This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/OlAqCYtfml5aAcuef4iTuGA1Znw.roa
File:                     OlAqCYtfml5aAcuef4iTuGA1Znw.roa (raw, json)
Hash identifier:          oBZ2FSaLr94Fj3AQH5JkrQIol38G33NlXd4VSVbL2Ks=
Subject key identifier:   3A:50:2A:09:8B:5F:9A:5E:5A:01:CB:9E:7F:88:93:B8:60:35:66:7C
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       019B7C11470132BB2AC6FA9DEC59AD89C057
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/OlAqCYtfml5aAcuef4iTuGA1Znw.roa
Signing time:             Fri 02 Jan 2026 00:17:45 +0000
ROA not before:           Fri 02 Jan 2026 00:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        185.221.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:47:01:32:bb:2a:c6:fa:9d:ec:59:ad:89:c0:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jan  2 00:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a502a098b5f9a5e5a01cb9e7f8893b86035667c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:db:70:9e:99:a2:fc:d6:c2:bb:37:e1:8c:26:
                    23:4b:e8:14:4e:6f:8f:c3:40:e8:3c:e0:cc:b6:ed:
                    71:00:50:5c:7d:4f:26:7b:e5:bb:38:dc:9c:6a:c7:
                    90:3b:0c:00:5e:fc:a7:6f:8e:45:d1:fc:6a:60:c1:
                    0c:62:be:68:9b:f8:19:82:12:86:93:7d:80:f2:d9:
                    57:ec:96:25:e9:7d:b6:68:ba:29:79:f4:fc:1d:0c:
                    33:29:98:5a:56:63:13:40:85:75:d2:d2:db:1d:6f:
                    a9:39:bf:fa:0f:48:4c:27:97:d9:f8:18:5d:cc:5c:
                    ce:53:8b:34:00:dc:77:83:30:57:05:38:2c:5e:78:
                    de:12:17:fa:1e:1c:41:6f:84:35:f6:27:9b:c0:5e:
                    6c:1d:0f:4d:62:04:fc:82:62:55:fe:c5:9e:35:ba:
                    4c:9a:64:dd:f0:8f:52:81:1c:7c:5d:c3:99:67:59:
                    af:bc:90:0f:2c:32:b6:a3:66:a8:92:78:81:a5:5c:
                    8a:1e:4c:06:c5:90:65:c3:a0:39:6d:21:3c:6d:de:
                    c7:36:d7:88:78:7a:3b:89:0c:80:26:e5:aa:ea:58:
                    b8:40:fa:84:55:3c:6b:79:39:b6:fb:e7:64:17:9e:
                    ca:8b:85:f3:28:19:0f:94:b1:56:ff:cd:23:23:9a:
                    a6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:50:2A:09:8B:5F:9A:5E:5A:01:CB:9E:7F:88:93:B8:60:35:66:7C
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/OlAqCYtfml5aAcuef4iTuGA1Znw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:a5:bf:f8:f2:ee:d3:bc:e0:cb:f3:20:9a:e0:c8:40:a4:37:
         d1:a8:25:f4:72:f9:86:df:50:7b:e4:22:d6:31:e1:ca:ba:cd:
         33:75:3f:5f:44:09:24:e5:b2:28:54:25:47:dd:6e:87:57:e4:
         68:87:8a:73:78:1d:8c:02:6f:1b:42:2b:e2:26:41:9c:86:8b:
         00:9e:94:64:91:9e:1c:1e:e4:27:5c:93:54:06:df:12:24:e4:
         ae:d2:63:b9:d1:69:7e:0d:cf:49:5e:1b:91:74:c7:33:0d:ef:
         0d:d1:15:1a:4b:ad:3d:26:be:bf:dd:f5:94:d5:e0:6a:34:31:
         8a:d1:29:4b:91:49:0f:ea:d1:95:36:98:8c:93:dc:cf:34:9f:
         e2:cd:cf:5b:c3:e1:99:43:bc:7f:87:4f:38:4c:1a:e6:12:ae:
         47:93:e5:15:f1:bf:87:6f:91:be:c2:e9:7a:7d:4f:c9:17:c7:
         93:6c:97:5f:19:14:f8:34:ff:36:f3:59:6b:e8:44:1e:09:46:
         28:b3:fe:7f:18:50:1d:bc:5d:2a:3b:3e:88:fd:20:5c:7f:b9:
         bc:38:e4:0a:52:18:ae:4a:50:66:ff:97:fa:42:87:0e:40:94:
         2a:cc:f2:f2:dc:e7:e5:16:35:44:5c:4e:a0:42:8a:c2:df:47:
         fa:81:4b:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EUcBMrsqxvqd7FmticBXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjYwMTAyMDAxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTUwMmEwOThiNWY5YTVlNWEwMWNiOWU3Zjg4OTNiODYwMzU2NjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ttwnpmi/NbCuzfhjCYjS+gUTm+P
w0DoPODMtu1xAFBcfU8me+W7ONycaseQOwwAXvynb45F0fxqYMEMYr5om/gZghKG
k32A8tlX7JYl6X22aLopefT8HQwzKZhaVmMTQIV10tLbHW+pOb/6D0hMJ5fZ+Bhd
zFzOU4s0ANx3gzBXBTgsXnjeEhf6HhxBb4Q19iebwF5sHQ9NYgT8gmJV/sWeNbpM
mmTd8I9SgRx8XcOZZ1mvvJAPLDK2o2aokniBpVyKHkwGxZBlw6A5bSE8bd7HNteI
eHo7iQyAJuWq6li4QPqEVTxreTm2++dkF57Ki4XzKBkPlLFW/80jI5qmeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpQKgmLX5peWgHLnn+Ik7hgNWZ8MB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvT2xBcUNZdGZtbDVhQWN1ZWY0aVR1R0ExWm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCEpb/48u7TvODL8yCa4MhApDfRqCX0cvmG31B75CLW
MeHKus0zdT9fRAkk5bIoVCVH3W6HV+Roh4pzeB2MAm8bQiviJkGchosAnpRkkZ4c
HuQnXJNUBt8SJOSu0mO50Wl+Dc9JXhuRdMczDe8N0RUaS609Jr6/3fWU1eBqNDGK
0SlLkUkP6tGVNpiMk9zPNJ/izc9bw+GZQ7x/h084TBrmEq5Hk+UV8b+Hb5G+wul6
fU/JF8eTbJdfGRT4NP8281lr6EQeCUYos/5/GFAdvF0qOz6I/SBcf7m8OOQKUhiu
SlBm/5f6QocOQJQqzPLy3OflFjVEXE6gQorC30f6gUuh
-----END CERTIFICATE-----