This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/UqFzq2RNZbWlDFVYyZprB1_1sEM.roa
File:                     UqFzq2RNZbWlDFVYyZprB1_1sEM.roa (raw, json)
Hash identifier:          hO5jaxlS37jXDAccfSZYbNyHj2vkt1PuodFiaALX0Zg=
Subject key identifier:   52:A1:73:AB:64:4D:65:B5:A5:0C:55:58:C9:9A:6B:07:5F:F5:B0:43
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019B791073597FC336973190AF2E4A0AE171
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/UqFzq2RNZbWlDFVYyZprB1_1sEM.roa
Signing time:             Thu 01 Jan 2026 10:17:59 +0000
ROA not before:           Thu 01 Jan 2026 10:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43576
IP address blocks:        217.147.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:73:59:7f:c3:36:97:31:90:af:2e:4a:0a:e1:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  1 10:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52a173ab644d65b5a50c5558c99a6b075ff5b043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:55:12:7a:0b:b3:4f:8c:0d:b5:b7:25:56:a1:
                    9f:73:cf:f6:f7:3d:0e:0b:f5:5a:41:a4:a3:01:54:
                    75:25:69:5a:29:45:70:07:8d:25:f7:76:6f:6d:8b:
                    6c:ea:18:f8:60:fc:53:e1:e1:a0:0c:18:ed:9d:49:
                    9a:8c:b2:74:5f:47:ce:3b:41:7c:b2:1e:fa:b4:49:
                    11:71:36:07:8f:d3:96:04:af:f8:99:d7:62:ce:c2:
                    6e:ea:a7:0e:0e:a7:e5:52:e7:ea:7e:fd:29:33:62:
                    78:f0:74:79:52:23:d2:d4:ae:b5:06:1e:5b:36:4d:
                    4f:5f:4b:62:fd:16:8c:85:d2:14:df:e1:04:3f:9e:
                    fd:8e:d8:f4:03:1f:9e:53:85:88:2c:f9:d0:50:62:
                    7c:c4:b1:0a:40:2a:81:c8:fe:1b:8c:d6:fd:b3:46:
                    90:2e:ac:2a:58:76:18:b5:2d:ea:33:c2:2f:be:0b:
                    e4:46:e5:2e:dc:f2:e5:19:66:8c:e6:ce:f4:ae:00:
                    eb:0b:51:a0:7c:9a:da:19:2e:0b:5e:46:ac:3a:dd:
                    d5:4b:8c:35:e5:43:97:53:11:31:0e:79:c9:4e:65:
                    85:9b:a5:4c:6a:05:79:0d:cb:4d:cb:da:ec:0a:6d:
                    0a:36:0c:af:17:bc:53:a8:23:99:9d:fc:9a:2b:dd:
                    12:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:A1:73:AB:64:4D:65:B5:A5:0C:55:58:C9:9A:6B:07:5F:F5:B0:43
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/UqFzq2RNZbWlDFVYyZprB1_1sEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:3f:74:d7:5c:6e:0e:33:26:49:3a:ba:48:14:88:c8:a6:00:
         67:b4:34:02:28:c6:72:77:3e:98:71:1a:15:e6:87:cf:c4:a0:
         00:48:ff:0d:b2:2b:aa:30:88:2f:2b:22:01:32:c9:a8:e5:f4:
         ae:bd:61:7a:f4:6a:84:27:04:0b:5c:b7:96:8e:57:42:6e:1c:
         6f:8f:4a:1b:90:ef:4c:5b:11:68:8b:a6:be:6d:bf:76:fe:9a:
         34:ba:a8:3e:34:c1:24:ae:d7:95:4d:83:04:3e:02:d1:c1:a4:
         2a:ea:c5:83:70:25:18:08:13:67:f7:95:b2:f2:c0:4b:eb:52:
         55:74:94:2f:96:cf:ad:55:fb:66:c3:57:ac:99:d7:93:54:f8:
         cf:f9:1b:47:7f:a5:44:f8:c8:7c:20:57:7a:d6:a9:88:22:00:
         99:14:12:e4:c2:35:95:8a:fc:f5:ac:58:9f:98:04:6e:f8:72:
         bb:a9:d9:a2:d7:a2:48:ba:9a:2d:28:91:42:b5:4f:28:02:2d:
         38:a2:8f:be:5b:86:51:2f:37:61:6d:a3:96:1f:d5:5d:9b:a9:
         4d:bc:cc:3b:b9:27:33:13:e3:ad:1b:ce:9b:b1:80:de:79:a7:
         60:bf:b9:6b:51:2f:c8:e4:2b:6e:bf:ff:ec:b8:a8:2f:6c:74:
         83:bb:37:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHNZf8M2lzGQry5KCuFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjYwMTAxMTAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmExNzNhYjY0NGQ2NWI1YTUwYzU1NThjOTlhNmIwNzVmZjViMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31USeguzT4wNtbclVqGfc8/29z0O
C/VaQaSjAVR1JWlaKUVwB40l93ZvbYts6hj4YPxT4eGgDBjtnUmajLJ0X0fOO0F8
sh76tEkRcTYHj9OWBK/4mddizsJu6qcODqflUufqfv0pM2J48HR5UiPS1K61Bh5b
Nk1PX0ti/RaMhdIU3+EEP579jtj0Ax+eU4WILPnQUGJ8xLEKQCqByP4bjNb9s0aQ
LqwqWHYYtS3qM8IvvgvkRuUu3PLlGWaM5s70rgDrC1GgfJraGS4LXkasOt3VS4w1
5UOXUxExDnnJTmWFm6VMagV5DctNy9rsCm0KNgyvF7xTqCOZnfyaK90SmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKhc6tkTWW1pQxVWMmaawdf9bBDMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvVXFGenEyUk5aYldsREZWWXlacHJCMV8xc0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOiMA0G
CSqGSIb3DQEBCwUAA4IBAQBKP3TXXG4OMyZJOrpIFIjIpgBntDQCKMZydz6YcRoV
5ofPxKAASP8NsiuqMIgvKyIBMsmo5fSuvWF69GqEJwQLXLeWjldCbhxvj0obkO9M
WxFoi6a+bb92/po0uqg+NMEkrteVTYMEPgLRwaQq6sWDcCUYCBNn95Wy8sBL61JV
dJQvls+tVftmw1esmdeTVPjP+RtHf6VE+Mh8IFd61qmIIgCZFBLkwjWVivz1rFif
mARu+HK7qdmi16JIupotKJFCtU8oAi04oo++W4ZRLzdhbaOWH9Vdm6lNvMw7uScz
E+OtG86bsYDeeadgv7lrUS/I5Ctuv//suKgvbHSDuzeM
-----END CERTIFICATE-----