This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/hXW_JJYbDEuARBvQ3ahscidHNa4.roa
File:                     hXW_JJYbDEuARBvQ3ahscidHNa4.roa (raw, json)
Hash identifier:          vgu1i3fvHneLweEnm2qJqevE9QNy+k15JJYScMlG9SQ=
Subject key identifier:   85:75:BF:24:96:1B:0C:4B:80:44:1B:D0:DD:A8:6C:72:27:47:35:AE
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       019B7AC85F73618A223748453244769FF92A
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/hXW_JJYbDEuARBvQ3ahscidHNa4.roa
Signing time:             Thu 01 Jan 2026 18:18:30 +0000
ROA not before:           Thu 01 Jan 2026 18:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     269070
IP address blocks:        185.14.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 12:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:5f:73:61:8a:22:37:48:45:32:44:76:9f:f9:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Jan  1 18:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8575bf24961b0c4b80441bd0dda86c72274735ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:27:d3:b6:39:f9:f3:09:85:ca:74:30:0f:a4:
                    05:a1:fd:66:62:7a:d3:89:71:a6:02:ae:e4:09:5b:
                    4b:11:67:55:c7:aa:45:77:a2:57:e2:8f:f4:fe:6e:
                    b5:e3:41:76:71:02:8a:f5:d6:4c:d2:11:8f:a6:f5:
                    e3:87:b7:73:23:02:92:09:17:e9:9c:de:a5:1c:9e:
                    e8:1e:71:3e:35:0e:ba:71:98:f7:88:71:a2:3f:77:
                    2a:ee:ec:07:a7:f2:36:fa:bb:af:fd:b7:d0:9f:55:
                    26:8e:6e:2c:42:31:2c:ee:13:60:94:58:dc:ec:c3:
                    1f:99:f3:1b:0f:ec:73:21:34:e2:ce:86:e4:7f:4e:
                    62:62:0d:28:0e:6c:9e:f3:b0:e7:07:02:13:98:21:
                    33:59:00:b9:62:9b:ab:af:bb:e1:3b:06:e6:f0:19:
                    93:51:5c:cb:41:3b:54:b2:07:ee:c9:88:3d:be:41:
                    50:5a:d9:e6:17:e7:10:de:0a:86:a2:7f:27:6e:22:
                    39:cd:ee:f8:81:c8:b0:b5:0b:71:f2:13:1e:05:47:
                    4d:c5:18:d7:4d:1c:70:31:31:5e:43:36:a1:dc:26:
                    fc:d6:01:10:c7:06:53:53:a6:01:af:4e:72:43:58:
                    e8:a6:b9:1e:c3:01:09:57:fb:da:31:c3:ff:26:3a:
                    83:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:75:BF:24:96:1B:0C:4B:80:44:1B:D0:DD:A8:6C:72:27:47:35:AE
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/hXW_JJYbDEuARBvQ3ahscidHNa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d5:60:17:92:62:88:64:3a:ed:9e:b9:7a:9a:5c:f0:a5:11:
         dc:11:e9:cc:5f:c8:c7:16:f9:2f:f6:18:ed:9a:79:cd:40:37:
         6d:6b:89:a6:38:bf:ad:9d:fb:2e:49:e2:e6:cf:f3:8f:1a:4e:
         a7:3b:34:97:3a:db:fa:4b:63:ba:ac:d2:00:a0:84:25:dc:2f:
         71:d7:9e:43:d9:49:bf:48:35:20:e1:91:71:a3:13:da:21:c2:
         d4:1f:8c:39:82:32:44:94:09:5d:c3:c5:cb:63:16:c7:ce:76:
         28:a9:40:71:83:c6:2e:dc:fd:cf:55:dc:e6:d8:44:9a:1b:e7:
         73:3f:4c:e5:fd:e3:2d:e6:c5:02:a8:0d:c1:7c:5b:e9:67:5f:
         bf:b9:36:77:3c:73:34:eb:13:92:b0:39:e4:43:db:7e:54:17:
         d9:ea:46:3a:7c:c4:61:d5:38:7e:21:b2:7c:bd:0e:0e:03:4a:
         af:3d:bd:36:46:5c:dd:bb:40:d0:61:17:e6:0f:00:92:cf:8a:
         88:72:1a:29:39:d0:0a:1c:32:4b:72:02:56:7f:15:44:40:16:
         9e:99:35:17:d4:4a:a7:45:ea:25:28:3a:30:37:d2:69:f1:a8:
         4b:02:f7:2b:e9:50:e2:b2:10:ac:e0:5b:8a:c3:e6:c0:76:12:
         ad:98:88:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yF9zYYoiN0hFMkR2n/kqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjYwMTAxMTgxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTc1YmYyNDk2MWIwYzRiODA0NDFiZDBkZGE4NmM3MjI3NDczNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyfTtjn58wmFynQwD6QFof1mYnrT
iXGmAq7kCVtLEWdVx6pFd6JX4o/0/m6140F2cQKK9dZM0hGPpvXjh7dzIwKSCRfp
nN6lHJ7oHnE+NQ66cZj3iHGiP3cq7uwHp/I2+ruv/bfQn1Umjm4sQjEs7hNglFjc
7MMfmfMbD+xzITTizobkf05iYg0oDmye87DnBwITmCEzWQC5Ypurr7vhOwbm8BmT
UVzLQTtUsgfuyYg9vkFQWtnmF+cQ3gqGon8nbiI5ze74gciwtQtx8hMeBUdNxRjX
TRxwMTFeQzah3Cb81gEQxwZTU6YBr05yQ1joprkewwEJV/vaMcP/JjqDqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIV1vySWGwxLgEQb0N2obHInRzWuMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvaFhXX0pKWWJERXVBUkJ2UTNhaHNjaWRITmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7uMA0G
CSqGSIb3DQEBCwUAA4IBAQBS1WAXkmKIZDrtnrl6mlzwpRHcEenMX8jHFvkv9hjt
mnnNQDdta4mmOL+tnfsuSeLmz/OPGk6nOzSXOtv6S2O6rNIAoIQl3C9x155D2Um/
SDUg4ZFxoxPaIcLUH4w5gjJElAldw8XLYxbHznYoqUBxg8Yu3P3PVdzm2ESaG+dz
P0zl/eMt5sUCqA3BfFvpZ1+/uTZ3PHM06xOSsDnkQ9t+VBfZ6kY6fMRh1Th+IbJ8
vQ4OA0qvPb02Rlzdu0DQYRfmDwCSz4qIchopOdAKHDJLcgJWfxVEQBaemTUX1Eqn
ReolKDowN9Jp8ahLAvcr6VDishCs4FuKw+bAdhKtmIjR
-----END CERTIFICATE-----