This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/qwQxCub0ZLxdSIPTyyt0hid0rjE.roa
File:                     qwQxCub0ZLxdSIPTyyt0hid0rjE.roa (raw, json)
Hash identifier:          45em9x7vt23Yzt9V9VCNiHhaJfkIP4nZW7OBnn0WqDM=
Subject key identifier:   AB:04:31:0A:E6:F4:64:BC:5D:48:83:D3:CB:2B:74:86:27:74:AE:31
Certificate issuer:       /CN=ee23428373dce8a5f97f45efc6c28b9fbe7cd54d
Certificate serial:       019B7EA4B54A21377242C9DBE6849323B3B1
Authority key identifier: EE:23:42:83:73:DC:E8:A5:F9:7F:45:EF:C6:C2:8B:9F:BE:7C:D5:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7iNCg3Pc6KX5f0XvxsKLn7581U0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/qwQxCub0ZLxdSIPTyyt0hid0rjE.roa
Signing time:             Fri 02 Jan 2026 12:18:02 +0000
ROA not before:           Fri 02 Jan 2026 12:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35625
IP address blocks:        193.35.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/7iNCg3Pc6KX5f0XvxsKLn7581U0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/7iNCg3Pc6KX5f0XvxsKLn7581U0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7iNCg3Pc6KX5f0XvxsKLn7581U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:b5:4a:21:37:72:42:c9:db:e6:84:93:23:b3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee23428373dce8a5f97f45efc6c28b9fbe7cd54d
        Validity
            Not Before: Jan  2 12:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab04310ae6f464bc5d4883d3cb2b74862774ae31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:74:c3:39:97:8c:7e:5d:ff:20:12:21:65:55:
                    5c:8b:71:7a:b1:d3:2b:3e:49:44:06:e7:ae:a4:8b:
                    ff:d9:13:c3:8c:b3:4e:a8:d6:7a:99:60:ea:2d:bc:
                    6a:12:ba:47:41:dd:b2:df:90:39:50:3f:9a:f3:62:
                    41:71:88:e0:e2:1c:5e:61:0a:2a:4d:72:4f:4d:2d:
                    24:59:d9:0a:1b:63:b3:91:eb:0c:36:06:aa:22:b9:
                    7a:d6:34:aa:73:fe:b1:7d:a5:8f:fa:4c:b9:2d:e9:
                    b9:06:c1:ca:9e:a4:d9:a5:1d:ab:21:5b:c8:d0:8d:
                    8a:05:c2:55:06:22:da:34:b6:59:6b:88:dc:6b:71:
                    77:c3:5d:bd:f5:83:b3:c9:a4:1d:7e:1e:35:c2:99:
                    62:16:fd:db:66:5c:b4:51:0b:68:6f:57:81:25:34:
                    6a:81:74:25:2a:f3:8e:a5:78:c4:fd:91:70:f8:5c:
                    d0:1d:28:89:01:08:b3:40:a4:8a:7e:61:05:25:71:
                    44:25:6c:7d:fd:cc:f0:5f:49:f9:70:d5:45:db:ff:
                    97:8f:5f:29:47:10:44:52:b0:39:88:68:61:e0:33:
                    4e:b2:8d:de:17:c7:b8:86:f6:7b:cb:1d:0f:4e:de:
                    e9:f7:dd:73:9e:e1:af:b2:f7:c0:21:b1:a6:be:c5:
                    13:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:04:31:0A:E6:F4:64:BC:5D:48:83:D3:CB:2B:74:86:27:74:AE:31
            X509v3 Authority Key Identifier:
                keyid:EE:23:42:83:73:DC:E8:A5:F9:7F:45:EF:C6:C2:8B:9F:BE:7C:D5:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7iNCg3Pc6KX5f0XvxsKLn7581U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/qwQxCub0ZLxdSIPTyyt0hid0rjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/7iNCg3Pc6KX5f0XvxsKLn7581U0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:cd:be:0a:32:93:43:45:15:0b:34:a5:85:25:a9:26:86:dc:
         8a:38:8a:80:dc:35:6a:e8:7a:d7:be:ec:80:b9:7c:58:60:b4:
         cd:0c:a7:4a:00:ed:98:2a:60:61:22:cf:ae:8f:3e:3e:75:2d:
         cc:0d:fb:42:1a:1a:f2:28:bb:78:5e:d6:7d:d8:03:c5:91:73:
         00:68:e9:ec:a9:49:e4:f4:86:34:19:54:b5:c5:d4:a5:45:f6:
         44:a7:cb:b8:bc:27:49:8a:2a:64:b0:a0:d8:a4:93:5e:56:93:
         40:8b:73:99:14:89:ca:7a:5e:ee:37:12:f4:9b:ed:f8:82:dc:
         d3:fc:4b:10:bc:fe:1f:d2:4c:47:b0:28:ed:38:ca:a5:8f:d2:
         1b:2a:f3:b5:86:e6:5b:d1:e8:73:23:ff:0a:ee:b3:e1:45:f8:
         29:9e:a0:78:e9:21:d7:3f:6d:ca:39:6f:c6:b0:11:91:ff:f7:
         7d:e5:17:87:4b:fb:3f:10:10:83:d4:0e:3f:cc:7d:2d:70:1e:
         61:73:4b:c4:56:93:83:f7:4e:45:67:2b:24:b9:55:73:9f:8f:
         45:6c:a3:0f:04:80:8b:f2:14:24:73:5f:0f:73:db:f6:20:29:
         da:24:4b:49:3f:1b:db:a5:4a:d9:68:b8:f5:b9:35:c7:dc:b0:
         d9:d3:16:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pLVKITdyQsnb5oSTI7OxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMjM0MjgzNzNkY2U4YTVmOTdmNDVlZmM2YzI4YjlmYmU3
Y2Q1NGQwHhcNMjYwMTAyMTIxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA0MzEwYWU2ZjQ2NGJjNWQ0ODgzZDNjYjJiNzQ4NjI3NzRhZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnTDOZeMfl3/IBIhZVVci3F6sdMr
PklEBueupIv/2RPDjLNOqNZ6mWDqLbxqErpHQd2y35A5UD+a82JBcYjg4hxeYQoq
TXJPTS0kWdkKG2OzkesMNgaqIrl61jSqc/6xfaWP+ky5Lem5BsHKnqTZpR2rIVvI
0I2KBcJVBiLaNLZZa4jca3F3w1299YOzyaQdfh41wpliFv3bZly0UQtob1eBJTRq
gXQlKvOOpXjE/ZFw+FzQHSiJAQizQKSKfmEFJXFEJWx9/czwX0n5cNVF2/+Xj18p
RxBEUrA5iGhh4DNOso3eF8e4hvZ7yx0PTt7p991znuGvsvfAIbGmvsUTcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsEMQrm9GS8XUiD08srdIYndK4xMB8GA1UdIwQY
MBaAFO4jQoNz3Oil+X9F78bCi5++fNVNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2lOQ2czUGM2S1g1ZjBYdnhzS0xuNzU4MVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZmE4NTQtMDU5Ny00YzBkLWIwYjUt
M2Y3N2ZkNDI3OTlhLzEvcXdReEN1YjBaTHhkU0lQVHl5dDBoaWQwcmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZmE4NTQtMDU5Ny00YzBkLWIwYjUtM2Y3N2ZkNDI3OTlh
LzEvN2lOQ2czUGM2S1g1ZjBYdnhzS0xuNzU4MVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSPQMA0G
CSqGSIb3DQEBCwUAA4IBAQAGzb4KMpNDRRULNKWFJakmhtyKOIqA3DVq6HrXvuyA
uXxYYLTNDKdKAO2YKmBhIs+ujz4+dS3MDftCGhryKLt4XtZ92APFkXMAaOnsqUnk
9IY0GVS1xdSlRfZEp8u4vCdJiipksKDYpJNeVpNAi3OZFInKel7uNxL0m+34gtzT
/EsQvP4f0kxHsCjtOMqlj9IbKvO1huZb0ehzI/8K7rPhRfgpnqB46SHXP23KOW/G
sBGR//d95ReHS/s/EBCD1A4/zH0tcB5hc0vEVpOD905FZyskuVVzn49FbKMPBICL
8hQkc18Pc9v2ICnaJEtJPxvbpUrZaLj1uTXH3LDZ0xY+
-----END CERTIFICATE-----