This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jxBNsblR2jvdqBVqgCcxlxoDl0Y.roa
File:                     jxBNsblR2jvdqBVqgCcxlxoDl0Y.roa (raw, json)
Hash identifier:          DdAWt9a8TD1COTX6TaS4mUDgSHL2IYSl05jiSUYe7bk=
Subject key identifier:   8F:10:4D:B1:B9:51:DA:3B:DD:A8:15:6A:80:27:31:97:1A:03:97:46
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82BEC863B38D59CFA2A4D17EC458BD
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jxBNsblR2jvdqBVqgCcxlxoDl0Y.roa
Signing time:             Fri 02 Jan 2026 16:20:33 +0000
ROA not before:           Fri 02 Jan 2026 16:20:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51692
IP address blocks:        185.242.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:be:c8:63:b3:8d:59:cf:a2:a4:d1:7e:c4:58:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f104db1b951da3bdda8156a802731971a039746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4b:d6:87:45:cf:d4:38:56:85:f1:e3:53:a5:
                    07:01:8e:f6:1f:0e:bc:65:e5:df:c2:de:66:86:df:
                    59:21:f0:c4:21:0b:3f:01:f5:bf:0c:54:17:cf:31:
                    e9:63:85:02:a7:24:c4:0d:24:d0:ec:b4:a1:47:61:
                    17:1b:0f:05:ec:07:32:22:65:43:6e:46:05:b9:8e:
                    83:24:ef:24:bb:1b:ef:e1:6c:47:b4:01:5d:a3:0e:
                    29:e3:29:d2:e9:f0:44:ba:b9:cf:1a:b0:c0:0a:0e:
                    e8:78:bd:6a:0e:06:f5:e7:3d:78:43:e7:06:df:38:
                    2d:74:39:0f:fd:a1:c1:9a:ac:94:b4:2d:d0:0a:58:
                    14:fb:92:36:21:d3:2b:27:bc:2b:46:d1:20:dc:43:
                    ce:cc:01:ba:ab:5e:36:30:6e:36:7a:d9:1c:a2:59:
                    fb:1a:e5:28:06:b3:4b:3d:99:ee:13:c6:1f:e0:95:
                    15:35:17:d3:cc:68:68:6a:f7:32:34:87:2c:df:57:
                    4b:23:4a:ef:4f:ae:9b:5e:e5:e0:cf:38:0d:a3:04:
                    25:3a:7c:4e:1c:d5:05:b7:b0:3f:54:51:36:33:bd:
                    21:56:ba:56:f6:ce:ec:13:9f:82:3e:48:74:04:b9:
                    9d:1a:cb:9d:65:3c:bc:1d:d7:9a:4a:28:49:48:1b:
                    6b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:10:4D:B1:B9:51:DA:3B:DD:A8:15:6A:80:27:31:97:1A:03:97:46
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jxBNsblR2jvdqBVqgCcxlxoDl0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ee:64:e7:c5:3d:f6:50:19:d9:92:56:18:c9:13:81:3e:3e:
         4c:d4:66:ed:1a:51:f6:b8:f7:76:1b:0a:35:e2:d2:a1:72:17:
         2a:a0:78:12:d8:b0:d9:b1:98:a0:62:8e:57:6a:fe:21:12:65:
         c6:46:60:14:bc:d9:5b:52:0e:9d:08:5f:b7:68:f2:a8:70:ff:
         58:a0:99:08:60:5b:01:de:e4:58:e6:3f:70:79:1e:de:d3:24:
         ee:ae:85:0a:e7:a0:d5:83:fe:40:b9:30:4a:a6:2e:31:e6:f2:
         a7:7a:3b:2c:2e:c8:d2:1b:4a:88:88:21:8a:c6:09:d3:19:9c:
         94:2b:c3:ec:58:28:74:9f:5f:71:40:9a:01:28:7f:e7:59:1b:
         ad:06:b6:44:6b:df:8b:d3:c0:e5:ce:ae:4d:2f:8e:bc:52:78:
         c5:eb:3b:9a:11:8d:c1:be:28:e5:0f:cb:67:0e:ca:d0:a3:5f:
         a1:bc:ad:9b:1a:ba:ac:cc:df:f4:27:dc:43:ec:0a:8a:89:ac:
         a4:e7:f7:42:2c:8c:56:58:c7:33:81:12:84:0f:ec:12:07:3f:
         99:83:84:06:f9:e8:44:20:f1:c3:38:c4:0c:34:07:71:d3:dd:
         68:2d:2b:12:b9:05:47:9b:39:86:e8:ff:bd:4c:88:09:e1:86:
         a1:0b:9a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gr7IY7ONWc+ipNF+xFi9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjEwNGRiMWI5NTFkYTNiZGRhODE1NmE4MDI3MzE5NzFhMDM5NzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUvWh0XP1DhWhfHjU6UHAY72Hw68
ZeXfwt5mht9ZIfDEIQs/AfW/DFQXzzHpY4UCpyTEDSTQ7LShR2EXGw8F7AcyImVD
bkYFuY6DJO8kuxvv4WxHtAFdow4p4ynS6fBEurnPGrDACg7oeL1qDgb15z14Q+cG
3zgtdDkP/aHBmqyUtC3QClgU+5I2IdMrJ7wrRtEg3EPOzAG6q142MG42etkcoln7
GuUoBrNLPZnuE8Yf4JUVNRfTzGhoavcyNIcs31dLI0rvT66bXuXgzzgNowQlOnxO
HNUFt7A/VFE2M70hVrpW9s7sE5+CPkh0BLmdGsudZTy8HdeaSihJSBtrowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8QTbG5Udo73agVaoAnMZcaA5dGMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvanhCTnNibFIyanZkcUJWcWdDY3hseG9EbDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufLhMA0G
CSqGSIb3DQEBCwUAA4IBAQAo7mTnxT32UBnZklYYyROBPj5M1GbtGlH2uPd2Gwo1
4tKhchcqoHgS2LDZsZigYo5Xav4hEmXGRmAUvNlbUg6dCF+3aPKocP9YoJkIYFsB
3uRY5j9weR7e0yTuroUK56DVg/5AuTBKpi4x5vKnejssLsjSG0qIiCGKxgnTGZyU
K8PsWCh0n19xQJoBKH/nWRutBrZEa9+L08Dlzq5NL468UnjF6zuaEY3BvijlD8tn
DsrQo1+hvK2bGrqszN/0J9xD7AqKiayk5/dCLIxWWMczgRKED+wSBz+Zg4QG+ehE
IPHDOMQMNAdx091oLSsSuQVHmzmG6P+9TIgJ4YahC5o4
-----END CERTIFICATE-----