This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/QmzS2ptv4L0wreFRKwR2b7sYT9o.roa
File:                     QmzS2ptv4L0wreFRKwR2b7sYT9o.roa (raw, json)
Hash identifier:          V15c6ZmrAVOZnZkD5NcAPinTv/zGPeEWxtJ3s9KDwPs=
Subject key identifier:   42:6C:D2:DA:9B:6F:E0:BD:30:AD:E1:51:2B:04:76:6F:BB:18:4F:DA
Certificate issuer:       /CN=021b3ea35edfdd138c15506d74a76022dd37694b
Certificate serial:       019B7BA35D882E192930F2957DCB20EB3042
Authority key identifier: 02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/QmzS2ptv4L0wreFRKwR2b7sYT9o.roa
Signing time:             Thu 01 Jan 2026 22:17:42 +0000
ROA not before:           Thu 01 Jan 2026 22:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42873
IP address blocks:        193.196.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:5d:88:2e:19:29:30:f2:95:7d:cb:20:eb:30:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=021b3ea35edfdd138c15506d74a76022dd37694b
        Validity
            Not Before: Jan  1 22:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=426cd2da9b6fe0bd30ade1512b04766fbb184fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:19:59:c3:17:e8:48:06:55:ff:95:71:cc:5c:
                    73:e9:a8:7a:4f:a6:60:49:ab:05:f4:6d:d7:28:87:
                    fb:12:bc:b1:99:3d:73:ca:b0:ee:46:23:16:04:e5:
                    12:5c:b4:3d:77:7c:be:3f:da:a0:c3:10:0c:40:99:
                    da:26:0a:e1:34:5a:6c:2d:a4:b0:3f:b2:02:43:3a:
                    1b:39:0b:74:1c:39:bf:42:bb:56:17:c2:66:c8:12:
                    4d:6f:94:0a:73:bf:e5:e4:e1:85:89:f4:0d:fd:27:
                    15:6e:3d:88:c2:68:42:4e:bd:ab:d2:bb:a9:9a:90:
                    50:8a:31:62:4e:ce:70:15:87:1b:2b:2f:69:d2:94:
                    28:d0:ab:20:b0:27:5c:0c:cd:ed:9e:f6:4a:ed:f7:
                    79:a8:76:dc:6b:c7:a7:78:62:70:7b:eb:d1:3b:67:
                    75:75:90:57:e1:54:60:7d:da:db:01:35:f9:c0:90:
                    df:53:f3:57:97:35:51:53:43:e6:90:4a:e4:7e:9f:
                    a1:ca:c7:a0:67:a1:9d:89:b6:50:57:bb:35:b3:62:
                    66:d9:40:3b:a0:ad:9c:c5:cc:89:83:a7:a4:5e:d8:
                    9d:ae:58:c3:3a:ac:c3:77:fe:4b:b2:e4:42:a3:70:
                    5a:fb:c9:2b:78:9e:65:51:52:8c:f0:f4:8b:22:b5:
                    fe:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:6C:D2:DA:9B:6F:E0:BD:30:AD:E1:51:2B:04:76:6F:BB:18:4F:DA
            X509v3 Authority Key Identifier:
                keyid:02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/QmzS2ptv4L0wreFRKwR2b7sYT9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.196.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:6c:ae:e2:71:c1:de:5a:19:ff:5a:9e:e7:80:74:86:df:12:
         b3:86:20:bb:5b:43:95:33:6f:c6:92:2b:aa:f1:cf:fc:cb:87:
         86:8e:10:c6:20:c3:47:2e:40:97:2e:d8:c0:f0:8f:7b:7f:6b:
         b9:32:2e:3b:0f:cd:ae:20:54:9b:17:44:77:39:29:9a:ce:dc:
         0c:77:68:c3:64:ec:81:16:d4:e9:0b:5e:33:ad:30:ac:c1:24:
         c0:91:e9:c9:d2:a2:1d:be:a3:57:1e:63:da:e2:b0:4b:aa:c0:
         16:b0:e2:09:54:44:bc:2d:7b:db:c5:f4:5c:37:d4:e5:5b:17:
         10:9f:30:42:4c:b8:46:61:f1:85:5f:f6:6e:38:a8:d2:c5:07:
         65:ff:47:41:91:be:f1:2b:f6:c8:e6:8f:26:11:bc:c7:db:ee:
         9d:9a:ed:c5:a3:0e:8a:7c:15:1b:f0:19:4f:cf:87:5d:43:8d:
         80:df:16:f9:ff:39:40:52:bc:1f:e0:2e:67:fb:e1:7f:57:84:
         f1:e6:09:d1:3b:b7:d3:3f:32:0d:ac:db:45:06:da:88:86:53:
         77:7a:dc:69:a4:e3:28:86:67:b4:a3:9b:e0:17:b1:58:4f:8c:
         00:d4:52:42:42:f0:b9:10:4a:44:b8:7d:41:6d:22:48:4a:3d:
         7e:84:26:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o12ILhkpMPKVfcsg6zBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMWIzZWEzNWVkZmRkMTM4YzE1NTA2ZDc0YTc2MDIyZGQz
NzY5NGIwHhcNMjYwMTAxMjIxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjZjZDJkYTliNmZlMGJkMzBhZGUxNTEyYjA0NzY2ZmJiMTg0ZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xlZwxfoSAZV/5VxzFxz6ah6T6Zg
SasF9G3XKIf7EryxmT1zyrDuRiMWBOUSXLQ9d3y+P9qgwxAMQJnaJgrhNFpsLaSw
P7ICQzobOQt0HDm/QrtWF8JmyBJNb5QKc7/l5OGFifQN/ScVbj2IwmhCTr2r0rup
mpBQijFiTs5wFYcbKy9p0pQo0KsgsCdcDM3tnvZK7fd5qHbca8eneGJwe+vRO2d1
dZBX4VRgfdrbATX5wJDfU/NXlzVRU0PmkErkfp+hysegZ6GdibZQV7s1s2Jm2UA7
oK2cxcyJg6ekXtidrljDOqzDd/5LsuRCo3Ba+8kreJ5lUVKM8PSLIrX+nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJs0tqbb+C9MK3hUSsEdm+7GE/aMB8GA1UdIwQY
MBaAFAIbPqNe390TjBVQbXSnYCLdN2lLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAt
YzMyMDRiZGU3NzczLzEvUW16UzJwdHY0TDB3cmVGUkt3UjJiN3NZVDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAtYzMyMDRiZGU3Nzcz
LzEvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcQMMA0G
CSqGSIb3DQEBCwUAA4IBAQCjbK7iccHeWhn/Wp7ngHSG3xKzhiC7W0OVM2/Gkiuq
8c/8y4eGjhDGIMNHLkCXLtjA8I97f2u5Mi47D82uIFSbF0R3OSmaztwMd2jDZOyB
FtTpC14zrTCswSTAkenJ0qIdvqNXHmPa4rBLqsAWsOIJVES8LXvbxfRcN9TlWxcQ
nzBCTLhGYfGFX/ZuOKjSxQdl/0dBkb7xK/bI5o8mEbzH2+6dmu3Fow6KfBUb8BlP
z4ddQ42A3xb5/zlAUrwf4C5n++F/V4Tx5gnRO7fTPzINrNtFBtqIhlN3etxppOMo
hme0o5vgF7FYT4wA1FJCQvC5EEpEuH1BbSJISj1+hCbo
-----END CERTIFICATE-----