This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/O3ilaHX6VJtoUZBeu1-BglPYb-I.roa
File:                     O3ilaHX6VJtoUZBeu1-BglPYb-I.roa (raw, json)
Hash identifier:          PoRHXYKRSqCrsj4FltoRS6V1gs+nJ0Qsq87ffUhtPkI=
Subject key identifier:   3B:78:A5:68:75:FA:54:9B:68:51:90:5E:BB:5F:81:82:53:D8:6F:E2
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       019B7FF2776956958F1460F3911D7E4F9734
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/O3ilaHX6VJtoUZBeu1-BglPYb-I.roa
Signing time:             Fri 02 Jan 2026 18:22:35 +0000
ROA not before:           Fri 02 Jan 2026 18:22:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198388
IP address blocks:        85.14.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:77:69:56:95:8f:14:60:f3:91:1d:7e:4f:97:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  2 18:22:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b78a56875fa549b6851905ebb5f818253d86fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c5:80:bc:40:0f:7f:7c:5f:d6:80:7c:7b:61:
                    0f:5e:33:d6:c8:e0:0a:66:4f:45:fe:cb:25:f3:56:
                    78:97:ef:c0:21:5b:24:ee:ff:d3:c2:76:37:4f:55:
                    82:22:f6:35:d1:76:2a:27:72:40:5f:c5:f0:a8:b3:
                    c6:94:99:c7:35:6f:2a:8c:db:70:33:25:1b:93:ef:
                    05:3c:e3:78:50:4b:22:12:1a:1c:91:38:d0:4a:92:
                    95:3d:40:92:23:a0:88:56:83:27:13:35:20:c5:e7:
                    ee:fb:24:cc:fc:18:bf:ea:76:32:e7:c9:b2:b0:84:
                    f4:d2:e0:91:d7:c2:68:29:57:35:6e:ce:59:c4:b3:
                    5b:59:12:72:9c:ca:43:72:89:d4:2d:cd:c4:19:ed:
                    a6:66:6f:35:55:a5:f5:03:16:1b:65:21:32:a9:7d:
                    98:83:29:69:9a:4a:f4:ad:a3:a5:e5:cb:7b:5b:a0:
                    13:7f:a5:0c:db:f8:02:de:98:d9:77:6f:aa:8e:19:
                    47:5e:ec:39:4c:cf:fb:9e:18:92:05:5f:f2:78:0e:
                    83:76:3e:57:41:9e:b9:4c:b7:0e:f5:f5:14:f9:d9:
                    72:53:bc:6c:7e:85:03:d1:e3:58:26:4f:d1:fb:62:
                    71:00:2a:b3:39:94:42:61:92:6a:46:95:62:83:ca:
                    98:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:78:A5:68:75:FA:54:9B:68:51:90:5E:BB:5F:81:82:53:D8:6F:E2
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/O3ilaHX6VJtoUZBeu1-BglPYb-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:be:20:d9:3a:a4:7a:58:89:54:95:94:54:67:08:6d:82:92:
         cd:d9:c2:74:55:6d:ac:69:cc:12:eb:99:9d:99:62:12:1c:ac:
         0c:04:4c:f8:3b:a0:a8:3f:20:a1:73:8f:5a:53:96:b9:f2:d3:
         98:f6:13:a0:49:5c:69:ba:07:a5:8e:0f:55:c2:5f:bf:92:11:
         d9:24:ab:89:88:6c:f0:97:c7:6d:b8:78:bb:44:a3:e8:e1:b1:
         35:c3:bc:ff:6f:83:35:ca:49:e9:ac:ff:49:29:31:ce:e1:11:
         8f:5c:98:50:b5:dd:a5:04:3d:49:3f:bd:10:e2:87:a5:e7:a4:
         70:4d:66:69:c3:b5:95:e3:5d:ed:4d:98:db:21:87:64:bc:24:
         8b:e2:a9:aa:bc:ba:94:81:9d:78:aa:e0:a2:74:7d:5a:30:1c:
         fa:b8:59:3d:ff:7a:cd:f2:08:d6:05:78:41:11:59:14:dd:ff:
         a5:ac:90:c3:92:35:10:54:34:fd:e9:12:a9:3f:5c:53:5c:17:
         8d:05:af:41:84:da:8f:6f:90:69:e6:3c:fb:cf:68:cc:68:c1:
         0d:3f:53:8c:0c:be:7a:4d:af:c9:ea:d2:80:57:9c:24:03:69:
         a0:e7:71:8d:28:1b:b5:71:d1:fb:74:9c:bc:fa:0a:06:9d:6c:
         da:e2:15:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8ndpVpWPFGDzkR1+T5c0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjYwMTAyMTgyMjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc4YTU2ODc1ZmE1NDliNjg1MTkwNWViYjVmODE4MjUzZDg2ZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcWAvEAPf3xf1oB8e2EPXjPWyOAK
Zk9F/ssl81Z4l+/AIVsk7v/TwnY3T1WCIvY10XYqJ3JAX8XwqLPGlJnHNW8qjNtw
MyUbk+8FPON4UEsiEhockTjQSpKVPUCSI6CIVoMnEzUgxefu+yTM/Bi/6nYy58my
sIT00uCR18JoKVc1bs5ZxLNbWRJynMpDconULc3EGe2mZm81VaX1AxYbZSEyqX2Y
gylpmkr0raOl5ct7W6ATf6UM2/gC3pjZd2+qjhlHXuw5TM/7nhiSBV/yeA6Ddj5X
QZ65TLcO9fUU+dlyU7xsfoUD0eNYJk/R+2JxACqzOZRCYZJqRpVig8qY4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt4pWh1+lSbaFGQXrtfgYJT2G/iMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvTzNpbGFIWDZWSnRvVVpCZXUxLUJnbFBZYi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQ4dMA0G
CSqGSIb3DQEBCwUAA4IBAQCgviDZOqR6WIlUlZRUZwhtgpLN2cJ0VW2sacwS65md
mWISHKwMBEz4O6CoPyChc49aU5a58tOY9hOgSVxpugeljg9Vwl+/khHZJKuJiGzw
l8dtuHi7RKPo4bE1w7z/b4M1yknprP9JKTHO4RGPXJhQtd2lBD1JP70Q4oel56Rw
TWZpw7WV413tTZjbIYdkvCSL4qmqvLqUgZ14quCidH1aMBz6uFk9/3rN8gjWBXhB
EVkU3f+lrJDDkjUQVDT96RKpP1xTXBeNBa9BhNqPb5Bp5jz7z2jMaMENP1OMDL56
Ta/J6tKAV5wkA2mg53GNKBu1cdH7dJy8+goGnWza4hX1
-----END CERTIFICATE-----