This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/qcZqkbdkLZZa3XsoXnzWIg4lkNA.roa
File:                     qcZqkbdkLZZa3XsoXnzWIg4lkNA.roa (raw, json)
Hash identifier:          tRPGhWRA4YG4fJTzot/K2CzIRoSTdtPLVAfTI2Tt3mk=
Subject key identifier:   A9:C6:6A:91:B7:64:2D:96:5A:DD:7B:28:5E:7C:D6:22:0E:25:90:D0
Certificate issuer:       /CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
Certificate serial:       019B024E128D2686AE55634601D6484AC447
Authority key identifier: 03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/qcZqkbdkLZZa3XsoXnzWIg4lkNA.roa
Signing time:             Tue 09 Dec 2025 08:50:29 +0000
ROA not before:           Tue 09 Dec 2025 08:50:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55154
IP address blocks:        185.84.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 14:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:02:4e:12:8d:26:86:ae:55:63:46:01:d6:48:4a:c4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
        Validity
            Not Before: Dec  9 08:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9c66a91b7642d965add7b285e7cd6220e2590d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:84:33:ed:8e:e1:d6:cd:f2:49:4b:78:07:08:
                    a1:71:2a:18:61:34:2a:fe:b6:be:0b:f9:ed:46:15:
                    52:71:46:da:f5:0d:cc:67:db:64:53:0e:7d:f6:3d:
                    e0:97:4e:fc:ba:2a:32:92:52:15:e5:97:7a:44:36:
                    9d:24:96:7a:ad:bb:92:f8:69:4b:7f:27:d1:02:9c:
                    e6:79:33:85:03:18:d5:47:a9:06:98:dd:67:89:62:
                    40:72:63:c9:9e:df:f7:a6:a4:c8:a2:db:81:39:ed:
                    5e:33:70:8c:53:00:0e:44:17:87:aa:af:5e:81:3c:
                    d9:e5:58:32:d3:d4:29:37:7f:2d:3b:3c:d0:1e:99:
                    2e:b7:81:2e:9d:f5:f3:7a:98:0a:18:fb:26:34:4b:
                    f8:95:0a:ae:e3:03:14:99:01:73:bb:0c:e7:0c:c2:
                    ff:bc:c3:f8:13:fd:73:e6:46:d0:33:17:4a:7c:8d:
                    59:2d:5e:2f:a4:a8:37:fe:22:18:31:3c:cb:2d:8b:
                    6c:a1:a2:d3:81:a7:28:e7:3b:ff:66:eb:bc:17:2f:
                    4c:82:d8:81:b3:4f:02:75:2f:71:51:8b:03:63:a8:
                    dc:9d:71:5c:1e:96:31:65:1b:64:64:df:87:0c:14:
                    61:4f:3e:2f:f2:f8:e0:5d:84:14:9a:68:30:a7:d4:
                    e6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C6:6A:91:B7:64:2D:96:5A:DD:7B:28:5E:7C:D6:22:0E:25:90:D0
            X509v3 Authority Key Identifier:
                keyid:03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/qcZqkbdkLZZa3XsoXnzWIg4lkNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:6e:76:a2:8a:30:bc:32:5f:29:56:8b:d6:3b:19:6f:a3:fe:
         8b:ec:63:5a:40:cd:cc:49:95:d1:6a:31:6a:a8:4a:3d:4f:8e:
         f8:58:db:28:52:40:0b:c4:d1:d9:33:af:e7:d9:2d:42:64:9d:
         48:66:50:12:34:64:7e:ea:e3:ab:47:19:c2:23:6d:35:01:2b:
         ba:d9:a6:61:02:85:17:20:4d:35:b2:41:44:ef:56:f2:c7:47:
         31:5c:94:4d:7e:6f:54:f2:2a:7f:1c:76:1c:2f:92:bf:45:f2:
         e5:79:76:e9:e9:06:0c:8b:c1:e0:9d:8e:a2:34:4d:2c:ff:8b:
         3e:2e:a5:01:c3:80:58:78:96:c1:18:82:80:0c:98:5c:4c:1c:
         b6:63:ce:1c:92:73:c6:3c:58:1b:d1:82:27:36:98:c7:ba:b1:
         9c:50:f5:71:b8:1f:31:3a:21:ae:11:e1:3d:24:25:9a:52:36:
         de:1e:61:56:8a:25:e1:f1:3b:13:97:c1:07:12:f0:af:fa:8b:
         52:40:a2:a3:95:ad:69:b9:78:2e:6b:53:58:99:30:49:17:05:
         1a:57:55:c6:02:11:d2:a3:98:b2:26:fe:8e:9e:b9:76:d1:b5:
         03:e1:ab:30:cc:4c:5f:11:9d:53:1d:53:7a:42:5a:0c:23:b6:
         21:48:43:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsCThKNJoauVWNGAdZISsRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMzY0ZmNlZGQ2OTEzNTc3MzNjZDVjY2Q3MDI5ZGI4ZTYx
ZDFlM2EwHhcNMjUxMjA5MDg1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM2NmE5MWI3NjQyZDk2NWFkZDdiMjg1ZTdjZDYyMjBlMjU5MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoQz7Y7h1s3ySUt4BwihcSoYYTQq
/ra+C/ntRhVScUba9Q3MZ9tkUw599j3gl078uioyklIV5Zd6RDadJJZ6rbuS+GlL
fyfRApzmeTOFAxjVR6kGmN1niWJAcmPJnt/3pqTIotuBOe1eM3CMUwAORBeHqq9e
gTzZ5Vgy09QpN38tOzzQHpkut4EunfXzepgKGPsmNEv4lQqu4wMUmQFzuwznDML/
vMP4E/1z5kbQMxdKfI1ZLV4vpKg3/iIYMTzLLYtsoaLTgaco5zv/Zuu8Fy9MgtiB
s08CdS9xUYsDY6jcnXFcHpYxZRtkZN+HDBRhTz4v8vjgXYQUmmgwp9TmHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnGapG3ZC2WWt17KF581iIOJZDQMB8GA1UdIwQY
MBaAFAM2T87daRNXczzVzNcCnbjmHR46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEt
YWJmMGI1OTQ2NDZmLzEvcWNacWtiZGtMWlphM1hzb1hueldJZzRsa05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEtYWJmMGI1OTQ2NDZm
LzEvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVScMA0G
CSqGSIb3DQEBCwUAA4IBAQCibnaiijC8Ml8pVovWOxlvo/6L7GNaQM3MSZXRajFq
qEo9T474WNsoUkALxNHZM6/n2S1CZJ1IZlASNGR+6uOrRxnCI201ASu62aZhAoUX
IE01skFE71byx0cxXJRNfm9U8ip/HHYcL5K/RfLleXbp6QYMi8HgnY6iNE0s/4s+
LqUBw4BYeJbBGIKADJhcTBy2Y84cknPGPFgb0YInNpjHurGcUPVxuB8xOiGuEeE9
JCWaUjbeHmFWiiXh8TsTl8EHEvCv+otSQKKjla1puXgua1NYmTBJFwUaV1XGAhHS
o5iyJv6Onrl20bUD4aswzExfEZ1THVN6QloMI7YhSEOX
-----END CERTIFICATE-----