This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/qlrujtDgO3zeMbwPEkJ03bLGHis.roa
File:                     qlrujtDgO3zeMbwPEkJ03bLGHis.roa (raw, json)
Hash identifier:          i2RptnrGx9cKdx8wTVXzQdDDISGAu4H3l+Bep209z8M=
Subject key identifier:   AA:5A:EE:8E:D0:E0:3B:7C:DE:31:BC:0F:12:42:74:DD:B2:C6:1E:2B
Certificate issuer:       /CN=2b4ddfa3bbf15bc1db85d83799a01b9869ad5ce7
Certificate serial:       019B118862E87EE585B278D83E933E4CBCFF
Authority key identifier: 2B:4D:DF:A3:BB:F1:5B:C1:DB:85:D8:37:99:A0:1B:98:69:AD:5C:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K03fo7vxW8Hbhdg3maAbmGmtXOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/qlrujtDgO3zeMbwPEkJ03bLGHis.roa
Signing time:             Fri 12 Dec 2025 07:48:29 +0000
ROA not before:           Fri 12 Dec 2025 07:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20724
IP address blocks:        193.109.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/K03fo7vxW8Hbhdg3maAbmGmtXOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/K03fo7vxW8Hbhdg3maAbmGmtXOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K03fo7vxW8Hbhdg3maAbmGmtXOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Dec 2025 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:11:88:62:e8:7e:e5:85:b2:78:d8:3e:93:3e:4c:bc:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b4ddfa3bbf15bc1db85d83799a01b9869ad5ce7
        Validity
            Not Before: Dec 12 07:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa5aee8ed0e03b7cde31bc0f124274ddb2c61e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c5:a7:73:7f:9f:6d:46:b4:ac:c5:c8:fd:4c:
                    64:59:10:13:d2:b4:13:25:23:1a:b0:5d:0f:f9:e6:
                    03:bd:d8:fa:85:eb:f4:83:93:63:62:db:66:41:60:
                    a2:6d:83:45:16:3f:d3:5c:6e:18:db:9a:e2:83:7e:
                    0f:aa:d6:31:15:9f:cb:18:33:2a:8d:75:32:a1:d8:
                    97:46:71:54:e5:f4:07:99:e9:51:4a:aa:d9:78:a6:
                    d9:f5:36:5d:e5:3b:fb:9c:e0:a2:1e:33:61:5b:9d:
                    2e:00:aa:3a:b5:b3:47:11:5d:b1:51:3b:01:ae:67:
                    62:a6:18:3e:fc:7b:bb:75:46:a2:9b:87:4a:0d:b9:
                    92:a3:e1:25:44:04:e5:ed:45:53:a9:84:81:9e:29:
                    31:5c:5b:1f:ff:fb:66:cf:6c:14:5b:d1:d9:ae:22:
                    8f:5c:cb:9e:7a:3d:0f:e0:9b:01:eb:23:40:75:11:
                    77:11:e6:26:15:1f:a9:42:54:db:c4:d9:92:89:b4:
                    12:3f:32:e8:17:62:f7:03:51:f2:71:da:b6:c7:ad:
                    0c:f0:23:b0:0f:8e:c6:9d:e8:5e:26:db:ae:e7:fe:
                    b5:01:f0:ec:04:ee:8c:d1:5a:06:1b:eb:94:d2:83:
                    9e:fe:96:21:47:bf:0a:00:90:f3:4b:08:31:a9:0f:
                    66:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:5A:EE:8E:D0:E0:3B:7C:DE:31:BC:0F:12:42:74:DD:B2:C6:1E:2B
            X509v3 Authority Key Identifier:
                keyid:2B:4D:DF:A3:BB:F1:5B:C1:DB:85:D8:37:99:A0:1B:98:69:AD:5C:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K03fo7vxW8Hbhdg3maAbmGmtXOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/qlrujtDgO3zeMbwPEkJ03bLGHis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/K03fo7vxW8Hbhdg3maAbmGmtXOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:3f:ed:7b:07:38:93:b8:d6:8d:aa:03:12:ad:10:70:29:0c:
         b4:47:b9:7b:af:24:e4:17:8a:3a:f2:84:ce:78:a0:d3:8f:2e:
         b8:3e:7a:dd:ba:15:15:d4:42:8b:fd:fa:72:ee:b9:5c:c2:fd:
         6a:f0:e1:47:5d:86:b4:76:aa:65:5f:f7:35:71:26:0d:85:bf:
         1f:e9:bf:8b:5c:d8:cc:dd:99:d4:32:a3:fc:f4:13:27:50:b4:
         cb:0e:b2:44:d6:40:f1:e7:37:db:05:89:c1:a5:71:96:5a:f3:
         7e:39:e0:09:42:f2:3f:51:e3:36:ba:04:d1:a5:92:ab:4c:61:
         22:54:a5:79:ba:2d:75:e6:5d:da:e9:bb:d4:f7:30:66:31:1c:
         4f:7d:ea:9f:b3:eb:e0:a1:d2:dc:de:ab:8b:e5:f8:f2:95:c7:
         08:aa:43:d6:ca:ab:33:82:1a:fd:20:2e:52:09:76:70:48:d6:
         94:7e:93:8c:9d:89:3c:f7:19:da:15:71:fb:cd:9f:0c:ea:76:
         ca:5e:eb:c7:a6:05:d1:ab:37:4d:48:c9:c3:39:0a:39:6b:ba:
         5b:02:fa:a7:4a:f4:43:3b:40:a1:fd:21:94:32:53:a5:b8:18:
         6d:df:e4:81:66:40:cb:51:65:a2:4b:a2:e8:bc:cd:c5:01:2f:
         5b:e3:43:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsRiGLofuWFsnjYPpM+TLz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNGRkZmEzYmJmMTViYzFkYjg1ZDgzNzk5YTAxYjk4Njlh
ZDVjZTcwHhcNMjUxMjEyMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTVhZWU4ZWQwZTAzYjdjZGUzMWJjMGYxMjQyNzRkZGIyYzYxZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsWnc3+fbUa0rMXI/UxkWRAT0rQT
JSMasF0P+eYDvdj6hev0g5NjYttmQWCibYNFFj/TXG4Y25rig34PqtYxFZ/LGDMq
jXUyodiXRnFU5fQHmelRSqrZeKbZ9TZd5Tv7nOCiHjNhW50uAKo6tbNHEV2xUTsB
rmdiphg+/Hu7dUaim4dKDbmSo+ElRATl7UVTqYSBnikxXFsf//tmz2wUW9HZriKP
XMueej0P4JsB6yNAdRF3EeYmFR+pQlTbxNmSibQSPzLoF2L3A1Hycdq2x60M8COw
D47GneheJtuu5/61AfDsBO6M0VoGG+uU0oOe/pYhR78KAJDzSwgxqQ9mowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpa7o7Q4Dt83jG8DxJCdN2yxh4rMB8GA1UdIwQY
MBaAFCtN36O78VvB24XYN5mgG5hprVznMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzAzZm83dnhXOEhiaGRnM21hQWJtR210WE9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hMTIxMTYtMjIzYy00MzExLTgyMWUt
ZmU4YWVhNWQ0MGE3LzEvcWxydWp0RGdPM3plTWJ3UEVrSjAzYkxHSGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hMTIxMTYtMjIzYy00MzExLTgyMWUtZmU4YWVhNWQ0MGE3
LzEvSzAzZm83dnhXOEhiaGRnM21hQWJtR210WE9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW39MA0G
CSqGSIb3DQEBCwUAA4IBAQA1P+17BziTuNaNqgMSrRBwKQy0R7l7ryTkF4o68oTO
eKDTjy64PnrduhUV1EKL/fpy7rlcwv1q8OFHXYa0dqplX/c1cSYNhb8f6b+LXNjM
3ZnUMqP89BMnULTLDrJE1kDx5zfbBYnBpXGWWvN+OeAJQvI/UeM2ugTRpZKrTGEi
VKV5ui115l3a6bvU9zBmMRxPfeqfs+vgodLc3quL5fjylccIqkPWyqszghr9IC5S
CXZwSNaUfpOMnYk89xnaFXH7zZ8M6nbKXuvHpgXRqzdNSMnDOQo5a7pbAvqnSvRD
O0Ch/SGUMlOluBht3+SBZkDLUWWiS6LovM3FAS9b40PA
-----END CERTIFICATE-----