This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/bQqTZ3ArgViLCoqi3gs3VHHEcM8.roa
File:                     bQqTZ3ArgViLCoqi3gs3VHHEcM8.roa (raw, json)
Hash identifier:          aWk0i4GB/D7KkQJxNXNTSQ961hAd3k/+4U2XwwZMILk=
Subject key identifier:   6D:0A:93:67:70:2B:81:58:8B:0A:8A:A2:DE:0B:37:54:71:C4:70:CF
Certificate issuer:       /CN=d0de618822b8af6f9ecaffcd7d5459b7cc11449a
Certificate serial:       019B783532B115EB73BC251ECCE40E1F9C34
Authority key identifier: D0:DE:61:88:22:B8:AF:6F:9E:CA:FF:CD:7D:54:59:B7:CC:11:44:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/bQqTZ3ArgViLCoqi3gs3VHHEcM8.roa
Signing time:             Thu 01 Jan 2026 06:18:30 +0000
ROA not before:           Thu 01 Jan 2026 06:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        185.156.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:32:b1:15:eb:73:bc:25:1e:cc:e4:0e:1f:9c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0de618822b8af6f9ecaffcd7d5459b7cc11449a
        Validity
            Not Before: Jan  1 06:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d0a9367702b81588b0a8aa2de0b375471c470cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:7f:b5:0e:be:c8:5c:d9:9a:aa:a2:47:bb:68:
                    0e:a9:c6:f9:83:bb:96:e8:72:a9:68:e3:2e:97:1a:
                    b8:4e:41:07:51:14:eb:68:ab:cd:d1:36:c5:cd:9a:
                    83:14:5e:47:f5:9e:ab:99:5e:84:f0:74:ea:40:1b:
                    d1:91:da:a1:54:12:33:4f:52:ac:cf:79:ef:71:ee:
                    1f:3a:2a:08:2c:3a:4d:ce:5d:a4:eb:3a:18:a6:c2:
                    28:ce:8a:72:04:63:5f:38:2c:9c:ab:d8:48:9b:cb:
                    43:d4:13:e3:93:55:cf:c8:5d:60:a9:84:a6:68:8d:
                    df:cb:c4:18:33:80:3c:77:41:2b:ae:4f:2d:87:30:
                    ce:1f:f9:7d:80:ed:8c:62:4e:7c:cf:a5:51:87:72:
                    34:89:a6:9f:f0:61:8f:5e:aa:24:25:4a:95:45:bb:
                    88:da:af:4c:e1:77:b7:b4:2a:90:08:82:49:cc:c6:
                    3a:df:78:51:16:02:ed:f7:69:76:2b:39:95:4f:81:
                    43:eb:80:42:b6:84:57:78:39:ec:e5:1c:20:86:9e:
                    14:62:1d:e9:24:da:4b:6e:84:5f:ad:7e:fd:cf:7c:
                    5b:03:3e:67:2e:2d:3b:c7:7f:1f:3a:f6:23:9f:5c:
                    82:a7:6e:f7:b7:23:a5:28:7b:1a:bc:91:73:6e:46:
                    86:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0A:93:67:70:2B:81:58:8B:0A:8A:A2:DE:0B:37:54:71:C4:70:CF
            X509v3 Authority Key Identifier:
                keyid:D0:DE:61:88:22:B8:AF:6F:9E:CA:FF:CD:7D:54:59:B7:CC:11:44:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/bQqTZ3ArgViLCoqi3gs3VHHEcM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:d9:9a:30:9b:ce:8e:8f:0b:2b:c6:e2:da:d2:69:88:44:6c:
         19:a6:19:10:e0:50:1a:0f:c8:35:07:bd:96:13:9d:ca:b6:b9:
         60:f8:43:db:52:e0:7c:4c:36:cf:c0:ee:d1:0d:ed:e2:5e:a1:
         65:9f:f3:20:82:5f:6e:09:32:82:98:a8:e9:b4:f4:47:09:63:
         d3:78:87:44:55:22:62:1a:9f:7f:d4:c9:82:fd:50:ee:42:db:
         28:ed:41:f6:8a:52:8b:17:fc:fe:95:91:3a:56:65:19:19:b5:
         6f:ff:02:50:14:d3:86:a8:1d:d5:e0:f7:d3:ba:d0:07:4b:b4:
         01:7a:df:63:9a:d3:1d:75:95:3f:b4:21:1d:b1:26:ad:81:6b:
         5b:60:43:bd:68:44:c5:66:27:04:d8:81:40:23:a5:e1:9a:33:
         cb:35:13:03:ff:dd:bd:2e:06:6a:4e:82:cd:47:ab:96:30:64:
         a2:2e:f4:57:9e:c7:5f:51:78:5d:13:96:a8:cd:7c:f3:e0:5d:
         df:ce:4b:b6:a6:69:b5:98:06:69:17:4f:50:f3:c7:1c:8f:fe:
         ed:99:d6:9c:07:54:d7:31:df:3d:8c:c0:d6:e5:94:b9:b9:73:
         34:ec:a0:f1:0c:3a:af:db:24:1f:83:9f:72:1e:cb:81:ed:c2:
         d8:57:dd:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NTKxFetzvCUezOQOH5w0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZGU2MTg4MjJiOGFmNmY5ZWNhZmZjZDdkNTQ1OWI3Y2Mx
MTQ0OWEwHhcNMjYwMTAxMDYxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBhOTM2NzcwMmI4MTU4OGIwYThhYTJkZTBiMzc1NDcxYzQ3MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA83+1Dr7IXNmaqqJHu2gOqcb5g7uW
6HKpaOMulxq4TkEHURTraKvN0TbFzZqDFF5H9Z6rmV6E8HTqQBvRkdqhVBIzT1Ks
z3nvce4fOioILDpNzl2k6zoYpsIozopyBGNfOCycq9hIm8tD1BPjk1XPyF1gqYSm
aI3fy8QYM4A8d0Errk8thzDOH/l9gO2MYk58z6VRh3I0iaaf8GGPXqokJUqVRbuI
2q9M4Xe3tCqQCIJJzMY633hRFgLt92l2KzmVT4FD64BCtoRXeDns5Rwghp4UYh3p
JNpLboRfrX79z3xbAz5nLi07x38fOvYjn1yCp273tyOlKHsavJFzbkaGCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0Kk2dwK4FYiwqKot4LN1RxxHDPMB8GA1UdIwQY
MBaAFNDeYYgiuK9vnsr/zX1UWbfMEUSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME41aGlDSzRyMi1leXZfTmZWUlp0OHdSUkpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81YWNkNzgtZDY3MC00MTkyLWI1NjQt
MDQwZTA2NDRmYmU4LzEvYlFxVFozQXJnVmlMQ29xaTNnczNWSEhFY004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81YWNkNzgtZDY3MC00MTkyLWI1NjQtMDQwZTA2NDRmYmU4
LzEvME41aGlDSzRyMi1leXZfTmZWUlp0OHdSUkpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZwEMA0G
CSqGSIb3DQEBCwUAA4IBAQBK2Zowm86OjwsrxuLa0mmIRGwZphkQ4FAaD8g1B72W
E53Ktrlg+EPbUuB8TDbPwO7RDe3iXqFln/Mggl9uCTKCmKjptPRHCWPTeIdEVSJi
Gp9/1MmC/VDuQtso7UH2ilKLF/z+lZE6VmUZGbVv/wJQFNOGqB3V4PfTutAHS7QB
et9jmtMddZU/tCEdsSatgWtbYEO9aETFZicE2IFAI6XhmjPLNRMD/929LgZqToLN
R6uWMGSiLvRXnsdfUXhdE5aozXzz4F3fzku2pmm1mAZpF09Q88ccj/7tmdacB1TX
Md89jMDW5ZS5uXM07KDxDDqv2yQfg59yHsuB7cLYV929
-----END CERTIFICATE-----