This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/jJqmq7ctfCRljbEe-rA7H6MPeAI.roa
File:                     jJqmq7ctfCRljbEe-rA7H6MPeAI.roa (raw, json)
Hash identifier:          O+1YuOF5X9Aph1d+IEQe3EcREqu8Qs7VAkwaJPtR+U0=
Subject key identifier:   8C:9A:A6:AB:B7:2D:7C:24:65:8D:B1:1E:FA:B0:3B:1F:A3:0F:78:02
Certificate issuer:       /CN=b541558181f7863119bf4a1554c75dab1f6c5292
Certificate serial:       019B7E377820A968B7044898CEBC88316F94
Authority key identifier: B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/jJqmq7ctfCRljbEe-rA7H6MPeAI.roa
Signing time:             Fri 02 Jan 2026 10:18:43 +0000
ROA not before:           Fri 02 Jan 2026 10:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49418
IP address blocks:        89.169.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:78:20:a9:68:b7:04:48:98:ce:bc:88:31:6f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b541558181f7863119bf4a1554c75dab1f6c5292
        Validity
            Not Before: Jan  2 10:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c9aa6abb72d7c24658db11efab03b1fa30f7802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:81:82:2c:8c:b1:b8:04:e2:0d:99:f1:94:40:
                    9b:e5:4f:1c:b6:dc:8b:9c:ce:cd:d9:7c:76:95:d1:
                    23:d1:83:c3:c7:7f:46:03:1a:c4:1b:0d:4a:f0:98:
                    da:32:67:21:7f:38:80:44:0e:7a:01:3c:b3:22:b4:
                    c3:32:0c:d3:9e:58:f6:39:6e:5b:c6:53:49:6b:89:
                    50:be:29:f3:90:a9:2a:aa:9b:99:7f:30:cc:6f:3b:
                    8a:15:3b:ff:9e:53:14:42:fd:1c:a2:ef:70:82:e0:
                    3d:7c:3d:5f:17:4b:b4:2e:4e:45:ad:af:ec:91:7e:
                    01:ad:31:a9:3d:0e:1a:36:8d:da:08:e8:8a:e4:96:
                    dd:67:41:a5:02:ce:dc:9d:1c:af:ea:e5:af:a4:19:
                    0e:c5:c6:79:ee:1a:cd:cb:68:26:26:13:6a:33:cb:
                    69:b2:b7:eb:b4:d1:51:87:a9:33:01:80:d8:aa:42:
                    0e:af:32:7d:59:3a:c1:2b:71:ab:7b:92:c6:ab:8d:
                    89:cc:f8:f0:ca:4c:3f:9e:86:58:96:b4:c9:f0:f6:
                    70:87:8b:73:00:41:23:45:4f:1b:12:a4:d8:77:f3:
                    dd:b4:11:0a:fb:4a:58:f1:c0:c5:f1:18:fa:fd:9d:
                    05:af:eb:32:76:76:b9:09:85:32:38:92:9f:fc:13:
                    87:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:9A:A6:AB:B7:2D:7C:24:65:8D:B1:1E:FA:B0:3B:1F:A3:0F:78:02
            X509v3 Authority Key Identifier:
                keyid:B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/jJqmq7ctfCRljbEe-rA7H6MPeAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.169.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:b5:67:52:c5:6c:61:20:0d:ba:d3:b3:d9:1c:11:0e:6c:80:
         45:61:c2:f2:92:04:27:65:53:b9:d6:85:8c:4c:d8:dc:42:2c:
         a4:be:2c:a8:73:10:c9:e4:17:af:f7:a2:e7:62:0f:f6:f0:1a:
         b8:94:e6:0b:6f:92:3c:0a:91:fe:0b:11:23:d1:df:9b:14:a1:
         83:7d:dc:17:98:5c:58:b3:11:9f:56:16:1d:f8:ac:cd:f5:e6:
         c2:69:4d:64:74:71:26:91:3a:de:f5:9d:31:64:56:d0:36:6c:
         dd:b9:d6:ac:e4:a4:aa:2d:f4:18:5b:dd:dd:46:d9:cb:04:af:
         09:b1:3c:e3:e1:9f:eb:e3:0c:f7:74:d8:1e:66:c4:99:fb:0e:
         22:6f:b5:98:49:6b:70:48:9b:df:1a:cc:ec:82:e5:35:f7:9a:
         46:cf:b1:96:4f:71:8d:92:a3:2b:55:19:2c:9c:04:6b:ff:03:
         d5:12:2d:80:8e:7c:9d:f0:92:0f:87:de:a3:09:5c:01:ec:9c:
         55:bc:98:c6:e3:1e:89:a2:6e:14:88:c2:4d:aa:ca:af:73:3a:
         09:ce:79:31:80:80:98:43:ed:98:1f:6d:0e:bd:be:87:26:e1:
         6b:b9:6d:bf:6d:80:a2:48:ad:96:82:fc:ff:f4:b7:97:96:cb:
         40:92:6d:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N3ggqWi3BEiYzryIMW+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDE1NTgxODFmNzg2MzExOWJmNGExNTU0Yzc1ZGFiMWY2
YzUyOTIwHhcNMjYwMTAyMTAxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzlhYTZhYmI3MmQ3YzI0NjU4ZGIxMWVmYWIwM2IxZmEzMGY3ODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYGCLIyxuATiDZnxlECb5U8cttyL
nM7N2Xx2ldEj0YPDx39GAxrEGw1K8JjaMmchfziARA56ATyzIrTDMgzTnlj2OW5b
xlNJa4lQvinzkKkqqpuZfzDMbzuKFTv/nlMUQv0cou9wguA9fD1fF0u0Lk5Fra/s
kX4BrTGpPQ4aNo3aCOiK5JbdZ0GlAs7cnRyv6uWvpBkOxcZ57hrNy2gmJhNqM8tp
srfrtNFRh6kzAYDYqkIOrzJ9WTrBK3Gre5LGq42JzPjwykw/noZYlrTJ8PZwh4tz
AEEjRU8bEqTYd/PdtBEK+0pY8cDF8Rj6/Z0Fr+sydna5CYUyOJKf/BOHaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIyapqu3LXwkZY2xHvqwOx+jD3gCMB8GA1UdIwQY
MBaAFLVBVYGB94YxGb9KFVTHXasfbFKSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMt
NTcxYjZjNjEyYmVjLzEvakpxbXE3Y3RmQ1JsamJFZS1yQTdINk1QZUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMtNTcxYjZjNjEyYmVj
LzEvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWakOMA0G
CSqGSIb3DQEBCwUAA4IBAQBvtWdSxWxhIA2607PZHBEObIBFYcLykgQnZVO51oWM
TNjcQiykviyocxDJ5Bev96LnYg/28Bq4lOYLb5I8CpH+CxEj0d+bFKGDfdwXmFxY
sxGfVhYd+KzN9ebCaU1kdHEmkTre9Z0xZFbQNmzdudas5KSqLfQYW93dRtnLBK8J
sTzj4Z/r4wz3dNgeZsSZ+w4ib7WYSWtwSJvfGszsguU195pGz7GWT3GNkqMrVRks
nARr/wPVEi2Ajnyd8JIPh96jCVwB7JxVvJjG4x6Jom4UiMJNqsqvczoJznkxgICY
Q+2YH20Ovb6HJuFruW2/bYCiSK2Wgvz/9LeXlstAkm1y
-----END CERTIFICATE-----