This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/jsXELPdejHRc_StksmQBdjGf48w.roa
File:                     jsXELPdejHRc_StksmQBdjGf48w.roa (raw, json)
Hash identifier:          0hTs4mivA0cGoX4BspgxAsBIP4dOaRrxUzvBLZAMeTs=
Subject key identifier:   8E:C5:C4:2C:F7:5E:8C:74:5C:FD:2B:64:B2:64:01:76:31:9F:E3:CC
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       019B7B355287B26ABAA29C26C49494BC2DA6
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/jsXELPdejHRc_StksmQBdjGf48w.roa
Signing time:             Thu 01 Jan 2026 20:17:30 +0000
ROA not before:           Thu 01 Jan 2026 20:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213094
IP address blocks:        185.74.52.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:52:87:b2:6a:ba:a2:9c:26:c4:94:94:bc:2d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Jan  1 20:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ec5c42cf75e8c745cfd2b64b2640176319fe3cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:93:eb:9d:7d:e8:48:79:b1:ab:b7:ad:6c:37:
                    32:3e:d9:8c:fd:43:e5:51:82:ac:1b:f7:92:d3:a1:
                    80:6b:86:5d:0f:22:5d:67:e1:89:d6:90:2c:0a:e1:
                    d5:6b:1a:a0:e3:2e:08:d4:d4:8f:27:49:ba:58:09:
                    90:5e:cd:60:1b:f9:a2:c8:ba:99:94:8b:a7:99:ce:
                    c1:ca:da:20:0b:e1:42:31:38:cb:01:d9:b9:35:ac:
                    0b:b4:8c:41:fe:75:74:df:b6:1c:0a:60:46:4f:ac:
                    f7:6d:2c:bf:ec:46:16:d0:2e:ba:11:df:81:90:57:
                    3a:25:e5:9d:e3:d2:ee:af:ac:04:8e:fc:64:b5:da:
                    a7:90:8c:d4:0f:48:c0:d1:bb:70:89:43:20:7c:45:
                    4f:0f:b4:81:fe:9b:08:d7:b0:eb:55:7a:f9:36:ad:
                    a2:02:37:5f:f8:c2:b7:76:f9:1c:9e:05:9a:7c:63:
                    b1:e2:14:06:b4:48:7a:5a:df:d1:2e:20:77:3a:de:
                    ce:da:ad:b5:d7:18:45:d6:59:64:e8:55:55:d9:e1:
                    72:b4:78:68:ec:8c:20:09:9b:d7:ba:f7:98:98:8a:
                    d4:1a:91:60:1d:d5:71:e6:de:17:e7:e5:25:af:66:
                    b1:45:01:1f:7f:fe:7d:57:79:b2:97:9b:8f:85:e6:
                    f9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:C5:C4:2C:F7:5E:8C:74:5C:FD:2B:64:B2:64:01:76:31:9F:E3:CC
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/jsXELPdejHRc_StksmQBdjGf48w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:7f:01:b3:e3:a9:46:a7:69:9c:a2:cf:5e:f1:6a:32:ca:8f:
         8e:55:f0:cf:a1:48:63:b3:7b:ac:c9:6f:94:a0:49:8f:81:36:
         7f:4e:49:51:e5:33:53:8e:61:56:da:a7:1f:68:b7:55:82:b5:
         3e:bc:2a:56:22:a1:35:f4:be:b2:5e:ce:54:fc:52:8f:25:0a:
         eb:50:90:0b:f5:da:8f:de:4b:df:19:43:8f:7e:c7:97:d5:42:
         7e:63:10:e4:a4:ce:e8:dd:78:ca:48:f7:fb:81:d1:ef:91:83:
         fb:64:14:d9:84:8a:19:f5:ba:2d:d6:11:71:29:0a:64:d7:ca:
         e3:9d:3c:13:a9:b4:04:96:01:81:40:45:e2:81:01:ef:09:f8:
         b3:2e:a3:8c:43:b9:5c:9e:f3:ac:1e:84:82:33:51:3a:a9:9b:
         99:6a:e3:7a:d4:91:4d:b1:12:98:e1:ca:18:a6:60:cf:fd:ab:
         2a:f3:fe:7f:84:c6:bf:37:e5:11:43:da:8a:4c:44:0c:7b:1f:
         5d:5f:c3:f3:c9:fc:50:17:8c:f0:12:2d:bb:96:fd:dd:9a:9b:
         f0:c6:a6:68:41:25:08:65:c7:90:6e:9a:ad:09:28:5f:6f:fc:
         5b:08:67:e4:7f:85:a7:7d:82:6e:7c:76:0f:32:3e:cf:22:4c:
         ba:e0:4f:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NVKHsmq6opwmxJSUvC2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjYwMTAxMjAxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWM1YzQyY2Y3NWU4Yzc0NWNmZDJiNjRiMjY0MDE3NjMxOWZlM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pPrnX3oSHmxq7etbDcyPtmM/UPl
UYKsG/eS06GAa4ZdDyJdZ+GJ1pAsCuHVaxqg4y4I1NSPJ0m6WAmQXs1gG/miyLqZ
lIunmc7BytogC+FCMTjLAdm5NawLtIxB/nV037YcCmBGT6z3bSy/7EYW0C66Ed+B
kFc6JeWd49Lur6wEjvxktdqnkIzUD0jA0btwiUMgfEVPD7SB/psI17DrVXr5Nq2i
Ajdf+MK3dvkcngWafGOx4hQGtEh6Wt/RLiB3Ot7O2q211xhF1llk6FVV2eFytHho
7IwgCZvXuveYmIrUGpFgHdVx5t4X5+Ulr2axRQEff/59V3myl5uPheb52QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7FxCz3Xox0XP0rZLJkAXYxn+PMMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvanNYRUxQZGVqSFJjX1N0a3NtUUJkakdmNDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUo0MA0G
CSqGSIb3DQEBCwUAA4IBAQAbfwGz46lGp2mcos9e8Woyyo+OVfDPoUhjs3usyW+U
oEmPgTZ/TklR5TNTjmFW2qcfaLdVgrU+vCpWIqE19L6yXs5U/FKPJQrrUJAL9dqP
3kvfGUOPfseX1UJ+YxDkpM7o3XjKSPf7gdHvkYP7ZBTZhIoZ9bot1hFxKQpk18rj
nTwTqbQElgGBQEXigQHvCfizLqOMQ7lcnvOsHoSCM1E6qZuZauN61JFNsRKY4coY
pmDP/asq8/5/hMa/N+URQ9qKTEQMex9dX8PzyfxQF4zwEi27lv3dmpvwxqZoQSUI
ZceQbpqtCShfb/xbCGfkf4WnfYJufHYPMj7PIky64E8O
-----END CERTIFICATE-----