This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/iAjz_7XGgeyKjKOC5mMhN8Ql2MM.roa
File:                     iAjz_7XGgeyKjKOC5mMhN8Ql2MM.roa (raw, json)
Hash identifier:          9fe4RXvq0cI0elK7H6sALndgETw3KtEVWMKky23SlPU=
Subject key identifier:   88:08:F3:FF:B5:C6:81:EC:8A:8C:A3:82:E6:63:21:37:C4:25:D8:C3
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       019B7AC85FBB88CBF5148E1355813FBB6A28
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/iAjz_7XGgeyKjKOC5mMhN8Ql2MM.roa
Signing time:             Thu 01 Jan 2026 18:18:30 +0000
ROA not before:           Thu 01 Jan 2026 18:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273478
IP address blocks:        185.14.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 04:45:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:5f:bb:88:cb:f5:14:8e:13:55:81:3f:bb:6a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Jan  1 18:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8808f3ffb5c681ec8a8ca382e6632137c425d8c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:28:bf:f0:12:ae:f4:27:9e:0a:53:85:3f:31:
                    4d:c7:13:3d:95:ed:8e:76:90:3b:a7:63:f1:ad:42:
                    d0:0d:d6:82:f7:f3:bb:11:c1:0a:06:64:b0:b5:7c:
                    0a:af:04:e3:6d:04:1e:0a:d8:7e:10:3a:14:10:87:
                    18:d6:a8:ea:cf:13:71:6d:fe:29:99:cd:78:7e:97:
                    2c:b1:1e:10:0f:d5:15:ad:1f:77:cf:d1:da:50:a5:
                    cf:e4:af:c9:37:01:36:8a:7c:13:6a:89:bd:85:bd:
                    1b:76:3a:2c:ac:97:d6:92:2c:0a:74:96:83:3c:d5:
                    0f:65:6a:9a:ff:0d:90:34:b3:dc:c2:2f:35:02:f7:
                    9a:64:fc:03:00:44:a5:3c:12:97:1f:1c:41:63:ac:
                    73:c9:b9:97:46:23:54:51:fa:f6:53:bc:6b:fa:4f:
                    da:90:9f:22:fa:46:b8:97:1e:76:f0:8d:e7:1c:a8:
                    25:31:84:0b:7f:3e:57:d2:0d:de:8e:b0:5a:b7:76:
                    b0:be:24:3d:26:55:e4:6c:1d:86:dd:8f:db:e7:8f:
                    e7:13:01:3c:dc:f0:12:56:b7:9e:71:4e:ed:b3:38:
                    7f:1e:9d:f2:01:ac:1e:9e:bb:3d:78:cb:c9:ed:c8:
                    42:ec:c4:e6:a0:15:ae:5a:37:32:e9:5f:2e:cc:6c:
                    89:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:08:F3:FF:B5:C6:81:EC:8A:8C:A3:82:E6:63:21:37:C4:25:D8:C3
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/iAjz_7XGgeyKjKOC5mMhN8Ql2MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:ec:e1:a3:88:a9:91:28:dd:80:0a:7d:b3:dc:29:5c:93:74:
         82:e8:f6:d1:32:52:8e:a5:6a:db:8f:68:30:fe:f4:48:de:cb:
         67:21:d1:61:12:0a:5e:2a:4c:13:c4:1d:d3:e1:1c:2d:eb:fe:
         15:23:dd:6c:c1:dd:ec:97:8f:de:da:b2:3a:37:a4:77:6d:98:
         47:89:dc:26:10:26:5b:4e:c1:c9:6f:b5:5a:20:a7:f6:5a:a2:
         98:b3:ef:c6:51:89:56:d0:20:7a:2f:6a:4f:90:90:4c:ef:ae:
         04:e3:a5:b5:98:a7:ca:11:ee:db:49:b9:87:71:75:31:37:6d:
         57:85:75:b4:df:bc:24:dc:c2:a5:42:4a:e1:e7:0a:bf:e9:56:
         33:b2:ba:96:76:ad:bd:ac:fb:6c:65:89:12:63:ce:c0:25:89:
         c8:31:1b:4a:b8:f1:a0:3c:1d:4b:ea:d7:c9:c2:39:e6:25:0a:
         71:c2:63:fa:42:e1:c5:2b:b9:c2:ac:af:8f:f9:0d:11:03:98:
         83:83:5d:c2:10:09:7b:39:55:4b:3d:bb:82:ad:fc:5b:a8:19:
         09:0f:1c:b3:f3:7a:46:27:66:8b:9d:54:c8:f8:73:74:bd:f0:
         fa:69:17:49:1e:9e:20:a4:76:fd:9d:0d:25:28:a6:5e:65:2f:
         71:3c:38:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yF+7iMv1FI4TVYE/u2ooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjYwMTAxMTgxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODA4ZjNmZmI1YzY4MWVjOGE4Y2EzODJlNjYzMjEzN2M0MjVkOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ii/8BKu9CeeClOFPzFNxxM9le2O
dpA7p2PxrULQDdaC9/O7EcEKBmSwtXwKrwTjbQQeCth+EDoUEIcY1qjqzxNxbf4p
mc14fpcssR4QD9UVrR93z9HaUKXP5K/JNwE2inwTaom9hb0bdjosrJfWkiwKdJaD
PNUPZWqa/w2QNLPcwi81AveaZPwDAESlPBKXHxxBY6xzybmXRiNUUfr2U7xr+k/a
kJ8i+ka4lx528I3nHKglMYQLfz5X0g3ejrBat3awviQ9JlXkbB2G3Y/b54/nEwE8
3PASVreecU7tszh/Hp3yAawenrs9eMvJ7chC7MTmoBWuWjcy6V8uzGyJawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgI8/+1xoHsioyjguZjITfEJdjDMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvaUFqel83WEdnZXlLaktPQzVtTWhOOFFsMk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7vMA0G
CSqGSIb3DQEBCwUAA4IBAQAy7OGjiKmRKN2ACn2z3Clck3SC6PbRMlKOpWrbj2gw
/vRI3stnIdFhEgpeKkwTxB3T4Rwt6/4VI91swd3sl4/e2rI6N6R3bZhHidwmECZb
TsHJb7VaIKf2WqKYs+/GUYlW0CB6L2pPkJBM764E46W1mKfKEe7bSbmHcXUxN21X
hXW037wk3MKlQkrh5wq/6VYzsrqWdq29rPtsZYkSY87AJYnIMRtKuPGgPB1L6tfJ
wjnmJQpxwmP6QuHFK7nCrK+P+Q0RA5iDg13CEAl7OVVLPbuCrfxbqBkJDxyz83pG
J2aLnVTI+HN0vfD6aRdJHp4gpHb9nQ0lKKZeZS9xPDgE
-----END CERTIFICATE-----