This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/1-fuWQ0J7N3Mc1-LpV47OkEYJ6Pg.roa
File:                     1-fuWQ0J7N3Mc1-LpV47OkEYJ6Pg.roa (raw, json)
Hash identifier:          d64kZTOMQS3ywmOiCwM9goS+Zs55OgLIp48OWiE2tqI=
Subject key identifier:   F9:FB:96:43:42:7B:37:73:1C:D7:E2:E9:57:8E:CE:90:46:09:E8:F8
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       019B7FF278178AD0D924333AA670380C8E7B
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/1-fuWQ0J7N3Mc1-LpV47OkEYJ6Pg.roa
Signing time:             Fri 02 Jan 2026 18:22:35 +0000
ROA not before:           Fri 02 Jan 2026 18:22:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200533
IP address blocks:        85.14.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:78:17:8a:d0:d9:24:33:3a:a6:70:38:0c:8e:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  2 18:22:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9fb9643427b37731cd7e2e9578ece904609e8f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:87:52:0a:dd:9a:91:63:35:11:4e:26:f2:33:
                    f8:1d:c1:a3:dc:f6:07:10:81:4c:03:83:6e:b8:c3:
                    98:42:74:6d:26:14:3a:57:72:60:d5:be:f2:76:fb:
                    c9:a2:3e:40:f6:a3:f3:c0:45:0b:19:f7:a6:b5:a8:
                    e0:3d:70:1a:da:cd:03:b1:ce:90:d3:f5:65:a4:c0:
                    fc:60:e3:1c:e9:ba:8d:01:41:69:1b:bd:6f:31:17:
                    3d:b2:2f:cd:2f:f8:44:9c:8e:e4:95:a3:80:be:34:
                    1a:28:13:ed:29:00:a2:d7:8b:48:4f:5b:ed:c2:06:
                    af:54:07:d4:d0:ad:8b:02:1e:c6:c7:3c:17:59:e4:
                    19:0a:53:49:bc:66:2f:0a:d5:d8:61:77:25:ba:57:
                    4e:0c:c2:ba:04:2e:60:f8:3e:8e:51:73:1d:14:3d:
                    3f:a4:a5:c6:aa:10:82:83:bc:70:41:42:14:4b:16:
                    dc:95:5b:b0:4a:56:02:a5:3c:e3:76:2e:32:9b:c2:
                    7b:8b:7b:fb:b7:af:70:18:5d:85:3e:72:bd:c6:fd:
                    d7:72:a5:b6:38:eb:7f:b7:2f:ee:56:01:d3:50:c7:
                    58:17:08:37:11:bf:ec:80:19:e6:0d:25:97:e9:36:
                    e5:c6:2e:fb:6d:36:15:29:08:ca:81:84:42:0d:f7:
                    6e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FB:96:43:42:7B:37:73:1C:D7:E2:E9:57:8E:CE:90:46:09:E8:F8
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/1-fuWQ0J7N3Mc1-LpV47OkEYJ6Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:a0:1a:cc:69:b1:47:8e:e5:ad:68:b3:06:09:9f:00:4f:d6:
         ef:bd:2c:bd:ed:57:41:e4:6b:a0:a2:63:a7:74:ff:23:90:c0:
         df:74:c6:53:7c:c6:70:a3:83:f8:0a:6b:50:d0:19:0d:f1:82:
         66:c6:c4:bb:75:51:c4:f9:46:f6:85:a6:74:12:1b:40:b9:e1:
         d8:dd:99:06:fb:1d:0e:05:90:6f:37:7b:8d:26:c7:3c:a1:0a:
         09:cb:ad:dd:e6:d4:29:54:26:20:5b:79:42:4c:4f:8d:0c:5a:
         7f:f6:fb:2b:65:78:60:95:fc:25:42:24:1c:ac:d0:b1:f0:ac:
         a7:8e:4e:86:df:ec:5f:7c:32:25:6b:00:de:e3:3f:60:a0:ed:
         f6:ce:d6:98:d8:e8:7b:bc:d1:82:e3:06:a3:ed:ce:36:c3:a2:
         f6:16:5a:3f:da:f4:40:e5:74:b6:4e:65:cc:ed:8f:3d:26:0e:
         0b:6d:f4:4a:2c:18:3b:81:27:7f:b6:5a:3d:83:2c:85:a5:d5:
         09:4c:12:74:b7:98:0d:70:a7:28:4c:b5:82:fb:0a:ac:db:41:
         3a:74:14:1a:a0:44:52:0b:30:21:20:be:ba:2a:5f:86:a9:3f:
         86:9e:dc:b4:cd:f9:e3:80:f8:0a:c6:85:da:6b:af:37:43:40:
         ca:25:cc:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/8ngXitDZJDM6pnA4DI57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjYwMTAyMTgyMjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWZiOTY0MzQyN2IzNzczMWNkN2UyZTk1NzhlY2U5MDQ2MDllOGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIdSCt2akWM1EU4m8jP4HcGj3PYH
EIFMA4NuuMOYQnRtJhQ6V3Jg1b7ydvvJoj5A9qPzwEULGfemtajgPXAa2s0Dsc6Q
0/VlpMD8YOMc6bqNAUFpG71vMRc9si/NL/hEnI7klaOAvjQaKBPtKQCi14tIT1vt
wgavVAfU0K2LAh7GxzwXWeQZClNJvGYvCtXYYXcluldODMK6BC5g+D6OUXMdFD0/
pKXGqhCCg7xwQUIUSxbclVuwSlYCpTzjdi4ym8J7i3v7t69wGF2FPnK9xv3XcqW2
OOt/ty/uVgHTUMdYFwg3Eb/sgBnmDSWX6Tblxi77bTYVKQjKgYRCDfduUQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn7lkNCezdzHNfi6VeOzpBGCej4MB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvMS1mdVdRMEo3TjNNYzEtTHBWNDdPa0VZSjZQZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2EvOTY5OTYyLTEyZDMtNDFiMi1hYjQzLWIyN2Q2ZTI3OGUx
OC8xL1FRU2tDQ0hFRjJ6RUxpVmU5c0Z5ZEhQRDhBby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFUOBzAN
BgkqhkiG9w0BAQsFAAOCAQEANqAazGmxR47lrWizBgmfAE/W770sve1XQeRroKJj
p3T/I5DA33TGU3zGcKOD+AprUNAZDfGCZsbEu3VRxPlG9oWmdBIbQLnh2N2ZBvsd
DgWQbzd7jSbHPKEKCcut3ebUKVQmIFt5QkxPjQxaf/b7K2V4YJX8JUIkHKzQsfCs
p45Oht/sX3wyJWsA3uM/YKDt9s7WmNjoe7zRguMGo+3ONsOi9hZaP9r0QOV0tk5l
zO2PPSYOC230SiwYO4Enf7ZaPYMshaXVCUwSdLeYDXCnKEy1gvsKrNtBOnQUGqBE
UgswISC+uipfhqk/hp7ctM3544D4CsaF2muvN0NAyiXM1Q==
-----END CERTIFICATE-----