This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/rQAyAtXzJK9OUHUnzLQaQxxr-TQ.roa
File:                     rQAyAtXzJK9OUHUnzLQaQxxr-TQ.roa (raw, json)
Hash identifier:          w5olPQMvIP8vMcrwMgipPdsnMo21DZm6sV/LFip8PYc=
Subject key identifier:   AD:00:32:02:D5:F3:24:AF:4E:50:75:27:CC:B4:1A:43:1C:6B:F9:34
Certificate issuer:       /CN=1c73a7fc304bc02d8074476d075db5cdcd2dabde
Certificate serial:       019B31E155898F84BD7E94093E39AE8CDB0E
Authority key identifier: 1C:73:A7:FC:30:4B:C0:2D:80:74:47:6D:07:5D:B5:CD:CD:2D:AB:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHOn_DBLwC2AdEdtB121zc0tq94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/rQAyAtXzJK9OUHUnzLQaQxxr-TQ.roa
Signing time:             Thu 18 Dec 2025 14:33:29 +0000
ROA not before:           Thu 18 Dec 2025 14:33:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39069
IP address blocks:        147.84.0.0/16 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/HHOn_DBLwC2AdEdtB121zc0tq94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/HHOn_DBLwC2AdEdtB121zc0tq94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHOn_DBLwC2AdEdtB121zc0tq94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Dec 2025 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:31:e1:55:89:8f:84:bd:7e:94:09:3e:39:ae:8c:db:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c73a7fc304bc02d8074476d075db5cdcd2dabde
        Validity
            Not Before: Dec 18 14:33:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad003202d5f324af4e507527ccb41a431c6bf934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2f:ad:af:6b:cb:b3:19:dd:56:d7:ac:f6:84:
                    2d:7a:4a:a7:06:12:16:ea:6a:f0:6f:79:82:95:0b:
                    4a:8f:8b:20:10:01:b0:29:5c:33:58:9a:2b:86:34:
                    91:21:c2:f2:39:52:b0:99:49:1c:94:94:57:fb:f2:
                    d2:e4:e1:91:fc:53:9c:f6:0c:af:e9:15:04:ab:64:
                    a0:0c:c2:84:a6:09:ae:a6:c3:46:40:97:a9:ec:88:
                    b4:a5:39:26:17:41:01:2c:87:82:4f:53:c7:e1:da:
                    c2:37:55:c0:a0:44:52:01:77:d6:a0:15:05:1d:2d:
                    bb:ce:40:9c:54:66:c0:75:07:26:2b:bc:c0:2a:ff:
                    6b:ac:2d:da:1b:70:e4:48:36:4c:62:08:dd:5e:ad:
                    d8:75:92:86:ba:38:cc:48:34:42:87:5c:ca:52:9c:
                    7a:ff:b1:86:8a:6e:cb:d0:d1:04:c6:a1:75:39:35:
                    25:e9:c0:05:78:e2:85:49:93:b9:a0:b5:94:eb:af:
                    b6:a6:e0:80:d5:0e:25:86:d8:bc:0c:b9:ee:c5:e2:
                    47:8d:64:c4:9c:df:3c:4e:7d:e3:b7:3b:0c:28:d6:
                    7d:28:45:25:3c:ea:c8:67:b1:29:18:43:eb:29:84:
                    d7:a3:df:f7:10:57:b2:8e:ed:ce:16:b5:6f:de:17:
                    ce:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:00:32:02:D5:F3:24:AF:4E:50:75:27:CC:B4:1A:43:1C:6B:F9:34
            X509v3 Authority Key Identifier:
                keyid:1C:73:A7:FC:30:4B:C0:2D:80:74:47:6D:07:5D:B5:CD:CD:2D:AB:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHOn_DBLwC2AdEdtB121zc0tq94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/rQAyAtXzJK9OUHUnzLQaQxxr-TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/HHOn_DBLwC2AdEdtB121zc0tq94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.84.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         94:fc:80:76:29:9f:bb:73:3e:b8:12:fa:59:55:06:1e:3c:1e:
         f2:25:7f:29:4e:c3:a2:04:a9:60:f9:bb:81:5f:f1:ee:09:0c:
         a5:77:d4:40:bf:c7:f1:58:c7:34:15:5f:8b:d7:84:c2:77:d7:
         8e:fa:99:32:33:6f:24:7e:39:a5:63:45:9e:74:03:d5:53:dc:
         77:c5:0a:13:d9:20:7e:65:19:17:0d:3e:5c:28:b7:7e:f2:4b:
         f5:0d:c2:0c:61:dd:a9:e9:57:27:12:21:2e:84:04:2d:a3:5d:
         fd:40:15:fd:93:98:7e:20:c1:54:41:fc:ad:c1:42:1a:24:1e:
         26:2b:64:ba:fb:02:b1:70:18:95:c3:94:eb:fd:37:0b:fe:f4:
         0c:78:ba:8b:10:34:85:ec:95:e4:74:f6:e4:b5:84:15:0e:5c:
         0b:1e:83:0b:7a:8e:62:0e:55:6d:4e:8a:69:0b:8a:40:0e:cf:
         8e:16:74:95:be:ae:cb:3c:81:08:f1:56:82:3a:1b:9c:00:28:
         66:ce:09:db:b5:56:9a:a0:d3:67:58:48:55:e0:39:40:07:3a:
         40:c1:8d:d9:38:2b:7f:01:d3:86:b8:58:d6:ee:bb:3f:db:90:
         34:e0:c5:ff:3c:a9:c9:37:83:28:6b:7d:21:d0:0d:1c:6b:14:
         cb:78:68:4b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZsx4VWJj4S9fpQJPjmujNsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzNhN2ZjMzA0YmMwMmQ4MDc0NDc2ZDA3NWRiNWNkY2Qy
ZGFiZGUwHhcNMjUxMjE4MTQzMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDAwMzIwMmQ1ZjMyNGFmNGU1MDc1MjdjY2I0MWE0MzFjNmJmOTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApC+tr2vLsxndVtes9oQtekqnBhIW
6mrwb3mClQtKj4sgEAGwKVwzWJorhjSRIcLyOVKwmUkclJRX+/LS5OGR/FOc9gyv
6RUEq2SgDMKEpgmupsNGQJep7Ii0pTkmF0EBLIeCT1PH4drCN1XAoERSAXfWoBUF
HS27zkCcVGbAdQcmK7zAKv9rrC3aG3DkSDZMYgjdXq3YdZKGujjMSDRCh1zKUpx6
/7GGim7L0NEExqF1OTUl6cAFeOKFSZO5oLWU66+2puCA1Q4lhti8DLnuxeJHjWTE
nN88Tn3jtzsMKNZ9KEUlPOrIZ7EpGEPrKYTXo9/3EFeyju3OFrVv3hfOMQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFK0AMgLV8ySvTlB1J8y0GkMca/k0MB8GA1UdIwQY
MBaAFBxzp/wwS8AtgHRHbQddtc3NLaveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhPbl9EQkx3QzJBZEVkdEIxMjF6YzB0cTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy84MTBjNzItZDQxNi00YTE0LThhY2Et
YThmYWVlYjdlZTUyLzEvclFBeUF0WHpKSzlPVUhVbnpMUWFReHhyLVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy84MTBjNzItZDQxNi00YTE0LThhY2EtYThmYWVlYjdlZTUy
LzEvSEhPbl9EQkx3QzJBZEVkdEIxMjF6YzB0cTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk1QwDQYJ
KoZIhvcNAQELBQADggEBAJT8gHYpn7tzPrgS+llVBh48HvIlfylOw6IEqWD5u4Ff
8e4JDKV31EC/x/FYxzQVX4vXhMJ31476mTIzbyR+OaVjRZ50A9VT3HfFChPZIH5l
GRcNPlwot37yS/UNwgxh3anpVycSIS6EBC2jXf1AFf2TmH4gwVRB/K3BQhokHiYr
ZLr7ArFwGJXDlOv9Nwv+9Ax4uosQNIXsleR09uS1hBUOXAsegwt6jmIOVW1OimkL
ikAOz44WdJW+rss8gQjxVoI6G5wAKGbOCdu1Vpqg02dYSFXgOUAHOkDBjdk4K38B
04a4WNbuuz/bkDTgxf88qck3gyhrfSHQDRxrFMt4aEs=
-----END CERTIFICATE-----