This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/1jBYr9FWsRPu64lYAnK0ta-WBdA.roa
File:                     1jBYr9FWsRPu64lYAnK0ta-WBdA.roa (raw, json)
Hash identifier:          3LputYmrn0IPDDaA7qSescZ3E0lTXKfvLlqfzkE/kU0=
Subject key identifier:   D6:30:58:AF:D1:56:B1:13:EE:EB:89:58:02:72:B4:B5:AF:96:05:D0
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       019B7AC85F3A2E4E4BDE3CB2EF80121D7EED
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/1jBYr9FWsRPu64lYAnK0ta-WBdA.roa
Signing time:             Thu 01 Jan 2026 18:18:30 +0000
ROA not before:           Thu 01 Jan 2026 18:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213690
IP address blocks:        185.14.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 19:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:5f:3a:2e:4e:4b:de:3c:b2:ef:80:12:1d:7e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Jan  1 18:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d63058afd156b113eeeb89580272b4b5af9605d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:76:04:8b:fe:4a:62:7a:8b:7b:89:70:d5:00:
                    5c:58:e0:9e:40:0d:87:8e:83:f5:84:98:65:fd:b5:
                    cf:da:b0:e0:a1:74:68:b7:01:55:e0:3c:30:02:7d:
                    fa:67:48:40:01:72:e6:9a:32:c6:ed:2f:d8:49:15:
                    79:01:ee:41:08:3d:24:ab:f3:28:4f:6c:7b:5f:36:
                    cf:1d:6c:ac:96:4a:93:3e:13:3b:c7:95:33:60:c1:
                    7c:98:61:b5:17:65:e4:b5:2a:8b:25:34:9e:8a:4e:
                    95:bf:69:36:5e:5e:95:d1:4e:53:ba:5a:8b:5d:b4:
                    45:c0:d4:fa:6e:a7:39:a6:72:60:08:50:eb:a2:20:
                    e1:41:dd:70:42:44:c3:6d:e5:2b:60:a0:e3:c9:3e:
                    56:b0:53:8a:e8:67:08:db:1b:b3:89:a6:d5:52:6d:
                    eb:f9:3f:a5:7e:54:ba:c1:55:27:a6:c1:e6:e4:e2:
                    e6:6a:24:59:45:ac:60:16:54:66:ed:c7:4e:20:37:
                    86:11:08:3f:28:b5:97:b0:b5:90:c4:31:fb:12:45:
                    30:68:27:d8:1f:1d:d5:e8:82:38:d5:52:46:75:58:
                    8e:83:8a:5b:17:b3:60:70:0f:86:b9:22:bc:41:4a:
                    84:b0:83:03:ac:a9:c3:6d:52:c4:35:a8:d7:c5:0d:
                    35:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:30:58:AF:D1:56:B1:13:EE:EB:89:58:02:72:B4:B5:AF:96:05:D0
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/1jBYr9FWsRPu64lYAnK0ta-WBdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:db:6f:ea:0f:0f:49:e0:b3:a5:3f:e6:19:fd:12:47:6b:6b:
         a9:0b:53:ef:67:37:5e:4f:28:52:4c:94:84:ae:ff:d3:79:d0:
         d3:1e:8b:ed:76:83:1f:0d:c1:c4:a4:57:b1:0b:a9:e8:6f:f2:
         71:51:84:aa:c2:5f:6b:0e:ad:61:af:12:08:17:86:ad:bf:cf:
         e0:6c:82:74:46:a6:56:b3:4f:6c:9a:7b:91:90:b8:b8:ed:3c:
         45:28:9b:4a:30:aa:33:ac:e5:de:db:ce:ac:9d:99:ab:e4:0d:
         30:a1:df:33:3f:85:9b:66:96:40:35:2e:47:39:5b:e6:8c:25:
         10:7e:cc:ca:73:cf:52:da:0e:1b:c5:61:f8:ce:bb:eb:48:53:
         cc:da:8c:4e:8b:5e:51:28:21:c1:e7:62:7c:d9:93:b1:02:0e:
         87:f9:6c:da:18:70:4e:72:c8:4f:7b:ac:7d:33:21:18:46:38:
         ba:30:42:39:ec:4e:32:b9:8a:44:22:95:91:92:f4:0c:45:a1:
         4b:02:c2:dc:5a:ea:05:bd:f0:05:e2:c2:ed:56:56:df:35:c2:
         b3:21:47:90:ad:d5:54:4d:4b:6e:b9:5b:94:44:3e:89:b1:4f:
         5b:b8:58:ce:2f:77:11:d9:ca:6a:ba:94:a9:bf:eb:6b:cf:ce:
         8e:82:70:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yF86Lk5L3jyy74ASHX7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjYwMTAxMTgxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjMwNThhZmQxNTZiMTEzZWVlYjg5NTgwMjcyYjRiNWFmOTYwNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXYEi/5KYnqLe4lw1QBcWOCeQA2H
joP1hJhl/bXP2rDgoXRotwFV4DwwAn36Z0hAAXLmmjLG7S/YSRV5Ae5BCD0kq/Mo
T2x7XzbPHWyslkqTPhM7x5UzYMF8mGG1F2XktSqLJTSeik6Vv2k2Xl6V0U5TulqL
XbRFwNT6bqc5pnJgCFDroiDhQd1wQkTDbeUrYKDjyT5WsFOK6GcI2xuziabVUm3r
+T+lflS6wVUnpsHm5OLmaiRZRaxgFlRm7cdOIDeGEQg/KLWXsLWQxDH7EkUwaCfY
Hx3V6II41VJGdViOg4pbF7NgcA+GuSK8QUqEsIMDrKnDbVLENajXxQ01sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYwWK/RVrET7uuJWAJytLWvlgXQMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvMWpCWXI5RldzUlB1NjRsWUFuSzB0YS1XQmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7uMA0G
CSqGSIb3DQEBCwUAA4IBAQAH22/qDw9J4LOlP+YZ/RJHa2upC1PvZzdeTyhSTJSE
rv/TedDTHovtdoMfDcHEpFexC6nob/JxUYSqwl9rDq1hrxIIF4atv8/gbIJ0RqZW
s09smnuRkLi47TxFKJtKMKozrOXe286snZmr5A0wod8zP4WbZpZANS5HOVvmjCUQ
fszKc89S2g4bxWH4zrvrSFPM2oxOi15RKCHB52J82ZOxAg6H+WzaGHBOcshPe6x9
MyEYRji6MEI57E4yuYpEIpWRkvQMRaFLAsLcWuoFvfAF4sLtVlbfNcKzIUeQrdVU
TUtuuVuURD6JsU9buFjOL3cR2cpqupSpv+trz86OgnBn
-----END CERTIFICATE-----