This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/qfWUaAQNlV9wKmB2U3853Bl8uNA.roa
File:                     qfWUaAQNlV9wKmB2U3853Bl8uNA.roa (raw, json)
Hash identifier:          rOp4emJoeO5JknR894vKgNsr/vggi5P0L+PXDJf8JnM=
Subject key identifier:   A9:F5:94:68:04:0D:95:5F:70:2A:60:76:53:7F:39:DC:19:7C:B8:D0
Certificate issuer:       /CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
Certificate serial:       019B7834FF87EB494EEF1B0E5E6731C624BA
Authority key identifier: AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/qfWUaAQNlV9wKmB2U3853Bl8uNA.roa
Signing time:             Thu 01 Jan 2026 06:18:17 +0000
ROA not before:           Thu 01 Jan 2026 06:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43554
IP address blocks:        178.209.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:ff:87:eb:49:4e:ef:1b:0e:5e:67:31:c6:24:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
        Validity
            Not Before: Jan  1 06:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9f59468040d955f702a6076537f39dc197cb8d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fd:85:df:fc:54:80:24:05:de:be:68:18:08:
                    66:d4:39:1e:22:4d:2b:35:9d:f8:e0:1f:d7:01:c3:
                    00:69:6d:95:25:5f:78:46:87:19:e9:32:e2:81:79:
                    b7:63:91:6a:12:15:13:eb:63:91:d7:f2:f2:8b:34:
                    de:6c:57:6c:5d:e8:43:f9:33:6e:95:bc:ae:b2:2d:
                    b4:c8:15:36:cc:f7:11:9c:7a:2b:14:26:11:c3:a7:
                    5d:78:49:a0:4c:bb:86:52:4d:a3:d0:ad:65:57:8a:
                    1f:30:ed:6b:fb:ec:61:8a:e1:b6:8f:22:be:8f:8c:
                    de:3a:80:d5:66:df:5d:11:0c:99:41:0e:b5:ae:f5:
                    23:9f:dc:0b:79:03:4b:9a:db:43:90:34:ad:fc:15:
                    97:44:e0:c9:a9:db:38:5f:1c:89:98:bd:43:60:3b:
                    cd:84:d0:81:8d:02:82:8b:80:cd:62:6f:cb:b7:1f:
                    b5:b5:58:fc:10:d8:bf:9c:9c:19:21:96:6c:fb:b5:
                    2a:95:11:f6:74:aa:20:74:5f:a2:7a:cd:ed:30:1b:
                    f2:ea:5b:f7:54:b3:82:79:e1:7c:1a:2c:70:e9:27:
                    e1:32:ee:e1:1c:a6:77:81:98:ad:38:25:28:35:08:
                    c9:58:c9:9e:aa:50:32:cd:da:8b:41:00:83:ac:26:
                    00:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F5:94:68:04:0D:95:5F:70:2A:60:76:53:7F:39:DC:19:7C:B8:D0
            X509v3 Authority Key Identifier:
                keyid:AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/qfWUaAQNlV9wKmB2U3853Bl8uNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.209.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d9:ef:fa:cd:c4:36:0a:b1:ab:a2:cb:c4:ee:3b:8d:ca:d8:e3:
         63:19:fe:10:22:74:c5:88:4d:b1:08:0d:99:de:b6:5f:01:14:
         9a:c3:72:bd:07:c5:fb:ed:8f:5f:84:dc:2a:78:87:df:82:23:
         b3:f0:09:38:50:e4:8a:67:3b:0f:9a:3e:26:86:6c:ee:a5:76:
         8d:55:28:9c:72:ae:5f:69:46:db:60:fe:53:68:50:42:03:e2:
         c0:f2:83:09:5b:49:60:53:e6:17:09:fd:f7:d1:68:b2:a3:44:
         8a:45:af:bf:90:d4:06:15:f1:a0:19:39:6e:a3:5c:7b:5f:d4:
         04:af:24:aa:45:ba:8e:6c:14:21:3f:e9:82:a4:58:02:be:5d:
         fe:cf:e8:ca:c2:43:dc:75:2e:77:1a:fe:b2:a9:42:5f:ed:30:
         60:b9:c4:a8:53:c8:32:e5:44:63:1b:da:0a:b3:fc:19:b0:71:
         1d:81:7a:d5:fd:67:96:db:dd:34:ad:5c:4a:4e:ee:47:03:1e:
         0d:23:fc:ed:db:10:5b:ff:0b:60:9a:40:64:7e:9c:6a:a0:cf:
         74:12:c9:6e:9e:12:05:9a:2e:25:a2:e8:d7:bc:ba:2a:98:30:
         18:90:de:a8:67:bd:4b:e3:8c:a0:02:4a:f8:bd:3e:fe:2c:b9:
         c9:4b:33:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NP+H60lO7xsOXmcxxiS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNGYwMGY1YzNhYjNkZjRjNjc0YTQxMGQ4YTBmMDE4MmZi
NWU5MTgwHhcNMjYwMTAxMDYxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWY1OTQ2ODA0MGQ5NTVmNzAyYTYwNzY1MzdmMzlkYzE5N2NiOGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsv2F3/xUgCQF3r5oGAhm1DkeIk0r
NZ344B/XAcMAaW2VJV94RocZ6TLigXm3Y5FqEhUT62OR1/LyizTebFdsXehD+TNu
lbyusi20yBU2zPcRnHorFCYRw6ddeEmgTLuGUk2j0K1lV4ofMO1r++xhiuG2jyK+
j4zeOoDVZt9dEQyZQQ61rvUjn9wLeQNLmttDkDSt/BWXRODJqds4XxyJmL1DYDvN
hNCBjQKCi4DNYm/Ltx+1tVj8ENi/nJwZIZZs+7UqlRH2dKogdF+ies3tMBvy6lv3
VLOCeeF8Gixw6SfhMu7hHKZ3gZitOCUoNQjJWMmeqlAyzdqLQQCDrCYAVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKn1lGgEDZVfcCpgdlN/OdwZfLjQMB8GA1UdIwQY
MBaAFKtPAPXDqz30xnSkENig8BgvtekYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUt
Mzg1M2QzNDBjOWE2LzEvcWZXVWFBUU5sVjl3S21CMlUzODUzQmw4dU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUtMzg1M2QzNDBjOWE2
LzEvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstFQMA0G
CSqGSIb3DQEBCwUAA4IBAQDZ7/rNxDYKsauiy8TuO43K2ONjGf4QInTFiE2xCA2Z
3rZfARSaw3K9B8X77Y9fhNwqeIffgiOz8Ak4UOSKZzsPmj4mhmzupXaNVSiccq5f
aUbbYP5TaFBCA+LA8oMJW0lgU+YXCf330Wiyo0SKRa+/kNQGFfGgGTluo1x7X9QE
rySqRbqObBQhP+mCpFgCvl3+z+jKwkPcdS53Gv6yqUJf7TBgucSoU8gy5URjG9oK
s/wZsHEdgXrV/WeW2900rVxKTu5HAx4NI/zt2xBb/wtgmkBkfpxqoM90EslunhIF
mi4loujXvLoqmDAYkN6oZ71L44ygAkr4vT7+LLnJSzOh
-----END CERTIFICATE-----