This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fJCr45jAYUAto50AbqsSwSZ58OQ.roa
File:                     fJCr45jAYUAto50AbqsSwSZ58OQ.roa (raw, json)
Hash identifier:          CSYHF439lw3yCSNRwv2vCNxLYEpkYxheid9K2FfVKqY=
Subject key identifier:   7C:90:AB:E3:98:C0:61:40:2D:A3:9D:00:6E:AB:12:C1:26:79:F0:E4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A31A5A41037F443E0772EEB8337BE0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fJCr45jAYUAto50AbqsSwSZ58OQ.roa
Signing time:             Thu 01 Jan 2026 08:18:33 +0000
ROA not before:           Thu 01 Jan 2026 08:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196945
IP address blocks:        185.221.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:1a:5a:41:03:7f:44:3e:07:72:ee:b8:33:7b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c90abe398c061402da39d006eab12c12679f0e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:02:37:bb:6f:6b:09:b7:68:1b:d6:3e:7a:44:
                    b8:46:5e:4d:15:cb:9c:49:08:80:d1:2c:33:16:c9:
                    c9:52:b4:7a:15:f3:39:3a:73:ab:f3:83:b4:48:f8:
                    2d:7f:c6:fa:09:ff:35:91:90:87:41:a3:bb:30:71:
                    c4:23:05:13:d8:fe:e9:ae:0d:bf:aa:43:32:1d:75:
                    73:ca:1f:58:73:aa:98:23:5a:b9:44:9c:9d:ed:63:
                    19:5c:eb:ee:4f:08:8a:67:27:5f:4a:f3:93:14:63:
                    6b:72:2b:fb:a4:20:9f:cd:50:d7:2a:d0:35:21:d4:
                    74:3d:cd:c7:9e:06:a5:6c:12:23:f0:8e:82:6e:96:
                    04:7c:53:87:7e:88:3c:60:53:22:d0:fc:27:10:a6:
                    c6:5d:71:50:31:1c:45:ff:17:8d:1d:f2:81:62:61:
                    91:cf:88:da:c2:2f:53:38:3a:97:7e:83:8f:46:05:
                    10:f7:69:fb:76:30:8e:f1:8f:d9:24:73:14:1f:96:
                    9a:50:29:c4:e1:c8:e9:be:e5:f8:aa:0e:d2:f0:e4:
                    5e:e3:42:46:1f:95:52:68:db:2e:a1:fe:d7:90:ca:
                    91:6d:1b:a5:96:72:95:f7:74:bd:80:ca:0d:58:13:
                    13:83:97:e6:36:aa:81:af:b5:eb:36:ce:5f:b5:00:
                    c8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:90:AB:E3:98:C0:61:40:2D:A3:9D:00:6E:AB:12:C1:26:79:F0:E4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fJCr45jAYUAto50AbqsSwSZ58OQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:70:75:ba:f1:a9:d7:9a:a7:18:e3:4b:e1:1a:5f:a5:11:a3:
         80:af:7b:88:f3:7d:30:6c:4e:2f:0a:16:4d:cc:ec:ed:50:0b:
         d1:d1:47:cd:c1:cb:78:2a:da:e9:13:ce:9b:fc:6b:e1:58:2f:
         94:1c:f0:9c:68:cc:6a:55:27:02:cd:1c:1c:5f:63:11:5a:53:
         d5:5a:27:20:e4:38:84:07:a1:5f:b9:e9:e3:b3:18:a4:fe:0c:
         b1:50:9b:11:ff:c1:6f:1b:93:35:46:60:cd:67:ad:af:c4:38:
         34:57:68:e6:9a:8d:42:e8:53:52:1e:32:ed:0f:c3:3b:27:c8:
         83:1b:d6:bc:ca:9d:57:74:d5:79:69:e1:87:bc:ff:d9:64:85:
         e6:34:ca:74:04:37:53:76:e9:86:83:fd:a6:0f:86:47:c5:ee:
         c4:4c:64:e9:22:dd:f7:dc:06:3b:83:0e:3e:60:b4:03:0c:12:
         c1:5f:9a:c3:c0:1e:2a:45:c4:67:99:71:cc:06:b9:c9:38:6b:
         bc:be:89:0c:e3:ae:8b:65:26:75:17:e1:26:b6:b9:5a:e7:a1:
         42:1d:4c:20:38:2f:b3:a0:99:d1:09:b5:91:73:3b:18:92:8f:
         b5:54:32:93:13:aa:52:65:e1:99:f6:33:b5:78:18:bc:c2:24:
         1d:e3:c8:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oxpaQQN/RD4Hcu64M3vgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzkwYWJlMzk4YzA2MTQwMmRhMzlkMDA2ZWFiMTJjMTI2NzlmMGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AI3u29rCbdoG9Y+ekS4Rl5NFcuc
SQiA0SwzFsnJUrR6FfM5OnOr84O0SPgtf8b6Cf81kZCHQaO7MHHEIwUT2P7prg2/
qkMyHXVzyh9Yc6qYI1q5RJyd7WMZXOvuTwiKZydfSvOTFGNrciv7pCCfzVDXKtA1
IdR0Pc3HngalbBIj8I6CbpYEfFOHfog8YFMi0PwnEKbGXXFQMRxF/xeNHfKBYmGR
z4jawi9TODqXfoOPRgUQ92n7djCO8Y/ZJHMUH5aaUCnE4cjpvuX4qg7S8ORe40JG
H5VSaNsuof7XkMqRbRullnKV93S9gMoNWBMTg5fmNqqBr7XrNs5ftQDIwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyQq+OYwGFALaOdAG6rEsEmefDkMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZkpDcjQ1akFZVUF0bzUwQWJxc1N3U1o1OE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud1BMA0G
CSqGSIb3DQEBCwUAA4IBAQCkcHW68anXmqcY40vhGl+lEaOAr3uI830wbE4vChZN
zOztUAvR0UfNwct4KtrpE86b/GvhWC+UHPCcaMxqVScCzRwcX2MRWlPVWicg5DiE
B6Ffuenjsxik/gyxUJsR/8FvG5M1RmDNZ62vxDg0V2jmmo1C6FNSHjLtD8M7J8iD
G9a8yp1XdNV5aeGHvP/ZZIXmNMp0BDdTdumGg/2mD4ZHxe7ETGTpIt333AY7gw4+
YLQDDBLBX5rDwB4qRcRnmXHMBrnJOGu8vokM466LZSZ1F+Emtrla56FCHUwgOC+z
oJnRCbWRczsYko+1VDKTE6pSZeGZ9jO1eBi8wiQd48hZ
-----END CERTIFICATE-----