This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/PTD9xAwEKqmx4gmmtDTPK0hTyJw.roa
File:                     PTD9xAwEKqmx4gmmtDTPK0hTyJw.roa (raw, json)
Hash identifier:          ovDAPJ84DYuT4dk89ty5XzeA2lvBX0g4FHWlLvwK+L4=
Subject key identifier:   3D:30:FD:C4:0C:04:2A:A9:B1:E2:09:A6:B4:34:CF:2B:48:53:C8:9C
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       019B7AC85EB4A39CD12549B84CD08925DF0F
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/PTD9xAwEKqmx4gmmtDTPK0hTyJw.roa
Signing time:             Thu 01 Jan 2026 18:18:30 +0000
ROA not before:           Thu 01 Jan 2026 18:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        185.14.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:5e:b4:a3:9c:d1:25:49:b8:4c:d0:89:25:df:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Jan  1 18:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d30fdc40c042aa9b1e209a6b434cf2b4853c89c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5e:31:d5:00:0a:62:ba:f7:40:df:bb:8d:e1:
                    56:0b:83:7f:0f:3c:ae:12:ad:1c:26:fc:1a:fe:13:
                    60:43:fc:50:6f:1d:cd:43:96:4b:37:63:f4:f5:e1:
                    84:9f:25:45:20:04:3d:36:29:62:64:77:17:71:70:
                    38:88:cb:1a:4f:26:04:da:ba:31:ed:1b:60:a5:38:
                    85:cf:e3:f9:63:5a:7f:8c:57:3b:e4:60:b5:e0:63:
                    b9:ee:ff:be:35:0a:24:2c:e3:4d:e8:d7:8e:d6:d8:
                    a1:29:45:bb:8c:ae:fa:ed:5c:dc:94:3d:f4:0e:54:
                    a1:31:e6:1d:6e:65:8c:67:5b:83:c4:52:ab:df:6a:
                    f8:91:86:73:87:a8:10:77:64:bd:78:5a:1f:f7:a9:
                    4e:1e:b2:9a:a2:fe:c5:a8:de:5f:02:75:89:c4:ce:
                    bd:d5:27:2c:7e:24:24:a9:a1:ad:96:84:c7:9c:38:
                    d1:b6:3a:1e:4d:9c:8b:9f:c9:ad:fd:9c:00:34:1e:
                    14:fc:63:e7:1c:f3:7a:7c:ca:8f:16:8a:1f:0c:a9:
                    ed:5f:c8:7b:86:80:ef:2e:b8:5f:72:c9:07:c0:e9:
                    4d:01:12:7d:4c:c9:7e:a8:9a:b9:2c:dd:e9:2c:b3:
                    b8:41:70:a5:96:21:d4:08:8c:ae:53:46:97:d2:d6:
                    b2:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:30:FD:C4:0C:04:2A:A9:B1:E2:09:A6:B4:34:CF:2B:48:53:C8:9C
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/PTD9xAwEKqmx4gmmtDTPK0hTyJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:df:4b:fc:99:58:6d:32:2e:72:1a:1f:60:c3:8d:5a:f5:2e:
         ea:5a:5e:13:c0:aa:33:b4:05:04:86:9c:df:7c:0b:23:4f:ca:
         eb:1c:62:94:0e:af:7c:f4:5f:24:5d:93:ff:eb:f5:45:8d:ec:
         f1:36:6f:c6:18:f0:41:d7:7e:25:b3:22:bb:f3:9d:de:4f:e7:
         28:89:85:63:09:68:0d:ad:0c:08:5f:da:8a:dd:7a:25:79:88:
         a2:cf:4b:48:0f:32:94:c2:e0:b8:a5:f0:25:ab:eb:59:73:e7:
         47:61:6b:65:30:ff:22:14:15:dd:c7:bd:cd:7b:ba:02:5c:18:
         3d:40:4d:30:37:e7:c1:8f:f6:b2:75:bd:c7:7f:df:79:22:d9:
         96:b9:ff:c5:19:36:35:7c:42:f2:f0:93:8c:70:e9:47:1e:5b:
         f6:79:ea:85:bd:11:d7:fc:44:2f:ab:89:97:5a:aa:65:89:4a:
         77:bb:de:9e:33:1a:a3:86:13:8e:1c:c6:55:4a:93:2a:74:a7:
         dd:39:70:8f:be:a3:be:1f:d5:bc:d8:12:53:29:4f:2e:8e:d6:
         9d:f3:91:4f:67:ec:25:5f:2c:e1:0f:79:e5:4e:fe:e2:c1:ec:
         16:e0:15:40:bd:09:bf:ef:59:3a:50:20:5f:b9:8a:80:f6:46:
         54:96:d1:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yF60o5zRJUm4TNCJJd8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjYwMTAxMTgxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDMwZmRjNDBjMDQyYWE5YjFlMjA5YTZiNDM0Y2YyYjQ4NTNjODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV4x1QAKYrr3QN+7jeFWC4N/Dzyu
Eq0cJvwa/hNgQ/xQbx3NQ5ZLN2P09eGEnyVFIAQ9NiliZHcXcXA4iMsaTyYE2rox
7RtgpTiFz+P5Y1p/jFc75GC14GO57v++NQokLONN6NeO1tihKUW7jK767VzclD30
DlShMeYdbmWMZ1uDxFKr32r4kYZzh6gQd2S9eFof96lOHrKaov7FqN5fAnWJxM69
1ScsfiQkqaGtloTHnDjRtjoeTZyLn8mt/ZwANB4U/GPnHPN6fMqPFoofDKntX8h7
hoDvLrhfcskHwOlNARJ9TMl+qJq5LN3pLLO4QXClliHUCIyuU0aX0tay5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0w/cQMBCqpseIJprQ0zytIU8icMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvUFREOXhBd0VLcW14NGdtbXREVFBLMGhUeUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7sMA0G
CSqGSIb3DQEBCwUAA4IBAQB430v8mVhtMi5yGh9gw41a9S7qWl4TwKoztAUEhpzf
fAsjT8rrHGKUDq989F8kXZP/6/VFjezxNm/GGPBB134lsyK7853eT+coiYVjCWgN
rQwIX9qK3XoleYiiz0tIDzKUwuC4pfAlq+tZc+dHYWtlMP8iFBXdx73Ne7oCXBg9
QE0wN+fBj/aydb3Hf995ItmWuf/FGTY1fELy8JOMcOlHHlv2eeqFvRHX/EQvq4mX
WqpliUp3u96eMxqjhhOOHMZVSpMqdKfdOXCPvqO+H9W82BJTKU8ujtad85FPZ+wl
XyzhD3nlTv7iwewW4BVAvQm/71k6UCBfuYqA9kZUltEq
-----END CERTIFICATE-----