This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/fsorRjNLpV567Bfhzvrah76aFJM.roa
File:                     fsorRjNLpV567Bfhzvrah76aFJM.roa (raw, json)
Hash identifier:          j4qP9CY0ItXZav1pWfPGEd7YIBpId1LZ5wWL7A5xDlc=
Subject key identifier:   7E:CA:2B:46:33:4B:A5:5E:7A:EC:17:E1:CE:FA:DA:87:BE:9A:14:93
Certificate issuer:       /CN=aa9e86a76bddc1203a029d31475d3ebc57d90a41
Certificate serial:       019B7DCA0430F1D24F477802618B353ED74F
Authority key identifier: AA:9E:86:A7:6B:DD:C1:20:3A:02:9D:31:47:5D:3E:BC:57:D9:0A:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/fsorRjNLpV567Bfhzvrah76aFJM.roa
Signing time:             Fri 02 Jan 2026 08:19:09 +0000
ROA not before:           Fri 02 Jan 2026 08:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57866
IP address blocks:        185.114.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:04:30:f1:d2:4f:47:78:02:61:8b:35:3e:d7:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa9e86a76bddc1203a029d31475d3ebc57d90a41
        Validity
            Not Before: Jan  2 08:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7eca2b46334ba55e7aec17e1cefada87be9a1493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:90:b1:e2:cf:c6:0e:a2:35:3d:19:ee:5f:9c:
                    f7:55:9e:d5:a4:42:1d:77:ae:06:1e:33:8f:e9:9e:
                    98:c9:34:a8:93:65:36:9c:82:f3:ed:85:d4:4e:dd:
                    7d:c9:f8:2e:38:0d:e9:ba:fd:e6:84:8b:ae:a9:96:
                    61:5f:c3:3a:94:37:cf:c6:52:b0:0b:b1:29:df:dd:
                    0d:f4:37:19:1a:e0:f1:ca:77:b9:7c:98:a6:af:cf:
                    2f:ba:fb:85:25:ac:42:58:ae:b0:26:e9:ae:55:d3:
                    9e:f7:db:2f:34:4c:4c:3b:1a:e6:81:30:b1:51:e5:
                    1b:fe:66:65:0f:74:d1:bd:cf:12:1b:d0:ca:99:92:
                    5d:7d:a0:58:87:ad:f1:1d:26:ce:e2:ff:0b:f7:35:
                    19:cb:6d:67:29:2e:70:3a:c5:35:8e:f8:b8:56:27:
                    48:31:45:8d:69:11:e9:f3:d0:35:57:5b:15:a0:03:
                    2f:1d:d8:d4:bd:f3:fc:cb:67:a3:de:57:96:e8:c4:
                    e0:24:2b:c9:3e:d3:cb:75:45:43:4d:50:97:d4:83:
                    cd:76:3f:64:70:e8:dd:cb:29:f8:7f:b2:01:cd:03:
                    e3:db:33:c3:8d:80:ee:97:bf:52:bc:5a:0f:0f:a4:
                    63:da:c4:58:92:b2:59:9c:6e:50:ae:31:4e:10:3a:
                    be:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CA:2B:46:33:4B:A5:5E:7A:EC:17:E1:CE:FA:DA:87:BE:9A:14:93
            X509v3 Authority Key Identifier:
                keyid:AA:9E:86:A7:6B:DD:C1:20:3A:02:9D:31:47:5D:3E:BC:57:D9:0A:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/fsorRjNLpV567Bfhzvrah76aFJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:3f:96:0e:16:1d:b3:dd:18:7c:55:c4:7b:f2:8d:07:33:d3:
         2a:8d:ae:ec:23:aa:27:33:60:da:e5:f5:94:37:a0:2f:01:02:
         3b:35:25:1b:2b:a0:b9:8c:c8:ac:84:5f:67:1b:42:ca:a9:9a:
         bd:ab:38:f9:c2:59:df:9d:cf:a6:a8:05:9f:5d:95:f2:dc:80:
         56:07:77:0b:60:a1:aa:d3:c4:30:27:c3:8b:7d:3d:1c:35:94:
         73:d5:5d:ae:8a:aa:e8:09:29:2e:4e:11:b8:3e:56:66:63:43:
         7c:d2:f6:2a:3c:3c:77:b5:ce:bc:d0:8e:df:cb:1c:64:9b:7a:
         a0:0b:7e:66:b7:9f:80:51:17:16:df:49:21:05:39:5f:00:a8:
         b5:7c:d8:43:ee:ed:f8:54:cb:13:dc:95:2b:b6:94:bf:c5:4e:
         ed:39:d9:20:69:66:0a:c0:a1:31:72:b6:be:52:ca:b3:71:b8:
         47:84:8e:cf:2d:64:f6:8c:1d:ec:53:d8:f3:98:a3:e3:0b:52:
         9a:d5:bd:bf:2c:07:1c:6e:b0:99:91:3a:44:31:a6:a0:3f:b4:
         85:a4:68:da:28:75:90:cd:70:76:34:8f:e1:00:b5:45:82:97:
         2c:63:12:27:b5:05:00:d3:94:b6:73:90:13:fa:a4:75:b5:0d:
         05:12:6b:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ygQw8dJPR3gCYYs1PtdPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOWU4NmE3NmJkZGMxMjAzYTAyOWQzMTQ3NWQzZWJjNTdk
OTBhNDEwHhcNMjYwMTAyMDgxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNhMmI0NjMzNGJhNTVlN2FlYzE3ZTFjZWZhZGE4N2JlOWExNDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJCx4s/GDqI1PRnuX5z3VZ7VpEId
d64GHjOP6Z6YyTSok2U2nILz7YXUTt19yfguOA3puv3mhIuuqZZhX8M6lDfPxlKw
C7Ep390N9DcZGuDxyne5fJimr88vuvuFJaxCWK6wJumuVdOe99svNExMOxrmgTCx
UeUb/mZlD3TRvc8SG9DKmZJdfaBYh63xHSbO4v8L9zUZy21nKS5wOsU1jvi4VidI
MUWNaRHp89A1V1sVoAMvHdjUvfP8y2ej3leW6MTgJCvJPtPLdUVDTVCX1IPNdj9k
cOjdyyn4f7IBzQPj2zPDjYDul79SvFoPD6Rj2sRYkrJZnG5QrjFOEDq+KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7KK0YzS6VeeuwX4c762oe+mhSTMB8GA1UdIwQY
MBaAFKqehqdr3cEgOgKdMUddPrxX2QpBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXA2R3AydmR3U0E2QXAweFIxMC12RmZaQ2tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9iOTQ4MzEtNjViYi00MDZiLTg0YzQt
MDNiMGVlYzdmZjI5LzEvZnNvclJqTkxwVjU2N0JmaHp2cmFoNzZhRkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9iOTQ4MzEtNjViYi00MDZiLTg0YzQtMDNiMGVlYzdmZjI5
LzEvcXA2R3AydmR3U0E2QXAweFIxMC12RmZaQ2tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXLsMA0G
CSqGSIb3DQEBCwUAA4IBAQBwP5YOFh2z3Rh8VcR78o0HM9Mqja7sI6onM2Da5fWU
N6AvAQI7NSUbK6C5jMishF9nG0LKqZq9qzj5wlnfnc+mqAWfXZXy3IBWB3cLYKGq
08QwJ8OLfT0cNZRz1V2uiqroCSkuThG4PlZmY0N80vYqPDx3tc680I7fyxxkm3qg
C35mt5+AURcW30khBTlfAKi1fNhD7u34VMsT3JUrtpS/xU7tOdkgaWYKwKExcra+
UsqzcbhHhI7PLWT2jB3sU9jzmKPjC1Ka1b2/LAccbrCZkTpEMaagP7SFpGjaKHWQ
zXB2NI/hALVFgpcsYxIntQUA05S2c5AT+qR1tQ0FEmu0
-----END CERTIFICATE-----