This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/f4478b-b6f3-40c2-b858-2c333a5a1646/1/_q95QGktBeaejm8XuHwJspqn26w.roa
File:                     _q95QGktBeaejm8XuHwJspqn26w.roa (raw, json)
Hash identifier:          ZSUCS6tPG9DZgxCUv1bJms098kV8051ECQpKbYkAKVc=
Subject key identifier:   FE:AF:79:40:69:2D:05:E6:9E:8E:6F:17:B8:7C:09:B2:9A:A7:DB:AC
Certificate issuer:       /CN=bf0b2a0daa8e5467cd33e94825a7863322d3853e
Certificate serial:       019AA0C103B8B8CEED5F3436BF47D9F2CFFB
Authority key identifier: BF:0B:2A:0D:AA:8E:54:67:CD:33:E9:48:25:A7:86:33:22:D3:85:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vwsqDaqOVGfNM-lIJaeGMyLThT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/f4478b-b6f3-40c2-b858-2c333a5a1646/1/_q95QGktBeaejm8XuHwJspqn26w.roa
Signing time:             Thu 20 Nov 2025 10:13:15 +0000
ROA not before:           Thu 20 Nov 2025 10:13:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6848
IP address blocks:        109.175.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/f4478b-b6f3-40c2-b858-2c333a5a1646/1/vwsqDaqOVGfNM-lIJaeGMyLThT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/f4478b-b6f3-40c2-b858-2c333a5a1646/1/vwsqDaqOVGfNM-lIJaeGMyLThT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vwsqDaqOVGfNM-lIJaeGMyLThT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:a0:c1:03:b8:b8:ce:ed:5f:34:36:bf:47:d9:f2:cf:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf0b2a0daa8e5467cd33e94825a7863322d3853e
        Validity
            Not Before: Nov 20 10:13:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=feaf7940692d05e69e8e6f17b87c09b29aa7dbac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:72:c3:69:3b:a8:01:49:a2:ad:27:21:fc:1d:
                    c8:89:58:25:07:4f:e4:d1:7c:11:5b:d3:0e:0e:b1:
                    0a:6f:97:dc:91:55:1d:f5:59:b4:da:1a:d4:88:32:
                    2f:46:d4:44:fc:d4:d2:f5:2e:d8:d7:42:ac:da:84:
                    d9:98:24:98:08:a5:54:7a:66:59:1e:a2:1d:c9:b2:
                    e0:ba:08:8a:20:c8:1c:d2:c0:77:fc:b7:76:30:49:
                    b3:7e:5e:a0:39:b4:a5:2a:3e:72:3f:cd:20:f9:32:
                    dd:40:5c:57:33:ec:b8:3e:08:f2:eb:ab:fb:ee:9a:
                    23:80:ba:60:03:cc:f1:a1:22:4b:34:fe:cb:1c:9b:
                    84:99:a9:3c:7c:21:07:c4:85:bd:f3:d6:85:8f:e9:
                    b1:12:f0:64:53:b3:77:83:02:02:ad:1d:8e:1b:03:
                    fc:18:8e:e9:6e:0b:72:50:7d:a4:88:47:02:5e:96:
                    7d:bb:7f:5a:f7:b8:1d:00:66:e3:a5:82:8d:dd:90:
                    52:93:44:a2:b5:e1:5c:43:7d:03:14:34:16:eb:2f:
                    3d:f3:e8:95:ee:2d:1b:63:53:12:d8:62:be:24:63:
                    7b:89:7c:3e:0e:fe:66:65:f2:05:1d:74:93:18:65:
                    bc:cc:e4:2e:41:2d:5c:90:ff:67:56:70:c4:34:c3:
                    4c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:AF:79:40:69:2D:05:E6:9E:8E:6F:17:B8:7C:09:B2:9A:A7:DB:AC
            X509v3 Authority Key Identifier:
                keyid:BF:0B:2A:0D:AA:8E:54:67:CD:33:E9:48:25:A7:86:33:22:D3:85:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vwsqDaqOVGfNM-lIJaeGMyLThT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/f4478b-b6f3-40c2-b858-2c333a5a1646/1/_q95QGktBeaejm8XuHwJspqn26w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/f4478b-b6f3-40c2-b858-2c333a5a1646/1/vwsqDaqOVGfNM-lIJaeGMyLThT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.175.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:bd:db:6d:c1:3d:46:ee:30:57:35:25:58:99:7e:be:7e:14:
         9f:4b:06:ca:a4:70:38:b1:dd:1d:bf:5f:ba:ed:c7:96:60:9c:
         2f:7f:01:5a:c7:04:0b:11:e8:0e:ce:4b:41:b3:e9:a9:86:77:
         fb:06:12:3e:09:55:32:97:fb:ee:6e:20:5b:2f:33:84:30:0c:
         6c:77:75:6d:c7:80:a0:83:9e:eb:5b:6b:85:d6:c3:60:d0:da:
         de:50:04:50:d5:3e:2e:78:fa:3f:c4:09:4f:df:01:4c:8d:09:
         53:86:6b:fe:b6:8a:0c:31:c6:02:24:dc:3c:73:95:fa:0c:d1:
         66:4e:37:8b:5f:c0:2d:56:5a:a5:26:51:e0:0c:ee:5c:ad:79:
         81:bd:e5:5e:94:cc:0e:53:0a:06:c0:46:8d:b1:e9:70:54:c2:
         6b:75:cf:fe:30:88:76:50:b1:cc:97:20:9b:f8:f4:87:69:73:
         9e:a4:0f:da:f1:fa:07:b1:f4:39:40:08:b2:9c:e1:f1:3c:73:
         80:26:6b:50:49:bc:04:54:b4:13:75:18:aa:67:51:45:06:0b:
         23:ec:87:45:21:c7:89:05:37:29:8a:29:5d:2e:80:0b:24:76:
         27:b3:a7:d1:44:5a:8b:2a:9f:17:bd:57:68:7d:a5:db:cc:df:
         c1:30:71:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqgwQO4uM7tXzQ2v0fZ8s/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMGIyYTBkYWE4ZTU0NjdjZDMzZTk0ODI1YTc4NjMzMjJk
Mzg1M2UwHhcNMjUxMTIwMTAxMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWFmNzk0MDY5MmQwNWU2OWU4ZTZmMTdiODdjMDliMjlhYTdkYmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHLDaTuoAUmirSch/B3IiVglB0/k
0XwRW9MODrEKb5fckVUd9Vm02hrUiDIvRtRE/NTS9S7Y10Ks2oTZmCSYCKVUemZZ
HqIdybLgugiKIMgc0sB3/Ld2MEmzfl6gObSlKj5yP80g+TLdQFxXM+y4Pgjy66v7
7pojgLpgA8zxoSJLNP7LHJuEmak8fCEHxIW989aFj+mxEvBkU7N3gwICrR2OGwP8
GI7pbgtyUH2kiEcCXpZ9u39a97gdAGbjpYKN3ZBSk0SiteFcQ30DFDQW6y898+iV
7i0bY1MS2GK+JGN7iXw+Dv5mZfIFHXSTGGW8zOQuQS1ckP9nVnDENMNMOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6veUBpLQXmno5vF7h8CbKap9usMB8GA1UdIwQY
MBaAFL8LKg2qjlRnzTPpSCWnhjMi04U+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdndzcURhcU9WR2ZOTS1sSUphZUdNeUxUaFQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9mNDQ3OGItYjZmMy00MGMyLWI4NTgt
MmMzMzNhNWExNjQ2LzEvX3E5NVFHa3RCZWFlam04WHVId0pzcHFuMjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9mNDQ3OGItYjZmMy00MGMyLWI4NTgtMmMzMzNhNWExNjQ2
LzEvdndzcURhcU9WR2ZOTS1sSUphZUdNeUxUaFQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAba+sMA0G
CSqGSIb3DQEBCwUAA4IBAQB9vdttwT1G7jBXNSVYmX6+fhSfSwbKpHA4sd0dv1+6
7ceWYJwvfwFaxwQLEegOzktBs+mphnf7BhI+CVUyl/vubiBbLzOEMAxsd3Vtx4Cg
g57rW2uF1sNg0NreUARQ1T4uePo/xAlP3wFMjQlThmv+tooMMcYCJNw8c5X6DNFm
TjeLX8AtVlqlJlHgDO5crXmBveVelMwOUwoGwEaNselwVMJrdc/+MIh2ULHMlyCb
+PSHaXOepA/a8foHsfQ5QAiynOHxPHOAJmtQSbwEVLQTdRiqZ1FFBgsj7IdFIceJ
BTcpiildLoALJHYns6fRRFqLKp8XvVdofaXbzN/BMHE7
-----END CERTIFICATE-----