This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/iQgCqwK7l4P2GKdSjJc-dEwoUDE.roa
File:                     iQgCqwK7l4P2GKdSjJc-dEwoUDE.roa (raw, json)
Hash identifier:          6ZaHwDSQPPYhJ5ldPXpCjzOWcdqBA9Sc4lSpH6CyEmw=
Subject key identifier:   89:08:02:AB:02:BB:97:83:F6:18:A7:52:8C:97:3E:74:4C:28:50:31
Certificate issuer:       /CN=68b22eea4a4a3b81654a227eda94e0e75937b015
Certificate serial:       019B783533B227E015EF11C1B3BF8F126195
Authority key identifier: 68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/iQgCqwK7l4P2GKdSjJc-dEwoUDE.roa
Signing time:             Thu 01 Jan 2026 06:18:30 +0000
ROA not before:           Thu 01 Jan 2026 06:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208972
IP address blocks:        185.252.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:33:b2:27:e0:15:ef:11:c1:b3:bf:8f:12:61:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68b22eea4a4a3b81654a227eda94e0e75937b015
        Validity
            Not Before: Jan  1 06:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=890802ab02bb9783f618a7528c973e744c285031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ed:cc:b1:f9:bf:55:3e:83:8b:10:5b:da:c0:
                    3a:97:5d:7c:8c:04:29:f6:58:3c:73:c7:fd:72:6a:
                    93:15:ba:76:e9:3a:bb:3a:09:1f:ca:33:b0:39:6e:
                    d5:3e:57:15:4f:b4:f3:58:1d:5e:aa:d3:08:f8:2d:
                    e6:6a:1f:c5:61:b3:d1:79:c5:8a:da:98:4f:80:d2:
                    d7:9f:77:38:92:8f:17:f3:60:ec:a6:30:b2:38:b7:
                    21:22:ff:2c:29:3a:b7:76:4b:aa:aa:b6:7b:ca:c3:
                    17:18:2b:1c:b3:83:50:68:74:18:26:81:44:0d:90:
                    22:f3:76:dd:3d:a4:e5:f8:95:fc:fc:1c:be:43:a0:
                    f4:a6:ff:a8:35:25:d5:3d:69:0c:cf:62:d7:21:23:
                    f9:08:e6:be:c1:f7:90:32:66:e3:03:53:a9:c7:c8:
                    06:dd:2e:b5:94:55:9b:fc:46:54:34:d1:92:38:28:
                    7b:99:3a:94:21:f1:5c:33:a3:9c:c9:36:97:f1:f1:
                    2d:1f:17:d2:47:2a:bd:89:19:d4:87:a5:c6:1d:18:
                    ff:fc:ca:7e:01:4f:ac:29:ee:dc:c3:d4:da:8e:85:
                    0c:d6:f8:a1:cc:28:0d:84:70:a0:87:dc:27:ae:a5:
                    36:34:e3:50:f6:18:2e:86:f9:ec:59:10:7f:98:8e:
                    4e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:08:02:AB:02:BB:97:83:F6:18:A7:52:8C:97:3E:74:4C:28:50:31
            X509v3 Authority Key Identifier:
                keyid:68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/iQgCqwK7l4P2GKdSjJc-dEwoUDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:28:0a:27:3c:a3:39:bd:3c:84:0c:68:4b:67:33:33:0c:ce:
         1d:e6:9e:5f:a3:9a:11:16:d1:e4:af:71:dd:a0:71:c1:ea:fe:
         27:6a:a5:f4:be:4c:c7:a4:16:9a:ff:21:cf:fd:94:f0:01:23:
         91:d7:9b:46:f8:ae:12:48:91:41:ca:a3:6a:ab:94:35:b2:93:
         81:67:80:9b:ad:85:f7:96:c0:c5:49:94:2b:45:8d:16:34:bb:
         90:7a:0b:8b:eb:b9:df:5b:20:14:25:79:6b:e0:5f:f8:41:ce:
         40:9d:b7:fb:6f:55:cd:14:12:8a:7a:16:f0:ed:46:77:df:b0:
         12:ca:d8:41:d4:59:85:3e:ef:d4:3e:b1:bf:b6:b8:2e:61:95:
         09:d0:31:f3:dc:b2:9a:35:ba:4f:89:b9:02:6d:c1:af:2e:6a:
         86:a1:c4:44:72:3e:3f:59:ba:e0:11:04:3c:41:ca:63:eb:e2:
         c1:25:d0:6a:d1:ea:a3:ad:55:b7:37:18:6c:12:75:0b:87:95:
         6b:aa:56:5b:e5:3b:56:78:1e:f6:26:18:2d:05:0a:34:53:92:
         d1:0e:76:16:6d:f9:6c:22:e4:d9:68:94:6e:80:1b:57:2a:28:
         a2:02:ba:29:83:8c:be:45:40:66:9c:10:1a:34:b5:8d:5d:0e:
         2f:8a:52:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NTOyJ+AV7xHBs7+PEmGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YjIyZWVhNGE0YTNiODE2NTRhMjI3ZWRhOTRlMGU3NTkz
N2IwMTUwHhcNMjYwMTAxMDYxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTA4MDJhYjAyYmI5NzgzZjYxOGE3NTI4Yzk3M2U3NDRjMjg1MDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+3Msfm/VT6DixBb2sA6l118jAQp
9lg8c8f9cmqTFbp26Tq7OgkfyjOwOW7VPlcVT7TzWB1eqtMI+C3mah/FYbPRecWK
2phPgNLXn3c4ko8X82DspjCyOLchIv8sKTq3dkuqqrZ7ysMXGCscs4NQaHQYJoFE
DZAi83bdPaTl+JX8/By+Q6D0pv+oNSXVPWkMz2LXISP5COa+wfeQMmbjA1Opx8gG
3S61lFWb/EZUNNGSOCh7mTqUIfFcM6OcyTaX8fEtHxfSRyq9iRnUh6XGHRj//Mp+
AU+sKe7cw9TajoUM1vihzCgNhHCgh9wnrqU2NONQ9hguhvnsWRB/mI5O2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkIAqsCu5eD9hinUoyXPnRMKFAxMB8GA1UdIwQY
MBaAFGiyLupKSjuBZUoiftqU4OdZN7AVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2It
MmI2NWE3YThiZThjLzEvaVFnQ3F3SzdsNFAyR0tkU2pKYy1kRXdvVURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2ItMmI2NWE3YThiZThj
LzEvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufxyMA0G
CSqGSIb3DQEBCwUAA4IBAQBwKAonPKM5vTyEDGhLZzMzDM4d5p5fo5oRFtHkr3Hd
oHHB6v4naqX0vkzHpBaa/yHP/ZTwASOR15tG+K4SSJFByqNqq5Q1spOBZ4CbrYX3
lsDFSZQrRY0WNLuQeguL67nfWyAUJXlr4F/4Qc5Anbf7b1XNFBKKehbw7UZ337AS
ythB1FmFPu/UPrG/trguYZUJ0DHz3LKaNbpPibkCbcGvLmqGocREcj4/WbrgEQQ8
Qcpj6+LBJdBq0eqjrVW3NxhsEnULh5VrqlZb5TtWeB72JhgtBQo0U5LRDnYWbfls
IuTZaJRugBtXKiiiAropg4y+RUBmnBAaNLWNXQ4vilK/
-----END CERTIFICATE-----