This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/qZ8lYrTAES5IWyxZQZaEefS3YC0.roa
File:                     qZ8lYrTAES5IWyxZQZaEefS3YC0.roa (raw, json)
Hash identifier:          TigOEyk/IxeMvvOho4DCoJ6pinlkySdim2c4kDHjteo=
Subject key identifier:   A9:9F:25:62:B4:C0:11:2E:48:5B:2C:59:41:96:84:79:F4:B7:60:2D
Certificate issuer:       /CN=474a88bc6e9e10bbaf150f019bbf8a615a2b03c2
Certificate serial:       019B7C7F886DD1A6D05CC6952D8298ED6C8D
Authority key identifier: 47:4A:88:BC:6E:9E:10:BB:AF:15:0F:01:9B:BF:8A:61:5A:2B:03:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R0qIvG6eELuvFQ8Bm7-KYVorA8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/qZ8lYrTAES5IWyxZQZaEefS3YC0.roa
Signing time:             Fri 02 Jan 2026 02:18:11 +0000
ROA not before:           Fri 02 Jan 2026 02:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44305
IP address blocks:        217.61.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/R0qIvG6eELuvFQ8Bm7-KYVorA8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/R0qIvG6eELuvFQ8Bm7-KYVorA8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R0qIvG6eELuvFQ8Bm7-KYVorA8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 17:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:88:6d:d1:a6:d0:5c:c6:95:2d:82:98:ed:6c:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=474a88bc6e9e10bbaf150f019bbf8a615a2b03c2
        Validity
            Not Before: Jan  2 02:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a99f2562b4c0112e485b2c5941968479f4b7602d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:d6:ac:08:bf:24:31:d9:30:fc:e7:d2:69:d0:
                    32:11:28:22:93:2e:b7:fc:2b:a1:bf:c0:09:a6:c6:
                    2f:7f:06:7c:5c:44:e4:77:02:84:73:0a:a0:eb:3b:
                    c3:47:34:cf:bd:51:01:14:78:27:c7:19:11:94:88:
                    0b:37:64:d5:2e:0d:ab:59:4c:ba:22:a4:e6:3c:53:
                    0e:d3:75:68:d5:c3:2e:fd:0d:79:ec:7d:2f:36:0d:
                    0b:3a:a1:22:b7:b6:3d:d7:e1:4d:0c:85:1a:72:2f:
                    13:c1:38:e3:e0:94:5e:dd:8a:c2:a6:8d:7c:05:0a:
                    8e:ce:ce:bd:a2:26:f1:87:63:f7:92:00:ca:15:42:
                    a9:97:da:54:88:58:e3:db:dd:9f:ae:79:c5:4d:62:
                    7a:bc:78:ac:20:58:71:74:3e:bd:13:aa:ba:b3:f3:
                    b6:43:ec:b5:c3:b9:ca:ed:81:1c:c2:88:9e:b1:9e:
                    8f:93:bb:ab:b1:0b:9b:18:11:14:09:94:d2:f3:5c:
                    a2:99:6c:66:b4:6b:e3:69:67:a9:1a:d2:43:aa:da:
                    5f:f4:8b:15:fa:cb:50:f1:02:a0:1d:e1:04:fe:e6:
                    98:9b:3a:40:23:7a:26:af:8d:c9:f6:2b:bd:46:44:
                    20:98:ef:e2:c1:12:b4:e3:78:50:1e:c5:22:83:55:
                    3c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:9F:25:62:B4:C0:11:2E:48:5B:2C:59:41:96:84:79:F4:B7:60:2D
            X509v3 Authority Key Identifier:
                keyid:47:4A:88:BC:6E:9E:10:BB:AF:15:0F:01:9B:BF:8A:61:5A:2B:03:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R0qIvG6eELuvFQ8Bm7-KYVorA8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/qZ8lYrTAES5IWyxZQZaEefS3YC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bad1c1-365d-41de-ad7c-ce8fc93adb21/1/R0qIvG6eELuvFQ8Bm7-KYVorA8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:14:3d:d0:f8:38:e6:af:16:a7:52:8a:e4:b4:78:d9:d8:c2:
         92:2b:23:94:75:7e:f2:ec:56:6f:81:ce:80:4d:d1:80:36:a0:
         97:65:33:75:47:a4:09:6a:07:30:ad:be:0f:cd:8e:e7:c0:ad:
         53:8c:7d:07:e1:18:56:b8:08:12:ba:16:77:20:b6:44:e0:3d:
         0f:26:7e:25:30:55:cc:ab:7b:d7:c6:bb:dc:6e:05:24:16:87:
         cd:c6:f5:1d:ae:72:b5:09:73:0c:26:bc:ce:70:d0:66:77:59:
         a8:ec:1e:a4:e7:a7:d3:bb:ee:05:5c:6e:13:09:ee:bf:50:14:
         96:6c:2c:b1:69:a4:91:20:86:6e:55:23:bd:26:fe:66:01:ee:
         2a:7c:ef:68:cd:5c:ad:45:a1:50:eb:3d:d7:74:5c:d4:d0:1b:
         3a:a0:80:61:d7:44:bf:bb:92:fc:5e:04:a3:6d:3d:de:bc:83:
         e9:db:4f:e6:09:89:11:ff:f2:33:29:f8:54:30:da:9a:ac:b3:
         51:b6:4f:3e:51:d2:f1:97:8f:9d:60:d7:24:8a:cc:c8:f9:8d:
         36:cf:a0:de:0e:c5:55:ba:fb:57:4e:2f:e7:4f:7f:bc:fb:3e:
         33:55:db:0f:57:e1:6e:c4:5e:ec:30:c5:a0:62:f5:5f:73:59:
         da:9c:21:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f4ht0abQXMaVLYKY7WyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NGE4OGJjNmU5ZTEwYmJhZjE1MGYwMTliYmY4YTYxNWEy
YjAzYzIwHhcNMjYwMTAyMDIxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTlmMjU2MmI0YzAxMTJlNDg1YjJjNTk0MTk2ODQ3OWY0Yjc2MDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8tasCL8kMdkw/OfSadAyESgiky63
/Cuhv8AJpsYvfwZ8XETkdwKEcwqg6zvDRzTPvVEBFHgnxxkRlIgLN2TVLg2rWUy6
IqTmPFMO03Vo1cMu/Q157H0vNg0LOqEit7Y91+FNDIUaci8TwTjj4JRe3YrCpo18
BQqOzs69oibxh2P3kgDKFUKpl9pUiFjj292frnnFTWJ6vHisIFhxdD69E6q6s/O2
Q+y1w7nK7YEcwoiesZ6Pk7ursQubGBEUCZTS81yimWxmtGvjaWepGtJDqtpf9IsV
+stQ8QKgHeEE/uaYmzpAI3omr43J9iu9RkQgmO/iwRK043hQHsUig1U8+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmfJWK0wBEuSFssWUGWhHn0t2AtMB8GA1UdIwQY
MBaAFEdKiLxunhC7rxUPAZu/imFaKwPCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjBxSXZHNmVFTHV2RlE4Qm03LUtZVm9yQThJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9iYWQxYzEtMzY1ZC00MWRlLWFkN2Mt
Y2U4ZmM5M2FkYjIxLzEvcVo4bFlyVEFFUzVJV3l4WlFaYUVlZlMzWUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9iYWQxYzEtMzY1ZC00MWRlLWFkN2MtY2U4ZmM5M2FkYjIx
LzEvUjBxSXZHNmVFTHV2RlE4Qm03LUtZVm9yQThJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2T26MA0G
CSqGSIb3DQEBCwUAA4IBAQCqFD3Q+DjmrxanUorktHjZ2MKSKyOUdX7y7FZvgc6A
TdGANqCXZTN1R6QJagcwrb4PzY7nwK1TjH0H4RhWuAgSuhZ3ILZE4D0PJn4lMFXM
q3vXxrvcbgUkFofNxvUdrnK1CXMMJrzOcNBmd1mo7B6k56fTu+4FXG4TCe6/UBSW
bCyxaaSRIIZuVSO9Jv5mAe4qfO9ozVytRaFQ6z3XdFzU0Bs6oIBh10S/u5L8XgSj
bT3evIPp20/mCYkR//IzKfhUMNqarLNRtk8+UdLxl4+dYNckiszI+Y02z6DeDsVV
uvtXTi/nT3+8+z4zVdsPV+FuxF7sMMWgYvVfc1nanCEF
-----END CERTIFICATE-----