This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/bdd43f-4528-4c92-88ba-56e7f93dcdbf/1/14Ys9mltTrx3HTjwmBcjfuVTekY.roa
File:                     14Ys9mltTrx3HTjwmBcjfuVTekY.roa (raw, json)
Hash identifier:          iBB9lJSfcBZPQU6QwVO+HUBTusp2/eskLo+xXHX5mVY=
Subject key identifier:   D7:86:2C:F6:69:6D:4E:BC:77:1D:38:F0:98:17:23:7E:E5:53:7A:46
Certificate issuer:       /CN=094245ee8b5ba4c66fe2ceca64be466fc96f71ed
Certificate serial:       019B7B3684FEB5A66ED0CBC4202B565B2050
Authority key identifier: 09:42:45:EE:8B:5B:A4:C6:6F:E2:CE:CA:64:BE:46:6F:C9:6F:71:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CUJF7otbpMZv4s7KZL5Gb8lvce0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/bdd43f-4528-4c92-88ba-56e7f93dcdbf/1/14Ys9mltTrx3HTjwmBcjfuVTekY.roa
Signing time:             Thu 01 Jan 2026 20:18:49 +0000
ROA not before:           Thu 01 Jan 2026 20:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48642
IP address blocks:        178.217.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/bdd43f-4528-4c92-88ba-56e7f93dcdbf/1/CUJF7otbpMZv4s7KZL5Gb8lvce0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/bdd43f-4528-4c92-88ba-56e7f93dcdbf/1/CUJF7otbpMZv4s7KZL5Gb8lvce0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CUJF7otbpMZv4s7KZL5Gb8lvce0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:84:fe:b5:a6:6e:d0:cb:c4:20:2b:56:5b:20:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=094245ee8b5ba4c66fe2ceca64be466fc96f71ed
        Validity
            Not Before: Jan  1 20:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7862cf6696d4ebc771d38f09817237ee5537a46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ba:50:ab:5a:ad:ef:2d:5a:1e:7c:47:0d:ba:
                    4c:3d:f0:2b:a3:30:9f:6f:f0:60:12:a1:b2:07:23:
                    20:6c:65:48:68:1c:c9:3b:68:8e:43:af:cc:b4:7c:
                    3c:1d:2c:38:e8:8c:d5:68:6d:ba:83:f0:d8:3d:30:
                    f0:fe:e0:1c:ab:3b:7a:0b:86:63:32:b8:5c:7a:0b:
                    bf:cc:36:ce:54:dc:9a:61:4c:51:fe:5a:38:fb:a4:
                    9e:91:34:78:51:8f:71:5f:1c:71:11:d3:21:e7:55:
                    25:88:85:b7:8f:f0:07:1f:2d:75:6f:53:8b:a9:e3:
                    c3:40:7b:29:83:46:00:f1:cd:08:51:b6:be:67:7c:
                    32:fa:ba:46:f1:b8:77:12:40:c4:fd:a0:e4:38:7a:
                    35:3a:16:fb:c4:6b:2c:fc:ab:12:1c:cd:e2:c5:5b:
                    fa:19:40:3d:46:f7:fc:93:51:89:95:b8:6c:ef:0c:
                    cc:9f:95:e4:b1:d2:d5:cf:57:34:3c:7a:85:77:a3:
                    e8:ad:f3:4e:21:a8:a9:aa:82:38:01:8c:3e:42:04:
                    cd:5c:b7:f4:f9:a3:08:c8:8d:f3:03:94:bc:4d:a2:
                    2f:cb:6e:55:52:8e:81:39:27:56:fc:74:6d:c5:49:
                    2b:37:5a:34:dc:07:64:f1:dd:b3:da:01:e0:44:b2:
                    74:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:86:2C:F6:69:6D:4E:BC:77:1D:38:F0:98:17:23:7E:E5:53:7A:46
            X509v3 Authority Key Identifier:
                keyid:09:42:45:EE:8B:5B:A4:C6:6F:E2:CE:CA:64:BE:46:6F:C9:6F:71:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CUJF7otbpMZv4s7KZL5Gb8lvce0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/bdd43f-4528-4c92-88ba-56e7f93dcdbf/1/14Ys9mltTrx3HTjwmBcjfuVTekY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/bdd43f-4528-4c92-88ba-56e7f93dcdbf/1/CUJF7otbpMZv4s7KZL5Gb8lvce0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.217.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bd:e8:14:b0:d3:fd:44:9f:8a:24:62:e3:07:8d:30:cd:be:c6:
         4e:36:b5:80:7f:66:2a:c5:d2:fc:97:65:da:10:8e:40:9f:03:
         64:af:51:dc:f2:0e:a8:e1:6c:a9:4f:08:d8:f9:2d:e3:47:f4:
         b4:75:8d:91:f8:ea:62:3f:85:ca:cc:e6:c5:f1:48:29:df:e5:
         3f:ba:fc:89:2b:85:ea:bb:f0:e6:cb:c9:c0:1f:76:89:ac:4f:
         9f:b8:c8:15:b0:10:d2:ca:a7:43:21:d9:aa:3d:f3:7d:a1:48:
         ca:23:51:7a:d2:91:cd:85:87:19:fb:dd:0d:6d:53:97:ef:c9:
         0a:10:f0:67:04:aa:61:59:4a:2e:4c:27:7a:17:48:f8:d0:6c:
         7e:5f:4e:b6:f5:27:6a:0a:ac:44:27:f8:5d:6d:83:3a:99:3a:
         e6:51:44:d9:61:d1:2d:2f:ba:c1:46:9a:fe:90:51:52:70:34:
         ba:b8:69:22:40:4f:9f:1a:df:5a:21:59:20:a8:21:23:d2:7f:
         02:92:19:dd:31:66:fa:35:3b:06:23:60:b5:c1:a7:57:e3:65:
         35:58:ec:55:d9:6a:b0:ba:21:7d:8a:ef:7a:08:bb:a4:ec:e9:
         97:8e:9e:e3:e2:94:1c:98:ec:89:2b:9f:0a:ac:20:ae:1f:8e:
         c4:8a:1a:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NoT+taZu0MvEICtWWyBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NDI0NWVlOGI1YmE0YzY2ZmUyY2VjYTY0YmU0NjZmYzk2
ZjcxZWQwHhcNMjYwMTAxMjAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzg2MmNmNjY5NmQ0ZWJjNzcxZDM4ZjA5ODE3MjM3ZWU1NTM3YTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7pQq1qt7y1aHnxHDbpMPfArozCf
b/BgEqGyByMgbGVIaBzJO2iOQ6/MtHw8HSw46IzVaG26g/DYPTDw/uAcqzt6C4Zj
Mrhcegu/zDbOVNyaYUxR/lo4+6SekTR4UY9xXxxxEdMh51UliIW3j/AHHy11b1OL
qePDQHspg0YA8c0IUba+Z3wy+rpG8bh3EkDE/aDkOHo1Ohb7xGss/KsSHM3ixVv6
GUA9Rvf8k1GJlbhs7wzMn5XksdLVz1c0PHqFd6PorfNOIaipqoI4AYw+QgTNXLf0
+aMIyI3zA5S8TaIvy25VUo6BOSdW/HRtxUkrN1o03Adk8d2z2gHgRLJ08QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeGLPZpbU68dx048JgXI37lU3pGMB8GA1UdIwQY
MBaAFAlCRe6LW6TGb+LOymS+Rm/Jb3HtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1VKRjdvdGJwTVp2NHM3S1pMNUdiOGx2Y2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9iZGQ0M2YtNDUyOC00YzkyLTg4YmEt
NTZlN2Y5M2RjZGJmLzEvMTRZczltbHRUcngzSFRqd21CY2pmdVZUZWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9iZGQ0M2YtNDUyOC00YzkyLTg4YmEtNTZlN2Y5M2RjZGJm
LzEvQ1VKRjdvdGJwTVp2NHM3S1pMNUdiOGx2Y2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstngMA0G
CSqGSIb3DQEBCwUAA4IBAQC96BSw0/1En4okYuMHjTDNvsZONrWAf2YqxdL8l2Xa
EI5AnwNkr1Hc8g6o4WypTwjY+S3jR/S0dY2R+OpiP4XKzObF8Ugp3+U/uvyJK4Xq
u/Dmy8nAH3aJrE+fuMgVsBDSyqdDIdmqPfN9oUjKI1F60pHNhYcZ+90NbVOX78kK
EPBnBKphWUouTCd6F0j40Gx+X0629SdqCqxEJ/hdbYM6mTrmUUTZYdEtL7rBRpr+
kFFScDS6uGkiQE+fGt9aIVkgqCEj0n8CkhndMWb6NTsGI2C1wadX42U1WOxV2Wqw
uiF9iu96CLuk7OmXjp7j4pQcmOyJK58KrCCuH47Eihre
-----END CERTIFICATE-----