This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/41Cm7iBmCKDs-ltosDZ4QO77KxE.roa
File:                     41Cm7iBmCKDs-ltosDZ4QO77KxE.roa (raw, json)
Hash identifier:          TxgblgfPGlj/S7ZOZLrZhlB7zRFnL9F5Y5UbbNzhkRY=
Subject key identifier:   E3:50:A6:EE:20:66:08:A0:EC:FA:5B:68:B0:36:78:40:EE:FB:2B:11
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019B783477B63F0CCA1AA668CE92FF1DCAC1
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/41Cm7iBmCKDs-ltosDZ4QO77KxE.roa
Signing time:             Thu 01 Jan 2026 06:17:43 +0000
ROA not before:           Thu 01 Jan 2026 06:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199438
IP address blocks:        194.14.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:77:b6:3f:0c:ca:1a:a6:68:ce:92:ff:1d:ca:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  1 06:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e350a6ee206608a0ecfa5b68b0367840eefb2b11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3b:9a:6b:af:7c:84:39:10:ba:bd:32:4d:10:
                    8d:3b:4d:d0:7b:4b:80:ef:01:c6:61:e1:8e:dc:d4:
                    32:35:f3:8c:22:9a:56:61:32:a2:63:64:78:d6:ad:
                    09:f5:4c:92:50:b1:8c:fa:18:4f:d1:9d:f6:be:27:
                    60:75:b5:f2:e3:b7:9e:4c:f9:0b:fe:26:4e:74:b3:
                    8d:80:3a:db:73:a8:66:52:c6:85:a6:0f:17:e1:a8:
                    16:74:40:7c:7e:a8:12:9e:51:22:a6:65:da:ab:95:
                    cd:6e:42:5e:08:93:40:a8:4e:10:45:9e:7d:a8:7b:
                    fd:ae:66:0b:b7:5b:e8:72:70:12:13:3b:e1:4b:e9:
                    1a:47:26:ac:b6:6e:d1:70:d2:33:3f:e8:f6:ad:29:
                    d9:ef:10:28:af:b3:9e:10:f3:b5:80:11:49:61:01:
                    ec:c7:ec:77:b5:49:e2:34:6e:7f:4f:d2:93:42:c8:
                    f8:a2:bb:17:ff:99:c3:65:9c:53:1e:47:30:28:d8:
                    71:1d:a5:e3:54:65:80:a0:a1:5c:6b:ac:ee:c0:6f:
                    f1:c1:10:9e:2b:3d:b3:67:57:ed:d5:28:68:bb:bf:
                    03:c6:ea:57:df:93:da:b2:71:3c:6b:37:b4:b9:1a:
                    3f:8a:f1:35:6e:43:c9:10:3d:c3:a7:5b:dc:62:94:
                    28:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:50:A6:EE:20:66:08:A0:EC:FA:5B:68:B0:36:78:40:EE:FB:2B:11
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/41Cm7iBmCKDs-ltosDZ4QO77KxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.14.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:e2:2b:88:6e:26:f1:e4:8f:77:73:05:9f:e1:2d:cb:6d:09:
         37:e9:83:b4:8e:51:51:90:e3:ab:94:5b:d0:56:ea:b6:c4:77:
         73:30:23:2b:b4:58:fc:93:4e:ea:7d:da:10:50:31:96:d8:42:
         41:9d:c0:93:2a:a7:0d:40:dd:3d:7e:4c:7d:da:25:ca:d7:3d:
         51:5d:6a:a8:83:71:10:b3:93:94:e0:3e:63:7e:5c:54:99:4e:
         07:6f:f4:37:c2:c5:a8:62:37:f8:4d:90:29:4c:c5:30:5d:c8:
         f3:ef:c8:c9:de:5a:66:4e:2e:5b:b6:a1:71:d3:d2:bc:09:dc:
         02:e3:3e:79:4a:b7:35:e9:3b:11:d6:5f:8c:be:97:32:64:d3:
         91:95:7a:58:6a:4f:84:83:f1:2b:55:ce:ac:64:36:8d:43:28:
         97:60:82:cf:01:55:c5:35:d4:88:a3:bd:d5:76:09:1f:4c:41:
         9e:98:92:7c:1b:29:0e:db:d8:69:e9:ab:ef:18:42:3b:2d:63:
         55:ef:e0:2a:00:b2:e7:9c:ca:76:a5:34:31:38:bb:78:b7:13:
         66:58:fc:bb:3a:51:e9:69:cf:67:a7:e0:61:5f:fc:6e:f2:af:
         f8:47:ae:23:ad:74:49:b0:86:b4:c1:bc:e6:7e:38:a0:fc:cf:
         d1:f1:7c:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NHe2PwzKGqZozpL/HcrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMTAxMDYxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzUwYTZlZTIwNjYwOGEwZWNmYTViNjhiMDM2Nzg0MGVlZmIyYjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTuaa698hDkQur0yTRCNO03Qe0uA
7wHGYeGO3NQyNfOMIppWYTKiY2R41q0J9UySULGM+hhP0Z32vidgdbXy47eeTPkL
/iZOdLONgDrbc6hmUsaFpg8X4agWdEB8fqgSnlEipmXaq5XNbkJeCJNAqE4QRZ59
qHv9rmYLt1vocnASEzvhS+kaRyastm7RcNIzP+j2rSnZ7xAor7OeEPO1gBFJYQHs
x+x3tUniNG5/T9KTQsj4orsX/5nDZZxTHkcwKNhxHaXjVGWAoKFca6zuwG/xwRCe
Kz2zZ1ft1Shou78DxupX35PasnE8aze0uRo/ivE1bkPJED3Dp1vcYpQoaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONQpu4gZgig7PpbaLA2eEDu+ysRMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvNDFDbTdpQm1DS0RzLWx0b3NEWjRRTzc3S3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg7bMA0G
CSqGSIb3DQEBCwUAA4IBAQCF4iuIbibx5I93cwWf4S3LbQk36YO0jlFRkOOrlFvQ
Vuq2xHdzMCMrtFj8k07qfdoQUDGW2EJBncCTKqcNQN09fkx92iXK1z1RXWqog3EQ
s5OU4D5jflxUmU4Hb/Q3wsWoYjf4TZApTMUwXcjz78jJ3lpmTi5btqFx09K8CdwC
4z55Src16TsR1l+MvpcyZNORlXpYak+Eg/ErVc6sZDaNQyiXYILPAVXFNdSIo73V
dgkfTEGemJJ8GykO29hp6avvGEI7LWNV7+AqALLnnMp2pTQxOLt4txNmWPy7OlHp
ac9np+BhX/xu8q/4R64jrXRJsIa0wbzmfjig/M/R8Xxh
-----END CERTIFICATE-----