This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/qI_-6h3iudeXwj_KCEW7jVNBeSs.roa
File:                     qI_-6h3iudeXwj_KCEW7jVNBeSs.roa (raw, json)
Hash identifier:          VCf8NA7/YCd9pNMoP3NeZ5lHDYrKSJzJ143pwqaxHAQ=
Subject key identifier:   A8:8F:FE:EA:1D:E2:B9:D7:97:C2:3F:CA:08:45:BB:8D:53:41:79:2B
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       019B7F8418B1EF0D420102B39600199A8216
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/qI_-6h3iudeXwj_KCEW7jVNBeSs.roa
Signing time:             Fri 02 Jan 2026 16:22:02 +0000
ROA not before:           Fri 02 Jan 2026 16:22:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214990
IP address blocks:        37.32.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:18:b1:ef:0d:42:01:02:b3:96:00:19:9a:82:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  2 16:22:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a88ffeea1de2b9d797c23fca0845bb8d5341792b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:dc:0f:2f:0b:53:f5:aa:31:d7:d2:2f:c0:42:
                    f9:a8:0c:b1:bb:85:42:ef:eb:f4:2a:11:77:58:19:
                    79:b4:3f:62:a6:0b:6c:3d:2c:27:90:1b:c0:58:b1:
                    ad:f6:2e:e9:fd:a7:f6:fe:f4:69:a6:64:5d:51:21:
                    fd:3a:2f:86:e3:ab:b8:33:9a:77:fb:8a:41:61:46:
                    47:76:8a:aa:8d:d4:00:04:57:77:3a:ca:7d:dd:04:
                    da:39:4d:ad:40:3e:96:72:84:d1:6d:d2:cc:3c:34:
                    7b:4f:ef:f3:a5:b3:55:51:5f:8f:39:51:d7:73:54:
                    48:f2:9c:5d:ec:b5:6a:a5:05:23:fb:02:87:16:90:
                    3f:33:7d:ca:c7:2f:2d:30:8b:dd:91:e5:1d:cd:9a:
                    f2:1f:95:48:ab:d9:16:b2:d6:d9:2a:6c:8f:e9:5e:
                    f8:4e:89:41:75:3f:ff:a3:31:e5:39:7b:a7:a0:0c:
                    2c:65:28:1c:23:76:e0:80:93:53:a3:03:39:96:71:
                    e7:83:73:27:d8:e0:19:0f:4e:c9:f4:94:9a:f5:70:
                    35:01:96:9b:f2:9b:68:46:fe:1a:59:36:2f:46:41:
                    71:c4:b1:4f:6d:7c:32:fa:62:f4:0f:f0:14:a2:0a:
                    a9:60:8e:a1:27:c6:14:0b:23:13:cb:08:87:8a:cb:
                    fb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8F:FE:EA:1D:E2:B9:D7:97:C2:3F:CA:08:45:BB:8D:53:41:79:2B
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/qI_-6h3iudeXwj_KCEW7jVNBeSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:57:7a:6c:4b:29:96:2b:d4:fc:df:20:d7:ba:3c:20:90:72:
         ea:6b:bb:35:b8:45:28:22:cd:56:20:13:86:c3:f7:60:d9:14:
         0c:b3:9f:6c:ba:4d:9d:1a:61:37:79:29:19:50:1d:04:87:1d:
         2e:04:cb:6b:2a:2e:bb:5e:47:cf:2b:32:41:84:16:18:1e:ed:
         b6:e6:f8:f0:be:15:a4:44:71:96:79:dc:bf:e1:bf:c6:d1:96:
         c4:e1:09:58:d7:ee:e3:37:21:c1:c5:b2:4b:97:e8:9c:2f:cc:
         94:c1:1a:3e:27:12:cd:c3:5e:e3:78:e4:e9:22:64:19:1a:04:
         da:54:62:df:e8:51:1b:b1:b2:17:f1:dd:2f:50:cc:0a:31:4a:
         10:08:90:28:ca:d7:a7:82:78:94:00:a0:a1:f8:eb:b6:e9:0f:
         25:52:89:30:0c:cc:ee:c5:df:77:2d:b5:1d:dc:4a:b1:48:14:
         bf:72:54:d6:81:b9:60:26:33:2b:ea:da:fd:27:12:67:87:1d:
         ea:f1:05:40:13:01:99:dc:03:a8:74:59:7e:8d:8c:09:40:38:
         7b:03:04:e8:bd:06:ad:b4:90:9f:86:15:59:a4:2d:8a:c3:98:
         2c:36:46:8a:78:7f:06:8b:50:2c:6a:af:37:43:71:90:15:61:
         df:37:70:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hBix7w1CAQKzlgAZmoIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjYwMTAyMTYyMjAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODhmZmVlYTFkZTJiOWQ3OTdjMjNmY2EwODQ1YmI4ZDUzNDE3OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptwPLwtT9aox19IvwEL5qAyxu4VC
7+v0KhF3WBl5tD9ipgtsPSwnkBvAWLGt9i7p/af2/vRppmRdUSH9Oi+G46u4M5p3
+4pBYUZHdoqqjdQABFd3Osp93QTaOU2tQD6WcoTRbdLMPDR7T+/zpbNVUV+POVHX
c1RI8pxd7LVqpQUj+wKHFpA/M33Kxy8tMIvdkeUdzZryH5VIq9kWstbZKmyP6V74
TolBdT//ozHlOXunoAwsZSgcI3bggJNTowM5lnHng3Mn2OAZD07J9JSa9XA1AZab
8ptoRv4aWTYvRkFxxLFPbXwy+mL0D/AUogqpYI6hJ8YUCyMTywiHisv7YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiP/uod4rnXl8I/yghFu41TQXkrMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvcUlfLTZoM2l1ZGVYd2pfS0NFVzdqVk5CZVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBHMA0G
CSqGSIb3DQEBCwUAA4IBAQB5V3psSymWK9T83yDXujwgkHLqa7s1uEUoIs1WIBOG
w/dg2RQMs59suk2dGmE3eSkZUB0Ehx0uBMtrKi67XkfPKzJBhBYYHu225vjwvhWk
RHGWedy/4b/G0ZbE4QlY1+7jNyHBxbJLl+icL8yUwRo+JxLNw17jeOTpImQZGgTa
VGLf6FEbsbIX8d0vUMwKMUoQCJAoytengniUAKCh+Ou26Q8lUokwDMzuxd93LbUd
3EqxSBS/clTWgblgJjMr6tr9JxJnhx3q8QVAEwGZ3AOodFl+jYwJQDh7AwTovQat
tJCfhhVZpC2Kw5gsNkaKeH8Gi1Asaq83Q3GQFWHfN3D4
-----END CERTIFICATE-----