This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/qHPixUdDjxrc91U2LNL_GHETLss.roa
File:                     qHPixUdDjxrc91U2LNL_GHETLss.roa (raw, json)
Hash identifier:          5esutnCHRhEckm/D5dPi2+exRvIyK9kg1fmZT+vC/MU=
Subject key identifier:   A8:73:E2:C5:47:43:8F:1A:DC:F7:55:36:2C:D2:FF:18:71:13:2E:CB
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019B7910766B84A83402B557B7C578A5AEB2
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/qHPixUdDjxrc91U2LNL_GHETLss.roa
Signing time:             Thu 01 Jan 2026 10:18:00 +0000
ROA not before:           Thu 01 Jan 2026 10:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215976
IP address blocks:        217.147.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:76:6b:84:a8:34:02:b5:57:b7:c5:78:a5:ae:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  1 10:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a873e2c547438f1adcf755362cd2ff1871132ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:20:23:bd:0d:66:ff:af:37:e7:93:65:a5:ff:
                    98:47:bb:4e:db:cd:6f:9f:05:13:f6:54:51:7d:53:
                    86:fe:e3:42:1a:4e:07:ee:f5:41:45:df:8f:02:88:
                    b8:95:97:b3:a1:d1:70:55:da:a2:80:4d:6b:69:bd:
                    7d:22:86:0c:68:52:57:64:38:7a:f7:b0:79:70:de:
                    49:de:41:2d:aa:e1:94:4f:cd:fa:ee:5a:30:2f:4c:
                    39:8a:96:10:7f:59:a1:1a:c2:05:39:93:01:47:66:
                    a2:d6:ff:b1:ef:ec:1d:fb:a3:ed:2f:7c:d7:89:8b:
                    84:6f:8b:3a:dc:83:36:34:2c:45:a1:dc:14:02:4b:
                    19:6b:41:b3:ed:38:ed:ea:1c:b0:2b:13:53:ed:6e:
                    c5:8b:b4:b9:d9:29:6c:a7:d9:ca:6d:c7:e8:1d:d0:
                    fc:19:19:80:4c:de:cf:1f:72:b0:ea:8c:59:7f:20:
                    95:1e:29:de:b3:f6:51:0c:b7:dc:50:d6:76:cd:38:
                    dd:26:d4:c0:c8:55:8a:ac:ae:72:7b:e4:89:db:6a:
                    dc:ba:2d:6c:f4:ff:66:16:2d:56:0d:f0:e0:88:8c:
                    9b:b9:f1:80:cc:11:e3:12:ad:45:02:89:ae:d8:84:
                    86:01:9e:22:83:93:63:8a:05:be:07:f5:35:59:8b:
                    ff:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:73:E2:C5:47:43:8F:1A:DC:F7:55:36:2C:D2:FF:18:71:13:2E:CB
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/qHPixUdDjxrc91U2LNL_GHETLss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:18:b8:a6:4d:3c:7f:3f:cf:a3:5f:4f:13:42:98:a5:7d:ab:
         bf:7c:52:e3:c1:56:aa:9b:e7:a2:73:da:75:02:a6:b4:c7:67:
         17:db:07:18:63:b5:44:09:b9:d2:e2:1c:95:a7:59:e3:77:7f:
         46:0a:8e:31:48:19:31:f6:44:c1:67:80:ca:d2:58:01:1c:96:
         e4:c9:ba:44:99:1d:4e:32:5b:77:65:b5:ac:c2:69:31:2b:65:
         b3:5f:19:ba:53:3e:47:07:a7:75:1e:cf:5a:ec:5b:90:ca:0f:
         c5:ac:e3:e4:6e:b2:f2:68:07:29:14:50:3b:0b:fd:ac:89:d5:
         60:98:a1:27:f1:65:59:ca:f3:f8:f2:4d:3d:fc:cc:8a:c9:5e:
         01:d8:b8:d0:b7:ff:3d:b0:02:08:1a:3f:8a:3e:80:bf:1e:fe:
         b8:ac:d7:4e:dd:5d:39:7e:30:7c:19:71:0d:19:1c:56:93:7e:
         62:d8:28:a2:be:99:9a:a7:31:e9:19:bc:f5:e5:b7:ca:46:dd:
         ed:39:4e:9f:ab:a0:45:a2:2f:ee:2e:38:c8:95:39:bb:e6:e3:
         02:2f:2f:f5:97:04:88:cc:6a:4c:35:47:18:18:e5:60:b7:61:
         8c:d8:53:d5:0b:a1:2c:bf:17:69:c6:03:f4:b9:08:fc:d8:5f:
         c2:9f:79:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHZrhKg0ArVXt8V4pa6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjYwMTAxMTAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODczZTJjNTQ3NDM4ZjFhZGNmNzU1MzYyY2QyZmYxODcxMTMyZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+yAjvQ1m/68355Nlpf+YR7tO281v
nwUT9lRRfVOG/uNCGk4H7vVBRd+PAoi4lZezodFwVdqigE1rab19IoYMaFJXZDh6
97B5cN5J3kEtquGUT8367lowL0w5ipYQf1mhGsIFOZMBR2ai1v+x7+wd+6PtL3zX
iYuEb4s63IM2NCxFodwUAksZa0Gz7Tjt6hywKxNT7W7Fi7S52Slsp9nKbcfoHdD8
GRmATN7PH3Kw6oxZfyCVHines/ZRDLfcUNZ2zTjdJtTAyFWKrK5ye+SJ22rcui1s
9P9mFi1WDfDgiIybufGAzBHjEq1FAomu2ISGAZ4ig5NjigW+B/U1WYv/bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhz4sVHQ48a3PdVNizS/xhxEy7LMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvcUhQaXhVZERqeHJjOTFVMkxOTF9HSEVUTHNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOpMA0G
CSqGSIb3DQEBCwUAA4IBAQCYGLimTTx/P8+jX08TQpilfau/fFLjwVaqm+eic9p1
Aqa0x2cX2wcYY7VECbnS4hyVp1njd39GCo4xSBkx9kTBZ4DK0lgBHJbkybpEmR1O
Mlt3ZbWswmkxK2WzXxm6Uz5HB6d1Hs9a7FuQyg/FrOPkbrLyaAcpFFA7C/2sidVg
mKEn8WVZyvP48k09/MyKyV4B2LjQt/89sAIIGj+KPoC/Hv64rNdO3V05fjB8GXEN
GRxWk35i2CiivpmapzHpGbz15bfKRt3tOU6fq6BFoi/uLjjIlTm75uMCLy/1lwSI
zGpMNUcYGOVgt2GM2FPVC6EsvxdpxgP0uQj82F/Cn3lL
-----END CERTIFICATE-----