This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/AbVQaKQEw8WVeNiGif6x9RD1dvY.roa
File:                     AbVQaKQEw8WVeNiGif6x9RD1dvY.roa (raw, json)
Hash identifier:          o6ZCXdoQRyBHIynvo2/Nzx+Ep3zCN6VCUl5Zpi2zpAs=
Subject key identifier:   01:B5:50:68:A4:04:C3:C5:95:78:D8:86:89:FE:B1:F5:10:F5:76:F6
Certificate issuer:       /CN=30747494ff4e26578d9deabe2ee6d004b3fe2d8c
Certificate serial:       019B7A5B510E9EDD493B1E7F5741E17A8067
Authority key identifier: 30:74:74:94:FF:4E:26:57:8D:9D:EA:BE:2E:E6:D0:04:B3:FE:2D:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MHR0lP9OJleNneq-LubQBLP-LYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/AbVQaKQEw8WVeNiGif6x9RD1dvY.roa
Signing time:             Thu 01 Jan 2026 16:19:23 +0000
ROA not before:           Thu 01 Jan 2026 16:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209783
IP address blocks:        194.31.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/MHR0lP9OJleNneq-LubQBLP-LYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/MHR0lP9OJleNneq-LubQBLP-LYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MHR0lP9OJleNneq-LubQBLP-LYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:51:0e:9e:dd:49:3b:1e:7f:57:41:e1:7a:80:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30747494ff4e26578d9deabe2ee6d004b3fe2d8c
        Validity
            Not Before: Jan  1 16:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01b55068a404c3c59578d88689feb1f510f576f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:df:11:9d:6a:91:04:d7:3a:8b:81:7f:13:1b:
                    b6:f0:61:ff:3c:28:09:ac:ce:4a:f9:b1:96:78:33:
                    a1:86:f7:55:5d:d7:5f:ec:57:24:24:3d:94:22:8b:
                    3d:d9:98:a7:62:a1:f0:77:f2:04:11:f4:f3:c6:ec:
                    e2:95:c0:2c:b9:f6:45:af:8c:df:eb:7d:8a:f5:31:
                    7d:ce:40:06:6e:5b:27:b1:13:7f:5b:81:32:dd:c3:
                    c7:19:ea:9d:63:04:c9:df:88:03:4d:f7:23:f2:39:
                    35:a3:f1:34:1a:ea:fd:ed:c2:0b:e1:10:7d:5e:88:
                    45:5e:a3:89:96:cc:ee:61:02:21:a9:6b:cb:1e:e8:
                    52:95:29:60:53:1e:98:c5:46:96:31:0b:b2:5e:4b:
                    81:72:21:9e:fc:a9:2c:9b:e9:c6:87:ed:55:bd:b0:
                    b7:5c:83:3a:55:96:ef:50:d5:5d:b7:07:4f:79:f4:
                    52:12:ca:18:de:f0:0d:dd:dd:fa:ac:ec:8d:b1:59:
                    2b:9e:32:7b:36:54:c1:13:5b:63:05:45:c1:c5:1d:
                    38:e7:16:b2:b7:bd:95:7f:41:e7:75:47:43:c7:ee:
                    df:9f:7d:41:93:2e:8e:e0:df:92:37:2e:f8:ac:c0:
                    df:3e:6d:34:15:c6:b2:c1:28:4f:ee:cd:5a:28:58:
                    70:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B5:50:68:A4:04:C3:C5:95:78:D8:86:89:FE:B1:F5:10:F5:76:F6
            X509v3 Authority Key Identifier:
                keyid:30:74:74:94:FF:4E:26:57:8D:9D:EA:BE:2E:E6:D0:04:B3:FE:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MHR0lP9OJleNneq-LubQBLP-LYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/AbVQaKQEw8WVeNiGif6x9RD1dvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/MHR0lP9OJleNneq-LubQBLP-LYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:57:48:dc:c1:20:39:28:42:e8:1a:35:db:c8:d4:be:8a:a8:
         90:d9:bd:e1:98:19:37:14:d3:7b:b2:82:a7:5a:fd:ff:91:c3:
         58:c8:06:b7:5b:8e:55:29:c9:7a:7d:94:e8:fd:f8:8e:e3:f8:
         26:74:1e:af:0a:e4:fa:fe:d7:b1:d7:6e:89:de:76:0b:0c:3e:
         6d:43:3f:ff:ea:e7:c1:ab:fc:bf:04:aa:c4:e4:2c:e2:e0:0e:
         dd:43:16:f6:81:94:9b:ad:42:d4:c8:54:bc:f3:2c:d7:09:af:
         46:58:ed:db:27:b4:bf:73:af:56:ad:ee:32:e2:7b:63:06:46:
         6a:38:4b:39:21:f4:2b:bb:7d:20:d8:9b:6c:b0:49:b7:73:7a:
         ae:73:e1:e5:a1:f7:5a:1b:a2:63:bd:02:09:bd:24:1a:ab:ad:
         94:8a:68:93:90:80:c8:86:e3:b2:86:3e:a2:a1:43:dd:c5:01:
         02:70:d5:d6:43:da:a0:4b:ce:ee:fa:6b:c5:85:3e:a5:cc:49:
         ed:33:47:1b:14:e9:4b:25:3b:b4:23:79:6a:90:f9:ad:a8:79:
         84:82:b9:4d:86:36:42:fd:22:0a:ec:74:81:95:48:ed:df:6d:
         5c:8d:b5:47:81:52:64:71:bb:ac:36:50:15:ce:29:eb:f6:80:
         6b:14:4f:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W1EOnt1JOx5/V0HheoBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNzQ3NDk0ZmY0ZTI2NTc4ZDlkZWFiZTJlZTZkMDA0YjNm
ZTJkOGMwHhcNMjYwMTAxMTYxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWI1NTA2OGE0MDRjM2M1OTU3OGQ4ODY4OWZlYjFmNTEwZjU3NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9N8RnWqRBNc6i4F/Exu28GH/PCgJ
rM5K+bGWeDOhhvdVXddf7FckJD2UIos92ZinYqHwd/IEEfTzxuzilcAsufZFr4zf
632K9TF9zkAGblsnsRN/W4Ey3cPHGeqdYwTJ34gDTfcj8jk1o/E0Gur97cIL4RB9
XohFXqOJlszuYQIhqWvLHuhSlSlgUx6YxUaWMQuyXkuBciGe/Kksm+nGh+1VvbC3
XIM6VZbvUNVdtwdPefRSEsoY3vAN3d36rOyNsVkrnjJ7NlTBE1tjBUXBxR045xay
t72Vf0HndUdDx+7fn31Bky6O4N+SNy74rMDfPm00FcaywShP7s1aKFhwlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG1UGikBMPFlXjYhon+sfUQ9Xb2MB8GA1UdIwQY
MBaAFDB0dJT/TiZXjZ3qvi7m0ASz/i2MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUhSMGxQOU9KbGVObmVxLUx1YlFCTFAtTFl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iY2Y5YTMtNjk2My00M2MzLWI4ZGQt
Mzg5YTMwOThlYzJhLzEvQWJWUWFLUUV3OFdWZU5pR2lmNng5UkQxZHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iY2Y5YTMtNjk2My00M2MzLWI4ZGQtMzg5YTMwOThlYzJh
LzEvTUhSMGxQOU9KbGVObmVxLUx1YlFCTFAtTFl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh9sMA0G
CSqGSIb3DQEBCwUAA4IBAQASV0jcwSA5KELoGjXbyNS+iqiQ2b3hmBk3FNN7soKn
Wv3/kcNYyAa3W45VKcl6fZTo/fiO4/gmdB6vCuT6/tex126J3nYLDD5tQz//6ufB
q/y/BKrE5Czi4A7dQxb2gZSbrULUyFS88yzXCa9GWO3bJ7S/c69Wre4y4ntjBkZq
OEs5IfQru30g2JtssEm3c3quc+HlofdaG6JjvQIJvSQaq62UimiTkIDIhuOyhj6i
oUPdxQECcNXWQ9qgS87u+mvFhT6lzEntM0cbFOlLJTu0I3lqkPmtqHmEgrlNhjZC
/SIK7HSBlUjt321cjbVHgVJkcbusNlAVzinr9oBrFE8A
-----END CERTIFICATE-----