This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/bgpTMrzfW7CHzYzGyELGTZfYatA.roa
File:                     bgpTMrzfW7CHzYzGyELGTZfYatA.roa (raw, json)
Hash identifier:          8Ca3eykdBAqM1JLqwTpF6Ihh+Qzj9biCwnw8ueEG7vM=
Subject key identifier:   6E:0A:53:32:BC:DF:5B:B0:87:CD:8C:C6:C8:42:C6:4D:97:D8:6A:D0
Certificate issuer:       /CN=40c3d37be435a9c33f1c63e50d0d6464ed161004
Certificate serial:       019B7F81213675C503108E95238CC99BB528
Authority key identifier: 40:C3:D3:7B:E4:35:A9:C3:3F:1C:63:E5:0D:0D:64:64:ED:16:10:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/bgpTMrzfW7CHzYzGyELGTZfYatA.roa
Signing time:             Fri 02 Jan 2026 16:18:47 +0000
ROA not before:           Fri 02 Jan 2026 16:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20712
IP address blocks:        193.239.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:21:36:75:c5:03:10:8e:95:23:8c:c9:9b:b5:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40c3d37be435a9c33f1c63e50d0d6464ed161004
        Validity
            Not Before: Jan  2 16:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e0a5332bcdf5bb087cd8cc6c842c64d97d86ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:fc:bd:b8:36:49:aa:de:0a:ae:bd:20:ed:c6:
                    26:c3:fd:3a:7f:6e:ce:f6:cb:3d:b0:1a:55:f0:ed:
                    36:bf:a9:03:d4:4d:79:d9:1d:56:a6:13:f9:5f:8e:
                    b3:54:0a:80:3c:af:89:00:4a:63:ac:30:50:05:87:
                    94:3d:a8:2a:97:f6:31:bb:11:13:08:4d:5c:8a:c6:
                    f9:20:dd:a2:cb:6f:8a:fd:5e:96:c5:aa:f5:8c:92:
                    a8:8e:50:7d:f7:21:4a:86:bc:6b:4a:61:1d:fd:ce:
                    70:1e:3d:3f:5b:b6:67:20:6e:e6:2e:cf:72:b9:82:
                    b3:99:5c:ad:84:6e:e5:6b:7e:87:dd:15:5e:49:d6:
                    45:d9:3f:36:65:5c:8f:48:05:e3:11:69:6f:60:7e:
                    c8:56:b1:93:c6:88:0c:c1:df:1d:3c:cc:98:da:4c:
                    27:da:ae:0e:df:e0:d6:b0:b9:74:d7:5e:77:52:6a:
                    39:8e:7d:9f:1c:8c:63:4b:01:9a:a8:5e:38:cd:8d:
                    f3:36:7b:bb:b6:7e:68:09:23:19:4a:d2:c7:6e:49:
                    b6:00:b3:2b:84:d6:8b:9b:6f:90:0b:fb:52:a7:30:
                    78:2c:e7:c2:a7:e7:76:92:c2:be:22:c2:b4:06:92:
                    22:5b:b5:71:b6:cf:21:86:e5:ac:03:33:24:5f:6c:
                    39:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:0A:53:32:BC:DF:5B:B0:87:CD:8C:C6:C8:42:C6:4D:97:D8:6A:D0
            X509v3 Authority Key Identifier:
                keyid:40:C3:D3:7B:E4:35:A9:C3:3F:1C:63:E5:0D:0D:64:64:ED:16:10:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/bgpTMrzfW7CHzYzGyELGTZfYatA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/7e3c7f-2184-403d-80cf-6e4b3c92a827/1/QMPTe-Q1qcM_HGPlDQ1kZO0WEAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:ab:51:20:39:ba:65:69:d5:aa:34:0c:4f:ac:19:17:4c:24:
         e8:2b:8b:68:43:dc:e6:25:b9:8d:53:08:94:29:8c:2e:00:f0:
         9e:dc:da:62:83:7f:75:a4:53:0d:77:b2:06:3e:09:b0:66:0a:
         f1:86:c2:8d:f8:39:6c:61:d6:56:60:7d:ea:64:1a:aa:3d:4d:
         40:f3:4b:92:75:23:b6:50:2e:89:c7:44:9c:9f:34:4f:9b:63:
         74:df:d8:d9:f7:9f:27:eb:c4:01:b8:e5:94:a9:4d:ba:27:98:
         35:98:bb:8e:70:15:69:78:e5:fe:19:4c:fd:c5:61:98:81:20:
         00:8d:bc:e4:05:c1:bc:15:41:32:b1:50:f0:11:56:83:d8:fa:
         14:ad:5e:da:63:3d:37:fc:96:18:9c:8e:2b:96:83:11:c2:1e:
         d2:77:6b:8a:69:90:5c:dc:ba:27:75:df:71:71:de:f0:05:80:
         20:36:c5:67:c7:93:a1:88:18:52:3f:cb:d6:a5:0f:c5:e9:7d:
         76:65:17:da:74:24:92:67:21:77:91:b0:1e:b1:14:d7:bc:96:
         6e:17:26:99:17:1b:e1:8a:dd:68:9a:a4:53:cb:77:c4:de:ca:
         a4:53:a0:36:a0:81:cc:d5:28:b0:02:b4:7f:a8:04:e6:78:6e:
         55:ac:b2:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gSE2dcUDEI6VI4zJm7UoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYzNkMzdiZTQzNWE5YzMzZjFjNjNlNTBkMGQ2NDY0ZWQx
NjEwMDQwHhcNMjYwMTAyMTYxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTBhNTMzMmJjZGY1YmIwODdjZDhjYzZjODQyYzY0ZDk3ZDg2YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/y9uDZJqt4Krr0g7cYmw/06f27O
9ss9sBpV8O02v6kD1E152R1WphP5X46zVAqAPK+JAEpjrDBQBYeUPagql/YxuxET
CE1cisb5IN2iy2+K/V6Wxar1jJKojlB99yFKhrxrSmEd/c5wHj0/W7ZnIG7mLs9y
uYKzmVythG7la36H3RVeSdZF2T82ZVyPSAXjEWlvYH7IVrGTxogMwd8dPMyY2kwn
2q4O3+DWsLl01153Umo5jn2fHIxjSwGaqF44zY3zNnu7tn5oCSMZStLHbkm2ALMr
hNaLm2+QC/tSpzB4LOfCp+d2ksK+IsK0BpIiW7Vxts8hhuWsAzMkX2w51QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4KUzK831uwh82MxshCxk2X2GrQMB8GA1UdIwQY
MBaAFEDD03vkNanDPxxj5Q0NZGTtFhAEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU1QVGUtUTFxY01fSEdQbERRMWtaTzBXRUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi83ZTNjN2YtMjE4NC00MDNkLTgwY2Yt
NmU0YjNjOTJhODI3LzEvYmdwVE1yemZXN0NIell6R3lFTEdUWmZZYXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi83ZTNjN2YtMjE4NC00MDNkLTgwY2YtNmU0YjNjOTJhODI3
LzEvUU1QVGUtUTFxY01fSEdQbERRMWtaTzBXRUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+uMA0G
CSqGSIb3DQEBCwUAA4IBAQCxq1EgObpladWqNAxPrBkXTCToK4toQ9zmJbmNUwiU
KYwuAPCe3Npig391pFMNd7IGPgmwZgrxhsKN+DlsYdZWYH3qZBqqPU1A80uSdSO2
UC6Jx0ScnzRPm2N039jZ958n68QBuOWUqU26J5g1mLuOcBVpeOX+GUz9xWGYgSAA
jbzkBcG8FUEysVDwEVaD2PoUrV7aYz03/JYYnI4rloMRwh7Sd2uKaZBc3Londd9x
cd7wBYAgNsVnx5OhiBhSP8vWpQ/F6X12ZRfadCSSZyF3kbAesRTXvJZuFyaZFxvh
it1omqRTy3fE3sqkU6A2oIHM1SiwArR/qATmeG5VrLLe
-----END CERTIFICATE-----