This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/1M4CR97G2KsXmA_zCbIkIXY9AHc.roa
File:                     1M4CR97G2KsXmA_zCbIkIXY9AHc.roa (raw, json)
Hash identifier:          GDf20c7QMRCTOktQNho+ECo62hgqNJJUdQUlkUBsHZE=
Subject key identifier:   D4:CE:02:47:DE:C6:D8:AB:17:98:0F:F3:09:B2:24:21:76:3D:00:77
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019B797EF7AF312FA8821D9F5A534BD339FE
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/1M4CR97G2KsXmA_zCbIkIXY9AHc.roa
Signing time:             Thu 01 Jan 2026 12:18:42 +0000
ROA not before:           Thu 01 Jan 2026 12:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215638
IP address blocks:        185.21.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f7:af:31:2f:a8:82:1d:9f:5a:53:4b:d3:39:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  1 12:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4ce0247dec6d8ab17980ff309b22421763d0077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a3:1e:46:11:23:23:50:16:03:84:90:7b:a0:
                    8b:32:48:64:82:4b:c5:51:67:6e:1c:1b:91:cb:77:
                    ae:fd:76:af:d1:dc:e9:99:95:8e:52:2b:c9:94:17:
                    2c:d9:00:86:4b:e4:c1:7c:de:0e:cd:b4:55:70:9d:
                    63:94:f8:1a:81:3f:29:70:46:2c:5d:44:12:74:9c:
                    46:41:52:c7:c9:7c:a5:10:bb:c8:68:d1:3c:2d:6a:
                    ca:75:66:47:25:16:96:73:bb:d6:c0:7c:de:94:0d:
                    7a:83:7c:57:8c:74:63:e8:57:05:26:90:5a:b6:50:
                    cf:51:b7:4f:ba:63:8e:a7:8e:1d:f4:d2:b0:ca:8e:
                    e5:cd:b6:56:f9:ae:91:50:fb:3c:1d:4f:ba:49:81:
                    2f:e4:49:43:85:f2:4d:81:7a:0b:c2:2e:62:f9:05:
                    66:aa:bd:b8:e3:b3:d9:15:17:45:21:41:53:a9:f7:
                    54:47:1c:00:a1:71:97:ca:66:56:57:32:2f:6f:81:
                    5e:c7:9a:c3:5d:10:0e:bd:81:c3:0e:29:ae:b4:21:
                    24:23:2d:30:df:e3:14:40:29:88:d7:09:45:29:47:
                    de:b1:9a:6e:e4:08:39:af:00:2c:ff:37:ef:8c:7a:
                    d0:ca:7e:85:0e:d0:89:07:ea:3b:0b:b2:0f:ba:77:
                    ad:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:CE:02:47:DE:C6:D8:AB:17:98:0F:F3:09:B2:24:21:76:3D:00:77
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/1M4CR97G2KsXmA_zCbIkIXY9AHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:a6:42:b6:7d:8a:5e:ac:25:39:eb:75:f2:7b:87:39:4f:1f:
         bc:1c:4d:66:5f:4d:5c:5b:da:e1:dd:df:f3:f7:ef:a7:46:6b:
         fc:52:c1:e1:be:1c:57:58:81:1f:22:13:64:1a:84:54:c3:33:
         7e:10:1d:ac:66:52:55:85:30:a3:79:0b:77:b8:66:86:b8:c4:
         b3:24:1f:ee:6f:7d:7c:0b:f0:b9:45:18:1e:d8:4c:73:7e:56:
         0e:ad:f8:4e:aa:a0:13:47:4f:8a:48:40:ac:c7:40:99:98:d3:
         4a:e5:a3:6b:44:02:6d:ef:c7:35:87:13:df:72:8c:1c:d1:e2:
         f5:d1:3a:1e:3d:fa:fb:ed:3a:8d:74:bf:74:cd:be:1f:ac:72:
         96:33:06:1c:ca:f2:a4:b1:d2:4d:77:3b:da:ac:3b:50:26:17:
         b7:2c:d1:e9:99:f0:20:f3:2d:02:07:07:b2:f8:e5:5e:2c:0c:
         ba:a7:59:0f:38:c5:52:04:fa:d8:0a:ee:62:9d:d6:a8:3f:ab:
         4e:bf:0a:db:ca:65:cc:b7:46:46:c6:22:b8:ca:35:6f:96:58:
         9f:24:e2:c3:23:85:f7:f7:31:c8:b0:2c:6c:8a:7b:c1:70:0a:
         53:5b:32:35:6b:48:71:4b:d1:5a:2d:ce:76:51:8b:50:e2:89:
         46:d1:d6:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvevMS+ogh2fWlNL0zn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMTAxMTIxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGNlMDI0N2RlYzZkOGFiMTc5ODBmZjMwOWIyMjQyMTc2M2QwMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6MeRhEjI1AWA4SQe6CLMkhkgkvF
UWduHBuRy3eu/Xav0dzpmZWOUivJlBcs2QCGS+TBfN4OzbRVcJ1jlPgagT8pcEYs
XUQSdJxGQVLHyXylELvIaNE8LWrKdWZHJRaWc7vWwHzelA16g3xXjHRj6FcFJpBa
tlDPUbdPumOOp44d9NKwyo7lzbZW+a6RUPs8HU+6SYEv5ElDhfJNgXoLwi5i+QVm
qr2447PZFRdFIUFTqfdURxwAoXGXymZWVzIvb4Fex5rDXRAOvYHDDimutCEkIy0w
3+MUQCmI1wlFKUfesZpu5Ag5rwAs/zfvjHrQyn6FDtCJB+o7C7IPunetCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTOAkfextirF5gP8wmyJCF2PQB3MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvMU00Q1I5N0cyS3NYbUFfekNiSWtJWFk5QUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX/MA0G
CSqGSIb3DQEBCwUAA4IBAQCnpkK2fYperCU563Xye4c5Tx+8HE1mX01cW9rh3d/z
9++nRmv8UsHhvhxXWIEfIhNkGoRUwzN+EB2sZlJVhTCjeQt3uGaGuMSzJB/ub318
C/C5RRge2ExzflYOrfhOqqATR0+KSECsx0CZmNNK5aNrRAJt78c1hxPfcowc0eL1
0ToePfr77TqNdL90zb4frHKWMwYcyvKksdJNdzvarDtQJhe3LNHpmfAg8y0CBwey
+OVeLAy6p1kPOMVSBPrYCu5indaoP6tOvwrbymXMt0ZGxiK4yjVvllifJOLDI4X3
9zHIsCxsinvBcApTWzI1a0hxS9FaLc52UYtQ4olG0dYV
-----END CERTIFICATE-----