This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/L2qdesxbOlAPPcqsHX3OFvpcNms.roa
File:                     L2qdesxbOlAPPcqsHX3OFvpcNms.roa (raw, json)
Hash identifier:          xnYHRnlysHnqEVLXt7+9LzXwUAK71wsgumO6OU7et48=
Subject key identifier:   2F:6A:9D:7A:CC:5B:3A:50:0F:3D:CA:AC:1D:7D:CE:16:FA:5C:36:6B
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       019BE097E9945071F150946367E6950B9B71
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/L2qdesxbOlAPPcqsHX3OFvpcNms.roa
Signing time:             Wed 21 Jan 2026 12:46:50 +0000
ROA not before:           Wed 21 Jan 2026 12:46:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208392
IP address blocks:        185.114.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e0:97:e9:94:50:71:f1:50:94:63:67:e6:95:0b:9b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan 21 12:46:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f6a9d7acc5b3a500f3dcaac1d7dce16fa5c366b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:45:d7:44:11:b2:fb:1d:a2:86:8b:97:7f:13:
                    a5:63:a9:7c:5e:ff:0c:78:70:51:36:a3:8d:f8:76:
                    8f:66:e2:0f:05:0c:00:20:2c:db:b8:0e:b7:97:cf:
                    40:42:e7:01:9d:c0:27:28:4e:48:6a:ae:ab:5f:ac:
                    a5:4b:dd:50:4e:5f:36:4d:0e:21:75:d1:71:15:51:
                    9d:cb:73:be:0d:1a:28:51:83:36:d3:65:71:af:ea:
                    74:9e:7e:58:4e:c2:49:7c:c4:90:8b:e6:dc:3a:b8:
                    86:fd:4c:8b:9a:dd:4a:f1:83:d5:aa:12:c1:ff:ce:
                    f3:90:ca:2d:04:88:f6:79:98:46:9e:f3:b8:81:90:
                    3a:1d:55:b6:34:d9:e8:f3:33:56:44:63:1d:b4:36:
                    88:a2:04:53:30:1b:db:99:80:7c:a5:9c:d4:b2:82:
                    a4:7f:2f:90:82:f0:0f:00:b1:62:86:db:bb:f6:fe:
                    6a:c9:fe:43:20:fb:6b:e0:29:cd:3e:13:35:2c:da:
                    fb:3c:77:66:dc:d3:5d:22:f7:f5:c8:96:f5:ef:59:
                    b8:81:d8:4e:d0:3a:c7:fd:c2:80:cb:c2:7a:4c:f1:
                    a8:d0:08:7f:92:19:d3:65:78:b9:20:9d:99:83:3e:
                    df:df:7f:dd:9d:25:b0:29:d8:38:a1:be:a4:f0:6e:
                    18:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:6A:9D:7A:CC:5B:3A:50:0F:3D:CA:AC:1D:7D:CE:16:FA:5C:36:6B
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/L2qdesxbOlAPPcqsHX3OFvpcNms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:08:11:99:7a:47:fd:15:94:c3:9d:fb:bd:4d:e9:f9:5c:38:
         f5:3b:08:0b:c2:58:60:3b:cf:bc:34:ad:23:03:df:11:51:d3:
         bf:4c:8d:f7:09:64:3c:39:60:7f:0b:3d:fd:57:87:80:db:22:
         5d:54:5a:12:d0:3e:0b:fe:0f:a3:8b:8f:0a:ea:b7:da:21:34:
         df:57:e4:60:f3:f1:60:58:5b:0c:54:9e:b8:3b:da:bc:ef:a8:
         34:4b:6a:d0:c0:d5:0f:a9:64:c6:db:b7:b3:ad:45:55:59:25:
         51:6a:41:14:cb:7c:71:d3:c7:c7:f5:23:55:7a:0c:45:8e:22:
         ed:64:1c:0c:11:71:1f:b3:d9:86:ee:a2:2a:f0:89:56:fa:6a:
         88:82:d6:50:9b:22:79:bd:25:27:e9:36:9b:a0:83:49:38:c8:
         09:22:eb:1b:44:8a:ab:3f:b4:91:80:c6:1b:1c:eb:73:01:b8:
         59:20:1d:59:89:0f:59:9f:a4:1f:8d:1c:86:cd:e0:bc:eb:c2:
         3c:d7:b9:24:fe:54:46:88:75:41:7f:8f:89:35:30:07:e1:e5:
         25:b6:31:cc:ee:02:a2:8e:65:7a:da:e9:ea:b1:93:93:07:19:
         ab:33:52:f3:c2:94:f3:df:5f:37:1a:a6:c1:b6:b9:6e:09:78:
         1b:1f:eb:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvgl+mUUHHxUJRjZ+aVC5txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwMTIxMTI0NjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjZhOWQ3YWNjNWIzYTUwMGYzZGNhYWMxZDdkY2UxNmZhNWMzNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukXXRBGy+x2ihouXfxOlY6l8Xv8M
eHBRNqON+HaPZuIPBQwAICzbuA63l89AQucBncAnKE5Iaq6rX6ylS91QTl82TQ4h
ddFxFVGdy3O+DRooUYM202Vxr+p0nn5YTsJJfMSQi+bcOriG/UyLmt1K8YPVqhLB
/87zkMotBIj2eZhGnvO4gZA6HVW2NNno8zNWRGMdtDaIogRTMBvbmYB8pZzUsoKk
fy+QgvAPALFihtu79v5qyf5DIPtr4CnNPhM1LNr7PHdm3NNdIvf1yJb171m4gdhO
0DrH/cKAy8J6TPGo0Ah/khnTZXi5IJ2Zgz7f33/dnSWwKdg4ob6k8G4Y3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9qnXrMWzpQDz3KrB19zhb6XDZrMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvTDJxZGVzeGJPbEFQUGNxc0hYM09GdnBjTm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXJKMA0G
CSqGSIb3DQEBCwUAA4IBAQCrCBGZekf9FZTDnfu9Ten5XDj1OwgLwlhgO8+8NK0j
A98RUdO/TI33CWQ8OWB/Cz39V4eA2yJdVFoS0D4L/g+ji48K6rfaITTfV+Rg8/Fg
WFsMVJ64O9q876g0S2rQwNUPqWTG27ezrUVVWSVRakEUy3xx08fH9SNVegxFjiLt
ZBwMEXEfs9mG7qIq8IlW+mqIgtZQmyJ5vSUn6TaboINJOMgJIusbRIqrP7SRgMYb
HOtzAbhZIB1ZiQ9Zn6QfjRyGzeC868I817kk/lRGiHVBf4+JNTAH4eUltjHM7gKi
jmV62unqsZOTBxmrM1LzwpTz3183GqbBtrluCXgbH+sZ
-----END CERTIFICATE-----