This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/On4dn5XbiBS1Qg2b3q7FuPrKKPU.roa
File:                     On4dn5XbiBS1Qg2b3q7FuPrKKPU.roa (raw, json)
Hash identifier:          aFxUmAbMZfGMNEqIxTU//GiK2u8cv1a8L3zZwck32pU=
Subject key identifier:   3A:7E:1D:9F:95:DB:88:14:B5:42:0D:9B:DE:AE:C5:B8:FA:CA:28:F5
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019B797EF35456315F5B2191561172C468ED
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/On4dn5XbiBS1Qg2b3q7FuPrKKPU.roa
Signing time:             Thu 01 Jan 2026 12:18:41 +0000
ROA not before:           Thu 01 Jan 2026 12:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.21.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f3:54:56:31:5f:5b:21:91:56:11:72:c4:68:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  1 12:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a7e1d9f95db8814b5420d9bdeaec5b8faca28f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4e:45:32:83:a0:02:ec:8b:c1:b2:d5:68:8c:
                    12:ef:57:44:5b:31:53:23:b8:06:48:cb:3d:6a:fd:
                    bf:b2:a8:f8:1a:99:64:93:ef:a5:99:7b:21:e4:db:
                    39:d6:ee:ba:53:bb:62:f4:1d:73:09:5b:94:08:c3:
                    4c:fb:00:40:fa:ae:8a:72:7a:c6:bc:0b:ac:53:ea:
                    0f:79:e1:53:75:0c:09:0d:c7:43:91:4e:13:2a:b7:
                    f9:f9:f4:22:17:02:ef:12:a5:14:20:6a:91:f3:da:
                    86:af:21:f9:09:14:1b:6f:65:eb:0a:af:a8:e4:c2:
                    0d:79:06:18:7b:5f:eb:13:ad:e9:46:b5:12:f1:28:
                    da:66:6c:d7:8b:cc:6a:73:1c:29:44:6a:fa:c4:5c:
                    91:ee:df:74:a1:ae:6e:21:e7:b5:c9:c9:12:17:03:
                    e6:b2:b9:e8:10:81:a8:06:86:14:9c:76:e4:f7:6d:
                    56:ba:17:7f:23:8d:33:45:40:8a:0e:74:ae:7e:9f:
                    41:c9:ae:bf:f0:1b:c3:cf:20:5c:cc:9a:1c:33:1e:
                    74:85:81:81:87:76:2f:e6:9d:3d:62:ad:ed:28:1d:
                    e6:28:f1:96:b3:4e:db:fe:31:a4:be:f6:78:48:29:
                    56:08:7a:f0:9b:b9:50:81:d2:3a:46:37:20:44:0c:
                    a4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7E:1D:9F:95:DB:88:14:B5:42:0D:9B:DE:AE:C5:B8:FA:CA:28:F5
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/On4dn5XbiBS1Qg2b3q7FuPrKKPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:02:f3:bb:e0:1f:d3:4f:6d:1f:82:e4:31:17:21:ca:de:36:
         9a:79:a6:66:fa:19:c2:fe:fd:20:87:e5:bc:12:cc:ce:dd:fd:
         e0:f1:aa:08:e3:c5:75:7d:d2:34:37:19:a6:77:37:e2:e7:00:
         3c:1b:52:db:8a:d2:17:3a:9b:7e:6d:a7:68:00:bf:41:70:87:
         58:63:af:4c:15:aa:f7:a4:1d:50:1c:05:98:54:e5:b2:a6:bb:
         5a:4f:8a:2a:b3:e9:86:af:08:31:55:5c:d3:21:b5:31:bb:69:
         ee:fd:54:91:e9:ab:93:86:19:4c:55:6d:68:de:2a:0a:d7:3a:
         cb:15:36:b1:fb:f1:75:df:bb:9a:44:b1:c3:f7:75:9a:c7:bc:
         17:04:f2:c3:ae:5d:c7:1f:bb:72:01:f6:78:91:4a:be:cf:cf:
         15:68:9b:41:63:48:48:cd:26:64:50:46:f3:3c:90:d5:de:0b:
         33:42:c7:0e:a0:81:bd:2e:dc:c0:bb:06:74:68:e4:ed:e4:42:
         f6:40:35:8e:af:ab:dc:da:6e:d3:69:2f:62:e8:ab:82:26:0b:
         6a:53:a5:11:f5:06:f4:cd:84:2a:64:a2:82:3e:2a:9e:17:48:
         e3:e9:c1:fa:dd:60:cd:bc:01:4d:e5:23:ea:0b:89:ff:6b:d6:
         4d:2d:e3:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvNUVjFfWyGRVhFyxGjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMTAxMTIxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdlMWQ5Zjk1ZGI4ODE0YjU0MjBkOWJkZWFlYzViOGZhY2EyOGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE5FMoOgAuyLwbLVaIwS71dEWzFT
I7gGSMs9av2/sqj4Gplkk++lmXsh5Ns51u66U7ti9B1zCVuUCMNM+wBA+q6KcnrG
vAusU+oPeeFTdQwJDcdDkU4TKrf5+fQiFwLvEqUUIGqR89qGryH5CRQbb2XrCq+o
5MINeQYYe1/rE63pRrUS8SjaZmzXi8xqcxwpRGr6xFyR7t90oa5uIee1yckSFwPm
srnoEIGoBoYUnHbk921Wuhd/I40zRUCKDnSufp9Bya6/8BvDzyBczJocMx50hYGB
h3Yv5p09Yq3tKB3mKPGWs07b/jGkvvZ4SClWCHrwm7lQgdI6RjcgRAyksQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDp+HZ+V24gUtUINm96uxbj6yij1MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvT240ZG41WGJpQlMxUWcyYjNxN0Z1UHJLS1BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX9MA0G
CSqGSIb3DQEBCwUAA4IBAQAMAvO74B/TT20fguQxFyHK3jaaeaZm+hnC/v0gh+W8
EszO3f3g8aoI48V1fdI0Nxmmdzfi5wA8G1LbitIXOpt+badoAL9BcIdYY69MFar3
pB1QHAWYVOWyprtaT4oqs+mGrwgxVVzTIbUxu2nu/VSR6auThhlMVW1o3ioK1zrL
FTax+/F137uaRLHD93Wax7wXBPLDrl3HH7tyAfZ4kUq+z88VaJtBY0hIzSZkUEbz
PJDV3gszQscOoIG9LtzAuwZ0aOTt5EL2QDWOr6vc2m7TaS9i6KuCJgtqU6UR9Qb0
zYQqZKKCPiqeF0jj6cH63WDNvAFN5SPqC4n/a9ZNLeMB
-----END CERTIFICATE-----