9a:
                    c3:d7:43:aa:09:d9:4c:89:84:8d:5b:f0:69:32:cf:
                    f5:bb:61:24:52:0a:d2:7d:9f:75:c2:94:51:aa:e5:
                    a3:41:1c:4b:e9:7a:89:a6:16:b0:64:7f:1d:7e:a4:
                    74:97:da:18:32:8f:ab:18:76:c8:db:85:66:e6:2b:
                    0d:98:6b:01:0d:20:f0:ca:41:20:5d:1e:6f:a6:3c:
                    85:53:ba:24:06:69:7c:d6:2a:8e:af:21:7b:fd:ac:
                    e8:de:d0:05:54:53:10:4f:45:ea:b6:48:52:85:33:
                    b0:cb:d4:0a:89:16:6c:19:d9:4b:95:32:5e:16:fc:
                    35:b4:ef:e8:fa:f8:5c:26:87:9c:08:29:4b:15:b4:
                    b7:6f:08:00:bf:e8:81:01:3c:91:cc:c2:31:01:f9:
                    99:2f:98:02:aa:dd:ac:fc:31:df:5e:63:fb:84:38:
                    8b:69:46:83:74:9e:bf:c0:f6:46:36:4b:f0:79:ff:
                    4b:70:48:78:cc:e6:cb:95:98:70:69:2e:4f:97:2c:
                    68:ec:8e:df:75:52:b5:be:1f:d1:b9:27:ea:cd:71:
                    e6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:FC:96:84:E1:35:BB:C3:64:56:79:9F:BB:EB:06:AF:8F:F2:51:10
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/q_yWhOE1u8NkVnmfu-sGr4_yURA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:31:fd:ae:8b:1e:18:51:98:31:a2:db:ee:87:87:a8:4b:a8:
         fc:41:c2:e9:b6:c3:f3:e5:41:6a:9f:6d:0a:da:3e:0f:42:70:
         b1:05:d0:1d:f1:64:45:14:e3:f8:31:1f:15:e7:9c:35:11:b1:
         4e:63:5b:3a:ec:52:71:91:8f:bd:75:8a:05:a0:61:ce:06:51:
         05:95:8a:95:e1:c2:ea:15:66:72:4b:77:ed:4a:a8:b9:fe:e2:
         77:5b:f2:69:61:4d:5c:4c:e6:58:0e:85:5d:53:2b:b7:ff:d9:
         8d:e6:90:0b:54:e9:bc:6d:af:95:19:65:a5:18:b3:e6:ab:0a:
         66:c8:1b:a9:08:bd:ff:38:16:23:ba:b7:d9:a2:d7:52:ec:d0:
         90:32:ec:e7:52:20:a8:4d:ee:a0:e4:d2:b0:8c:c6:fe:4b:a5:
         5e:42:0e:79:03:ff:e9:b2:9c:5d:b4:26:00:7e:58:48:3b:e3:
         77:0c:2e:d6:62:4d:55:e6:0a:9c:77:77:42:1d:ec:29:9e:44:
         52:08:99:3c:39:f1:ac:56:a1:ec:52:d4:14:42:36:83:03:b1:
         4e:57:aa:83:78:1f:a8:85:71:47:4e:f8:3a:dd:8c:7b:e5:f6:
         6b:1c:ab:38:47:bf:19:0d:87:be:23:ff:9d:c9:e5:99:1e:22:
         80:47:a7:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fzsTWJYvg5sjaWVH62IwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMTAxMTIxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmZjOTY4NGUxMzViYmMzNjQ1Njc5OWZiYmViMDZhZjhmZjI1MTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgQkoCGFI2e6cy1cUH5/IHCM7aDd
7VgODFZCI8Hs/1+6AZo7L8gvY51tNZrD10OqCdlMiYSNW/BpMs/1u2EkUgrSfZ91
wpRRquWjQRxL6XqJphawZH8dfqR0l9oYMo+rGHbI24Vm5isNmGsBDSDwykEgXR5v
pjyFU7okBml81iqOryF7/azo3tAFVFMQT0XqtkhShTOwy9QKiRZsGdlLlTJeFvw1
tO/o+vhcJoecCClLFbS3bwgAv+iBATyRzMIxAfmZL5gCqt2s/DHfXmP7hDiLaUaD
dJ6/wPZGNkvwef9LcEh4zObLlZhwaS5Plyxo7I7fdVK1vh/RuSfqzXHmsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv8loThNbvDZFZ5n7vrBq+P8lEQMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvcV95V2hPRTF1OE5rVm5tZnUtc0dyNF95VVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhIMA0G
CSqGSIb3DQEBCwUAA4IBAQBeMf2uix4YUZgxotvuh4eoS6j8QcLptsPz5UFqn20K
2j4PQnCxBdAd8WRFFOP4MR8V55w1EbFOY1s67FJxkY+9dYoFoGHOBlEFlYqV4cLq
FWZyS3ftSqi5/uJ3W/JpYU1cTOZYDoVdUyu3/9mN5pALVOm8ba+VGWWlGLPmqwpm
yBupCL3/OBYjurfZotdS7NCQMuznUiCoTe6g5NKwjMb+S6VeQg55A//pspxdtCYA
flhIO+N3DC7WYk1V5gqcd3dCHewpnkRSCJk8OfGsVqHsUtQUQjaDA7FOV6qDeB+o
hXFHTvg63Yx75fZrHKs4R78ZDYe+I/+dyeWZHiKAR6dR
-----END CERTIFICATE-----