This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/jQ-BZ183u_LUlZapfx_6bO5Fcbo.roa
File:                     jQ-BZ183u_LUlZapfx_6bO5Fcbo.roa (raw, json)
Hash identifier:          evJDPjhd4Xd7GaOP8Tsnz8tSIn8B3VRESbVEgJ+Ho4g=
Subject key identifier:   8D:0F:81:67:5F:37:BB:F2:D4:95:96:A9:7F:1F:FA:6C:EE:45:71:BA
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019B791074C2A5840D5926F7E9195A47D2E4
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/jQ-BZ183u_LUlZapfx_6bO5Fcbo.roa
Signing time:             Thu 01 Jan 2026 10:18:00 +0000
ROA not before:           Thu 01 Jan 2026 10:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207305
IP address blocks:        217.147.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:74:c2:a5:84:0d:59:26:f7:e9:19:5a:47:d2:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  1 10:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d0f81675f37bbf2d49596a97f1ffa6cee4571ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:43:bb:d3:cb:fe:06:a0:aa:03:5d:65:72:15:
                    59:4d:5d:e4:f8:c3:f1:6b:ad:a7:9e:3d:a4:e0:8a:
                    2f:c3:3b:a7:54:5b:cb:73:8f:12:ae:ca:4c:15:8d:
                    83:43:fb:05:5f:7f:16:27:4a:b3:bf:8d:71:2b:7f:
                    cf:d6:ba:2e:d8:ae:a5:6b:bf:63:4c:f0:24:66:6e:
                    c9:52:73:a8:b8:d7:75:6a:97:5f:b5:16:9b:f2:18:
                    9e:0c:6e:1a:bd:e2:5b:34:af:fb:07:ef:f4:fe:39:
                    c1:1c:09:c9:9c:81:5b:07:0f:5c:c1:15:35:21:5a:
                    e7:a9:71:5d:74:af:56:bf:b1:6e:e0:b9:95:5c:b2:
                    91:e9:03:0b:5f:c0:bf:61:e0:f6:d2:4f:7a:75:f3:
                    92:8f:79:7d:e8:ee:df:14:61:c2:1c:91:0f:7a:5c:
                    07:92:d0:b1:15:3d:7e:bd:20:49:f3:63:3d:1e:c8:
                    41:d6:87:91:ef:21:66:02:a1:f2:ef:9b:fd:39:5c:
                    ef:8f:88:e8:60:9c:b5:68:e3:7e:cf:8a:2f:7c:6d:
                    05:33:2a:66:7d:ed:f4:48:1f:94:8e:b1:5a:ce:4a:
                    fd:1b:c2:5d:61:ab:03:28:b9:09:12:e3:35:78:48:
                    d8:2d:ef:68:04:02:11:29:a5:26:13:bd:66:c7:45:
                    66:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:0F:81:67:5F:37:BB:F2:D4:95:96:A9:7F:1F:FA:6C:EE:45:71:BA
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/jQ-BZ183u_LUlZapfx_6bO5Fcbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:81:ad:61:f2:2f:37:ae:b8:c8:ed:71:6e:82:65:b0:39:49:
         66:46:4b:a5:e2:1d:cd:57:35:02:23:e7:42:74:c3:73:5d:56:
         2d:64:70:15:9c:e1:3d:ab:5f:a4:6f:2f:db:c9:42:2d:75:da:
         1d:3d:d4:01:e1:56:dd:e8:e1:fd:84:41:c2:af:0d:b3:b7:a5:
         15:40:ee:00:a4:6c:9a:81:41:77:b1:e2:89:9e:67:e7:0f:31:
         23:d1:1a:3f:61:bf:48:f2:f6:a8:cc:25:1d:00:19:0e:8d:63:
         50:10:03:48:14:99:f6:c8:ec:c4:7e:0a:c2:ab:79:10:9d:58:
         20:00:bb:9a:8d:eb:e9:47:ef:23:65:db:fd:cb:4d:08:9b:ba:
         6d:53:85:8a:17:9c:04:0c:cf:9b:4d:8e:dd:9c:51:33:ef:24:
         e4:69:42:d8:74:62:1d:13:57:63:0c:be:39:44:78:ad:54:25:
         4e:8a:55:ab:32:45:96:76:d2:aa:61:64:a4:d8:a4:c8:0e:3a:
         ed:b4:10:f3:d7:78:53:54:af:20:e9:f6:bb:cc:35:1e:fc:ef:
         eb:86:97:d3:c4:d4:cc:30:a1:71:b5:23:24:9a:95:1a:fc:c6:
         4c:9b:0a:1a:cd:46:f1:03:0e:28:0b:66:10:c4:10:5b:95:45:
         38:af:e4:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHTCpYQNWSb36RlaR9LkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjYwMTAxMTAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDBmODE2NzVmMzdiYmYyZDQ5NTk2YTk3ZjFmZmE2Y2VlNDU3MWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUO708v+BqCqA11lchVZTV3k+MPx
a62nnj2k4IovwzunVFvLc48SrspMFY2DQ/sFX38WJ0qzv41xK3/P1rou2K6la79j
TPAkZm7JUnOouNd1apdftRab8hieDG4aveJbNK/7B+/0/jnBHAnJnIFbBw9cwRU1
IVrnqXFddK9Wv7Fu4LmVXLKR6QMLX8C/YeD20k96dfOSj3l96O7fFGHCHJEPelwH
ktCxFT1+vSBJ82M9HshB1oeR7yFmAqHy75v9OVzvj4joYJy1aON+z4ovfG0FMypm
fe30SB+UjrFazkr9G8JdYasDKLkJEuM1eEjYLe9oBAIRKaUmE71mx0VmGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0PgWdfN7vy1JWWqX8f+mzuRXG6MB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvalEtQloxODN1X0xVbFphcGZ4XzZiTzVGY2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOrMA0G
CSqGSIb3DQEBCwUAA4IBAQCwga1h8i83rrjI7XFugmWwOUlmRkul4h3NVzUCI+dC
dMNzXVYtZHAVnOE9q1+kby/byUItddodPdQB4Vbd6OH9hEHCrw2zt6UVQO4ApGya
gUF3seKJnmfnDzEj0Ro/Yb9I8vaozCUdABkOjWNQEANIFJn2yOzEfgrCq3kQnVgg
ALuajevpR+8jZdv9y00Im7ptU4WKF5wEDM+bTY7dnFEz7yTkaULYdGIdE1djDL45
RHitVCVOilWrMkWWdtKqYWSk2KTIDjrttBDz13hTVK8g6fa7zDUe/O/rhpfTxNTM
MKFxtSMkmpUa/MZMmwoazUbxAw4oC2YQxBBblUU4r+Sa
-----END CERTIFICATE-----