This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/JXqXZhRMyYLEhxzVh3Gj36s_Ph0.roa
File:                     JXqXZhRMyYLEhxzVh3Gj36s_Ph0.roa (raw, json)
Hash identifier:          pjrfkngpXTbXlOemB2zK4PxTtGivr+ki34ZUor3sLNE=
Subject key identifier:   25:7A:97:66:14:4C:C9:82:C4:87:1C:D5:87:71:A3:DF:AB:3F:3E:1D
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       019B7A5AB96C378EFDB4D94DE434E4832AE7
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/JXqXZhRMyYLEhxzVh3Gj36s_Ph0.roa
Signing time:             Thu 01 Jan 2026 16:18:44 +0000
ROA not before:           Thu 01 Jan 2026 16:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215389
IP address blocks:        185.14.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 19:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b9:6c:37:8e:fd:b4:d9:4d:e4:34:e4:83:2a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 16:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=257a9766144cc982c4871cd58771a3dfab3f3e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bd:d5:dc:dc:06:c6:a1:5d:95:00:d5:a3:02:
                    34:33:dc:ca:e1:d4:bc:c2:bc:77:f5:3f:90:97:1d:
                    6f:84:35:a6:a9:d9:f7:82:db:23:6b:62:b5:e1:4c:
                    53:bd:1b:66:df:6c:15:84:5e:d9:9d:a1:d8:77:38:
                    3c:82:ec:fc:39:35:4a:53:ab:0c:1a:22:11:0d:4f:
                    15:11:8f:5b:e2:f1:ac:55:49:63:95:0b:fc:ff:da:
                    66:3e:c1:d6:72:d6:44:dd:cb:85:02:50:90:73:fd:
                    55:d8:7c:65:56:bb:32:d8:20:d6:ef:81:e7:2e:21:
                    51:50:0b:e1:8a:49:ac:81:98:3d:6e:d1:c1:40:89:
                    bc:e9:64:77:49:ae:ea:9d:de:74:90:f3:23:27:ca:
                    fb:c4:e5:a9:27:05:01:07:7e:8e:64:52:19:36:7b:
                    03:70:25:83:c2:59:7e:72:20:67:37:56:8b:c6:a2:
                    e0:8e:97:26:de:10:64:df:ea:8e:57:c9:99:c2:3d:
                    bd:f6:ff:e9:ed:51:5d:59:d4:ba:bd:3b:78:6f:24:
                    7c:51:a7:62:20:e0:75:99:22:72:6a:78:07:1b:27:
                    3a:31:76:b7:e1:c3:5e:04:6c:1a:20:79:33:96:fd:
                    ee:53:95:21:6b:97:ff:48:95:e2:f6:a9:1b:5e:ab:
                    0a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:7A:97:66:14:4C:C9:82:C4:87:1C:D5:87:71:A3:DF:AB:3F:3E:1D
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/JXqXZhRMyYLEhxzVh3Gj36s_Ph0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:4f:c1:f5:c9:b0:b9:51:35:29:08:eb:32:ed:07:84:ed:22:
         70:b2:6a:52:9a:df:f7:4d:6d:26:03:3e:58:b3:a5:6b:33:05:
         14:ec:50:f3:a4:43:2c:d0:a9:48:3b:d4:a5:4b:36:97:69:4c:
         c1:1c:75:d0:8f:b4:9d:4d:53:8f:11:59:f2:d4:9c:08:38:c3:
         6d:bd:ca:b4:97:3f:d1:48:a4:55:9b:5f:17:cb:ae:25:cc:84:
         50:06:a6:5b:e1:4f:42:7c:81:d3:58:8f:39:6f:f7:37:5f:12:
         2a:6d:70:16:4d:01:93:9f:67:4f:c0:d9:52:ad:c9:0f:d8:2d:
         a1:50:06:08:81:40:d2:d7:83:e2:6b:8f:6e:27:55:d9:07:44:
         46:e2:68:48:bc:6a:37:0a:59:08:b1:37:ed:51:5e:b5:e8:6a:
         79:a5:10:10:35:bd:cf:45:8a:2f:1a:03:fa:28:ce:74:79:08:
         d6:ef:c4:61:88:f1:10:b4:b3:12:4c:65:11:84:c9:69:68:d5:
         eb:e0:f0:d1:e3:a5:6e:6b:6b:4b:09:70:e0:87:60:2a:56:61:
         d3:6b:95:89:d3:19:53:63:0f:a1:b4:eb:ad:5c:f5:d1:6f:b6:
         59:77:39:bb:22:89:f2:c4:d1:d1:f8:df:b9:2f:d7:e4:23:0c:
         5b:72:7d:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WrlsN479tNlN5DTkgyrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjYwMTAxMTYxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTdhOTc2NjE0NGNjOTgyYzQ4NzFjZDU4NzcxYTNkZmFiM2YzZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb3V3NwGxqFdlQDVowI0M9zK4dS8
wrx39T+Qlx1vhDWmqdn3gtsja2K14UxTvRtm32wVhF7ZnaHYdzg8guz8OTVKU6sM
GiIRDU8VEY9b4vGsVUljlQv8/9pmPsHWctZE3cuFAlCQc/1V2HxlVrsy2CDW74Hn
LiFRUAvhikmsgZg9btHBQIm86WR3Sa7qnd50kPMjJ8r7xOWpJwUBB36OZFIZNnsD
cCWDwll+ciBnN1aLxqLgjpcm3hBk3+qOV8mZwj299v/p7VFdWdS6vTt4byR8Uadi
IOB1mSJyangHGyc6MXa34cNeBGwaIHkzlv3uU5Uha5f/SJXi9qkbXqsKbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCV6l2YUTMmCxIcc1Ydxo9+rPz4dMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvSlhxWFpoUk15WUxFaHh6VmgzR2ozNnNfUGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ5eMA0G
CSqGSIb3DQEBCwUAA4IBAQCRT8H1ybC5UTUpCOsy7QeE7SJwsmpSmt/3TW0mAz5Y
s6VrMwUU7FDzpEMs0KlIO9SlSzaXaUzBHHXQj7SdTVOPEVny1JwIOMNtvcq0lz/R
SKRVm18Xy64lzIRQBqZb4U9CfIHTWI85b/c3XxIqbXAWTQGTn2dPwNlSrckP2C2h
UAYIgUDS14Pia49uJ1XZB0RG4mhIvGo3ClkIsTftUV616Gp5pRAQNb3PRYovGgP6
KM50eQjW78RhiPEQtLMSTGURhMlpaNXr4PDR46Vua2tLCXDgh2AqVmHTa5WJ0xlT
Yw+htOutXPXRb7ZZdzm7IonyxNHR+N+5L9fkIwxbcn1+
-----END CERTIFICATE-----