This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/b33a78-a51e-46e4-8648-0066f541faea/1/iqsTReQX-wslFa4ZJjVVBZ1O16I.roa
File:                     iqsTReQX-wslFa4ZJjVVBZ1O16I.roa (raw, json)
Hash identifier:          HHgLFIJy8JtakXSElLjUicZ/9YwRa/+1lz1+D14ujGg=
Subject key identifier:   8A:AB:13:45:E4:17:FB:0B:25:15:AE:19:26:35:55:05:9D:4E:D7:A2
Certificate issuer:       /CN=71949b47df313cbab9452da98fcc637608a909bd
Certificate serial:       019B77C67D6E3A9BB990BA39191797C77710
Authority key identifier: 71:94:9B:47:DF:31:3C:BA:B9:45:2D:A9:8F:CC:63:76:08:A9:09:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cZSbR98xPLq5RS2pj8xjdgipCb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/b33a78-a51e-46e4-8648-0066f541faea/1/iqsTReQX-wslFa4ZJjVVBZ1O16I.roa
Signing time:             Thu 01 Jan 2026 04:17:35 +0000
ROA not before:           Thu 01 Jan 2026 04:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205729
IP address blocks:        149.62.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/b33a78-a51e-46e4-8648-0066f541faea/1/cZSbR98xPLq5RS2pj8xjdgipCb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/b33a78-a51e-46e4-8648-0066f541faea/1/cZSbR98xPLq5RS2pj8xjdgipCb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cZSbR98xPLq5RS2pj8xjdgipCb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:7d:6e:3a:9b:b9:90:ba:39:19:17:97:c7:77:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71949b47df313cbab9452da98fcc637608a909bd
        Validity
            Not Before: Jan  1 04:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8aab1345e417fb0b2515ae19263555059d4ed7a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1b:9d:f1:0b:83:6a:ec:bf:e0:91:67:d3:f8:
                    0c:ea:74:a3:f3:6f:24:bc:0e:e2:72:0d:e7:77:d8:
                    d3:61:19:a0:ff:0a:f3:18:f2:4c:00:42:92:86:2a:
                    bd:7b:57:b6:b5:47:00:29:b9:75:74:96:bf:4e:16:
                    3f:6b:14:bb:f9:0a:8e:fc:d3:c4:4e:f8:38:51:0d:
                    0c:bb:98:28:1d:8a:6a:3c:7a:2b:a4:6b:96:ff:71:
                    bb:73:a5:19:ea:7f:03:ff:e9:c3:3d:6e:22:5a:06:
                    0c:25:d1:79:1b:45:7b:d8:dd:77:16:bd:05:49:04:
                    71:8e:6a:95:34:8d:bb:9c:38:39:1f:fa:8f:22:66:
                    24:93:8d:a7:bc:71:61:6a:5c:d1:38:5d:9e:78:b2:
                    45:4c:12:15:8f:bd:93:5a:87:84:9a:47:c8:a0:6a:
                    24:bd:64:f1:11:d1:4b:6d:ae:9f:b9:a3:2b:ad:a0:
                    d7:1c:13:1b:9f:74:72:1a:6d:d4:40:3b:3a:12:be:
                    62:5d:38:75:08:b1:b1:f3:3a:18:75:8c:f6:8a:8e:
                    ad:b2:c0:14:2f:bc:fc:27:ba:fe:9f:cb:73:ec:4c:
                    f5:74:bd:d4:bc:92:0a:75:c2:25:c8:ba:c3:ab:45:
                    26:a8:11:68:da:59:5b:d2:fa:18:6e:67:1f:50:27:
                    cc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:AB:13:45:E4:17:FB:0B:25:15:AE:19:26:35:55:05:9D:4E:D7:A2
            X509v3 Authority Key Identifier:
                keyid:71:94:9B:47:DF:31:3C:BA:B9:45:2D:A9:8F:CC:63:76:08:A9:09:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cZSbR98xPLq5RS2pj8xjdgipCb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b33a78-a51e-46e4-8648-0066f541faea/1/iqsTReQX-wslFa4ZJjVVBZ1O16I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b33a78-a51e-46e4-8648-0066f541faea/1/cZSbR98xPLq5RS2pj8xjdgipCb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:4b:c4:89:2f:46:1d:cb:0e:84:d3:9c:fd:23:ea:79:74:f4:
         c3:17:c0:f8:03:2c:82:f1:6a:04:85:fd:a5:85:99:f6:17:3d:
         3a:24:4d:f2:b1:ca:03:61:15:67:ec:1f:98:08:94:3c:70:31:
         34:c3:8b:9b:c2:02:87:be:30:72:84:76:fa:2c:43:75:19:69:
         45:0e:36:3e:76:b4:ce:f5:44:4e:a0:a5:fa:8a:69:5a:dd:bc:
         ac:84:e5:e3:85:31:35:d9:75:67:66:6b:05:bb:ad:ec:f7:78:
         49:83:e9:43:7e:aa:40:08:89:b2:75:f3:4d:e4:d9:32:b0:2b:
         0d:e8:2b:b6:ca:5c:7b:36:8f:38:58:23:5e:0e:a8:bb:7c:5e:
         c8:3a:51:ff:8e:07:cf:97:0e:20:36:98:bd:22:9e:b8:ca:de:
         ab:27:11:21:39:ce:03:d5:6c:a9:55:65:84:0c:4a:14:23:14:
         52:57:c4:48:24:46:83:cb:62:89:8c:d5:8b:e2:80:ab:24:b1:
         af:ba:af:ef:84:5b:16:63:cb:ad:8d:3c:fa:09:85:73:1e:9b:
         20:e4:b0:c8:1b:bb:80:dd:e3:ce:a0:6c:1a:2c:8f:bb:5e:93:
         e4:3a:22:85:fe:53:88:64:b8:d6:b6:4b:6f:82:26:e1:58:fb:
         2f:a7:d6:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xn1uOpu5kLo5GReXx3cQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOTQ5YjQ3ZGYzMTNjYmFiOTQ1MmRhOThmY2M2Mzc2MDhh
OTA5YmQwHhcNMjYwMTAxMDQxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWFiMTM0NWU0MTdmYjBiMjUxNWFlMTkyNjM1NTUwNTlkNGVkN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBud8QuDauy/4JFn0/gM6nSj828k
vA7icg3nd9jTYRmg/wrzGPJMAEKShiq9e1e2tUcAKbl1dJa/ThY/axS7+QqO/NPE
Tvg4UQ0Mu5goHYpqPHorpGuW/3G7c6UZ6n8D/+nDPW4iWgYMJdF5G0V72N13Fr0F
SQRxjmqVNI27nDg5H/qPImYkk42nvHFhalzROF2eeLJFTBIVj72TWoeEmkfIoGok
vWTxEdFLba6fuaMrraDXHBMbn3RyGm3UQDs6Er5iXTh1CLGx8zoYdYz2io6tssAU
L7z8J7r+n8tz7Ez1dL3UvJIKdcIlyLrDq0UmqBFo2llb0voYbmcfUCfMSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqrE0XkF/sLJRWuGSY1VQWdTteiMB8GA1UdIwQY
MBaAFHGUm0ffMTy6uUUtqY/MY3YIqQm9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1pTYlI5OHhQTHE1UlMycGo4eGpkZ2lwQ2IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iMzNhNzgtYTUxZS00NmU0LTg2NDgt
MDA2NmY1NDFmYWVhLzEvaXFzVFJlUVgtd3NsRmE0WkpqVlZCWjFPMTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iMzNhNzgtYTUxZS00NmU0LTg2NDgtMDA2NmY1NDFmYWVh
LzEvY1pTYlI5OHhQTHE1UlMycGo4eGpkZ2lwQ2IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlT4gMA0G
CSqGSIb3DQEBCwUAA4IBAQAES8SJL0Ydyw6E05z9I+p5dPTDF8D4AyyC8WoEhf2l
hZn2Fz06JE3yscoDYRVn7B+YCJQ8cDE0w4ubwgKHvjByhHb6LEN1GWlFDjY+drTO
9UROoKX6imla3byshOXjhTE12XVnZmsFu63s93hJg+lDfqpACImydfNN5NkysCsN
6Cu2ylx7No84WCNeDqi7fF7IOlH/jgfPlw4gNpi9Ip64yt6rJxEhOc4D1WypVWWE
DEoUIxRSV8RIJEaDy2KJjNWL4oCrJLGvuq/vhFsWY8utjTz6CYVzHpsg5LDIG7uA
3ePOoGwaLI+7XpPkOiKF/lOIZLjWtktvgibhWPsvp9ZE
-----END CERTIFICATE-----