This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/iXtfcu1KWtIb45p4L3Zc91aLHD4.roa
File:                     iXtfcu1KWtIb45p4L3Zc91aLHD4.roa (raw, json)
Hash identifier:          EUrm6WcBA5Xj7RQU2eVwJ+wwhrqRBn/zb3ljF1u1Jf8=
Subject key identifier:   89:7B:5F:72:ED:4A:5A:D2:1B:E3:9A:78:2F:76:5C:F7:56:8B:1C:3E
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       019B7C80D7381E6D118E8F2A05C1899C5522
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/iXtfcu1KWtIb45p4L3Zc91aLHD4.roa
Signing time:             Fri 02 Jan 2026 02:19:37 +0000
ROA not before:           Fri 02 Jan 2026 02:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213440
IP address blocks:        212.52.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:d7:38:1e:6d:11:8e:8f:2a:05:c1:89:9c:55:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Jan  2 02:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=897b5f72ed4a5ad21be39a782f765cf7568b1c3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c7:0c:bb:fc:28:ae:93:7e:0f:14:49:e8:7f:
                    f6:5a:49:a6:30:2d:66:55:ff:d1:6f:d1:4b:7b:a8:
                    33:91:5c:e2:04:82:34:f7:11:ef:15:17:0e:fc:89:
                    41:b5:d7:44:8a:8e:fa:aa:d8:37:63:08:32:6f:4b:
                    ab:9b:dd:de:62:ae:16:13:aa:92:e6:7e:ef:55:2f:
                    7b:f5:72:e0:df:09:9e:20:21:fe:4e:e8:c4:15:57:
                    f1:67:11:1b:01:05:e1:72:7a:e2:66:2b:99:a9:d8:
                    e9:0d:75:9e:d7:4a:ff:1c:f0:e2:67:91:be:20:e2:
                    be:a7:14:7d:06:80:54:b3:08:9e:d4:0f:8c:ed:d9:
                    1c:3a:8f:5e:d1:26:94:a3:2b:77:89:4b:86:eb:11:
                    97:d3:da:e1:fa:33:cc:4c:1e:77:a8:ca:70:a4:03:
                    67:61:79:e5:63:1c:19:10:b1:dc:86:fe:2f:3d:d9:
                    4b:02:3e:3b:1c:29:8b:1b:73:61:a4:a4:35:22:44:
                    6c:ef:e8:50:92:1f:f5:1c:99:69:5a:0e:7f:79:91:
                    7a:6d:27:89:ff:b7:c7:59:7b:14:5b:8b:d5:bf:0b:
                    7f:8b:cc:19:cf:1b:61:06:5f:bb:9d:3d:35:35:bb:
                    03:af:e0:05:54:c3:1a:b6:5d:04:01:d8:f1:fe:7f:
                    16:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:7B:5F:72:ED:4A:5A:D2:1B:E3:9A:78:2F:76:5C:F7:56:8B:1C:3E
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/iXtfcu1KWtIb45p4L3Zc91aLHD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:05:d8:ec:8e:c0:3e:a6:e9:ed:68:f0:7a:e1:c3:3d:4b:43:
         49:91:be:c3:48:92:cd:32:ff:6f:31:27:42:8c:6a:05:55:2d:
         58:11:5c:7e:b8:cc:45:88:41:61:ce:bd:a4:b7:16:ec:29:51:
         58:f7:93:54:bc:6a:83:de:5b:86:f8:02:1b:5f:1a:3a:67:43:
         db:eb:ba:5a:58:06:7e:fc:e6:41:f6:c5:89:3c:e0:ec:b8:1a:
         db:dc:1a:dd:65:89:7f:58:4a:63:3b:89:8e:15:a6:0f:38:d8:
         c9:ff:3d:9a:77:4e:ed:1b:c1:c6:11:6e:b5:e3:73:b4:cf:82:
         d9:39:90:c0:8a:f0:bd:f5:99:27:08:c3:7c:c5:41:3f:03:c2:
         cb:51:66:a5:d0:fe:42:68:0d:85:3c:9a:38:b4:d3:88:a6:08:
         c1:2c:a5:b0:74:f2:ca:f5:49:0d:98:6c:2b:22:8a:82:ff:1e:
         f0:45:d3:53:79:6e:d8:58:61:cd:2d:80:9d:4f:b6:10:cf:5b:
         97:25:3b:c6:f6:04:8c:5e:a1:52:64:49:93:aa:e0:62:dd:b6:
         2b:79:45:72:0a:9d:f9:62:83:dc:1c:c9:30:44:d1:50:2c:ce:
         f1:87:06:a1:90:fa:40:64:e8:2a:3a:73:61:30:dd:04:0a:45:
         a0:4f:84:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gNc4Hm0Rjo8qBcGJnFUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjYwMTAyMDIxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTdiNWY3MmVkNGE1YWQyMWJlMzlhNzgyZjc2NWNmNzU2OGIxYzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8cMu/worpN+DxRJ6H/2WkmmMC1m
Vf/Rb9FLe6gzkVziBII09xHvFRcO/IlBtddEio76qtg3Ywgyb0urm93eYq4WE6qS
5n7vVS979XLg3wmeICH+TujEFVfxZxEbAQXhcnriZiuZqdjpDXWe10r/HPDiZ5G+
IOK+pxR9BoBUswie1A+M7dkcOo9e0SaUoyt3iUuG6xGX09rh+jPMTB53qMpwpANn
YXnlYxwZELHchv4vPdlLAj47HCmLG3NhpKQ1IkRs7+hQkh/1HJlpWg5/eZF6bSeJ
/7fHWXsUW4vVvwt/i8wZzxthBl+7nT01NbsDr+AFVMMatl0EAdjx/n8WxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIl7X3LtSlrSG+OaeC92XPdWixw+MB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvaVh0ZmN1MUtXdEliNDVwNEwzWmM5MWFMSEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQOMA0G
CSqGSIb3DQEBCwUAA4IBAQAvBdjsjsA+puntaPB64cM9S0NJkb7DSJLNMv9vMSdC
jGoFVS1YEVx+uMxFiEFhzr2ktxbsKVFY95NUvGqD3luG+AIbXxo6Z0Pb67paWAZ+
/OZB9sWJPODsuBrb3BrdZYl/WEpjO4mOFaYPONjJ/z2ad07tG8HGEW6143O0z4LZ
OZDAivC99ZknCMN8xUE/A8LLUWal0P5CaA2FPJo4tNOIpgjBLKWwdPLK9UkNmGwr
IoqC/x7wRdNTeW7YWGHNLYCdT7YQz1uXJTvG9gSMXqFSZEmTquBi3bYreUVyCp35
YoPcHMkwRNFQLM7xhwahkPpAZOgqOnNhMN0ECkWgT4Tv
-----END CERTIFICATE-----