This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/q1B4D6fhb1hsDMHl4DgqMg1LBS0.roa
File:                     q1B4D6fhb1hsDMHl4DgqMg1LBS0.roa (raw, json)
Hash identifier:          QyvrcsEDHcRC23C4LJneKzaSVc+UGnP9rW3V3L3o3QM=
Subject key identifier:   AB:50:78:0F:A7:E1:6F:58:6C:0C:C1:E5:E0:38:2A:32:0D:4B:05:2D
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       019B7FF274794EB30803EAF7B3508C870B47
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/q1B4D6fhb1hsDMHl4DgqMg1LBS0.roa
Signing time:             Fri 02 Jan 2026 18:22:34 +0000
ROA not before:           Fri 02 Jan 2026 18:22:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51486
IP address blocks:        85.14.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:74:79:4e:b3:08:03:ea:f7:b3:50:8c:87:0b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  2 18:22:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab50780fa7e16f586c0cc1e5e0382a320d4b052d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:46:02:b9:dc:33:65:de:e9:da:05:97:57:70:
                    ea:ba:59:8a:29:f1:7b:2e:28:e1:3c:d3:c0:54:e4:
                    9c:37:f7:b3:06:54:8c:71:10:2a:7a:61:d8:4c:8e:
                    66:19:93:f2:a2:eb:21:8a:46:90:2f:f6:01:34:9c:
                    ac:5c:30:ce:4d:fb:92:02:f4:20:d5:2f:68:9b:81:
                    a3:0a:43:ae:81:ba:ce:da:13:d6:c4:fc:a8:16:15:
                    7b:b9:14:c3:01:c7:83:aa:ab:b3:38:0b:0e:88:4e:
                    3b:9c:f1:35:41:e2:18:cd:c7:85:1a:bd:73:48:cb:
                    2b:22:f6:2b:11:5c:87:ca:76:3e:5a:22:da:5d:f2:
                    18:e6:b2:8d:89:f2:d8:e8:97:b0:b6:0d:7f:b6:c5:
                    2f:06:b4:36:1d:c3:12:88:86:e9:55:5e:c8:77:e8:
                    cf:43:61:fe:ce:db:80:3f:0f:b6:e9:24:d3:13:f7:
                    32:00:34:1d:a3:f8:35:4b:33:86:0c:84:7d:09:16:
                    b9:e4:88:15:41:07:4d:50:a1:e2:7a:41:3d:8f:11:
                    e6:d1:e8:bf:e4:b2:b8:11:06:ba:9f:fe:87:df:c9:
                    f3:0f:c7:bc:8e:ff:9e:a3:4b:26:e8:24:05:e9:79:
                    4e:65:34:7c:83:35:83:fb:77:8d:3e:94:ec:4a:52:
                    c1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:50:78:0F:A7:E1:6F:58:6C:0C:C1:E5:E0:38:2A:32:0D:4B:05:2D
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/q1B4D6fhb1hsDMHl4DgqMg1LBS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:03:d9:6d:ce:67:a0:9d:3d:05:49:c6:d4:38:09:bd:d5:99:
         f0:48:69:36:7b:42:d6:58:c1:a9:71:a9:8e:48:48:14:4d:01:
         70:be:c0:73:f2:5f:9d:9d:17:77:b9:1a:30:1b:e3:b3:59:4d:
         05:df:dd:99:68:ff:75:68:97:ee:f1:f5:51:4b:6b:2b:33:43:
         8b:59:78:be:fe:6a:36:60:20:c3:e5:cf:7e:9e:88:e1:ba:8a:
         13:61:d5:be:9a:56:da:fc:8d:66:ef:d2:d2:72:27:aa:74:45:
         b5:6e:95:10:af:44:28:f3:36:5d:73:d1:65:53:76:e3:1d:94:
         0f:5d:92:2e:09:e0:aa:16:1e:96:ab:4f:b2:e4:ad:cd:54:82:
         e1:c7:7e:73:51:2d:fe:67:f1:30:2c:2f:1c:e4:20:04:df:c9:
         56:ba:5e:40:14:9d:8e:3e:4d:ff:f5:15:35:2c:0b:54:48:da:
         96:48:c3:ab:32:ed:55:fa:91:75:14:02:07:85:e7:4e:c7:86:
         0b:66:6d:ad:3d:2c:8c:a4:ac:1a:bd:84:e7:fe:59:68:24:f0:
         83:b8:e6:8f:b6:21:b8:1f:94:88:e7:e4:60:2f:1c:47:6e:82:
         63:0c:d8:76:da:9d:fa:37:bd:63:91:22:38:62:2f:b5:03:9c:
         49:78:b9:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8nR5TrMIA+r3s1CMhwtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjYwMTAyMTgyMjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjUwNzgwZmE3ZTE2ZjU4NmMwY2MxZTVlMDM4MmEzMjBkNGIwNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEYCudwzZd7p2gWXV3DqulmKKfF7
LijhPNPAVOScN/ezBlSMcRAqemHYTI5mGZPyoushikaQL/YBNJysXDDOTfuSAvQg
1S9om4GjCkOugbrO2hPWxPyoFhV7uRTDAceDqquzOAsOiE47nPE1QeIYzceFGr1z
SMsrIvYrEVyHynY+WiLaXfIY5rKNifLY6Jewtg1/tsUvBrQ2HcMSiIbpVV7Id+jP
Q2H+ztuAPw+26STTE/cyADQdo/g1SzOGDIR9CRa55IgVQQdNUKHiekE9jxHm0ei/
5LK4EQa6n/6H38nzD8e8jv+eo0sm6CQF6XlOZTR8gzWD+3eNPpTsSlLBMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtQeA+n4W9YbAzB5eA4KjINSwUtMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvcTFCNEQ2ZmhiMWhzRE1IbDREZ3FNZzFMQlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQ4SMA0G
CSqGSIb3DQEBCwUAA4IBAQANA9ltzmegnT0FScbUOAm91ZnwSGk2e0LWWMGpcamO
SEgUTQFwvsBz8l+dnRd3uRowG+OzWU0F392ZaP91aJfu8fVRS2srM0OLWXi+/mo2
YCDD5c9+nojhuooTYdW+mlba/I1m79LScieqdEW1bpUQr0Qo8zZdc9FlU3bjHZQP
XZIuCeCqFh6Wq0+y5K3NVILhx35zUS3+Z/EwLC8c5CAE38lWul5AFJ2OPk3/9RU1
LAtUSNqWSMOrMu1V+pF1FAIHhedOx4YLZm2tPSyMpKwavYTn/lloJPCDuOaPtiG4
H5SI5+RgLxxHboJjDNh22p36N71jkSI4Yi+1A5xJeLnA
-----END CERTIFICATE-----