This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/j7LtCmBQkrQBJnb_ZCt76IEDtVw.roa
File:                     j7LtCmBQkrQBJnb_ZCt76IEDtVw.roa (raw, json)
Hash identifier:          xzoT1lmtc0/rZsZSXDJS+I2wkN8O0eHPbcY9YaDshes=
Subject key identifier:   8F:B2:ED:0A:60:50:92:B4:01:26:76:FF:64:2B:7B:E8:81:03:B5:5C
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019B797EF2AF3E1C061BECD23E20A93E7A01
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/j7LtCmBQkrQBJnb_ZCt76IEDtVw.roa
Signing time:             Thu 01 Jan 2026 12:18:41 +0000
ROA not before:           Thu 01 Jan 2026 12:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.21.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f2:af:3e:1c:06:1b:ec:d2:3e:20:a9:3e:7a:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  1 12:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8fb2ed0a605092b4012676ff642b7be88103b55c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dc:59:8d:cc:c7:85:1c:e5:7e:8e:24:fb:fb:
                    26:5c:ab:2f:e2:5e:89:c8:67:e0:92:fd:52:b6:01:
                    0c:fd:7c:0c:8b:bf:9e:6c:57:25:bf:40:ee:5e:90:
                    37:9e:50:d0:8a:f4:3b:97:ae:61:31:2c:80:5f:06:
                    e3:95:d2:92:7e:75:a8:65:0d:51:db:86:51:56:e8:
                    98:30:0c:9e:f4:86:16:19:bb:12:3b:e5:f0:c0:e6:
                    ae:c5:82:90:ad:b4:0c:c0:0e:ef:2e:7c:2a:f6:6f:
                    30:68:d0:93:fc:ed:f7:30:18:55:88:05:56:ed:b2:
                    cc:bd:df:ba:c5:b4:85:b0:72:62:3e:f7:30:93:df:
                    23:d6:c0:55:72:14:6d:a4:aa:06:ee:36:1d:8d:38:
                    c1:fb:45:07:82:66:58:94:a5:13:6d:21:14:91:ef:
                    f0:4f:a5:51:e6:b3:05:fa:0b:ae:2a:1e:50:2d:47:
                    13:bd:de:a6:d7:2e:6e:54:33:eb:18:1a:57:86:16:
                    c5:99:39:98:27:f4:d0:aa:83:8b:69:ea:94:bc:14:
                    c5:4d:cd:9c:06:fe:84:de:83:7c:c1:54:f1:63:77:
                    53:fc:5a:7e:60:0c:8a:a5:50:60:32:99:a9:37:d5:
                    3f:ae:09:ca:8c:54:77:d2:d4:a3:a8:59:be:7a:cd:
                    fc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B2:ED:0A:60:50:92:B4:01:26:76:FF:64:2B:7B:E8:81:03:B5:5C
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/j7LtCmBQkrQBJnb_ZCt76IEDtVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:ab:d0:03:94:e5:28:16:f5:19:31:b8:a1:12:4b:90:ad:8d:
         76:fc:63:ff:6b:d8:80:a7:51:1f:93:66:6f:bb:13:d0:cb:bf:
         8c:37:90:07:9e:cb:fc:46:cd:55:1f:81:2f:04:a6:55:67:59:
         8f:f7:da:43:ce:e1:44:02:78:a6:5c:26:b7:4b:a8:5b:16:a3:
         5f:95:7d:2f:22:1a:af:ba:f3:2f:78:5a:be:e0:be:4a:06:6b:
         17:d4:44:74:51:a3:94:d1:91:12:c8:c7:9b:48:c4:34:a5:49:
         4c:b9:19:1e:94:eb:df:c0:4b:b0:2e:02:97:58:69:d5:45:37:
         66:c4:1c:a2:5b:54:91:d7:58:43:79:57:05:8f:cb:e5:b2:9b:
         48:e6:a6:1a:34:d1:bb:df:6b:63:82:63:d5:c6:11:00:9d:68:
         07:df:8b:8e:3a:c5:74:af:de:27:cf:e3:87:23:7d:67:8a:a1:
         3f:66:f8:5c:5c:9e:6b:49:0b:0a:83:41:67:3d:ca:0d:1f:8d:
         f6:dc:75:ea:38:74:2b:8c:c3:b8:68:91:31:b2:50:b6:9a:1d:
         35:9d:d0:f4:6a:02:57:46:e3:70:f7:5c:e3:c4:2a:ef:78:55:
         50:09:88:31:2a:37:28:9b:0a:66:ed:58:5d:7e:b0:71:01:b7:
         aa:2d:8d:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvKvPhwGG+zSPiCpPnoBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMTAxMTIxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIyZWQwYTYwNTA5MmI0MDEyNjc2ZmY2NDJiN2JlODgxMDNiNTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdxZjczHhRzlfo4k+/smXKsv4l6J
yGfgkv1StgEM/XwMi7+ebFclv0DuXpA3nlDQivQ7l65hMSyAXwbjldKSfnWoZQ1R
24ZRVuiYMAye9IYWGbsSO+XwwOauxYKQrbQMwA7vLnwq9m8waNCT/O33MBhViAVW
7bLMvd+6xbSFsHJiPvcwk98j1sBVchRtpKoG7jYdjTjB+0UHgmZYlKUTbSEUke/w
T6VR5rMF+guuKh5QLUcTvd6m1y5uVDPrGBpXhhbFmTmYJ/TQqoOLaeqUvBTFTc2c
Bv6E3oN8wVTxY3dT/Fp+YAyKpVBgMpmpN9U/rgnKjFR30tSjqFm+es38OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+y7QpgUJK0ASZ2/2Qre+iBA7VcMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvajdMdENtQlFrclFCSm5iX1pDdDc2SUVEdFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX9MA0G
CSqGSIb3DQEBCwUAA4IBAQBJq9ADlOUoFvUZMbihEkuQrY12/GP/a9iAp1Efk2Zv
uxPQy7+MN5AHnsv8Rs1VH4EvBKZVZ1mP99pDzuFEAnimXCa3S6hbFqNflX0vIhqv
uvMveFq+4L5KBmsX1ER0UaOU0ZESyMebSMQ0pUlMuRkelOvfwEuwLgKXWGnVRTdm
xByiW1SR11hDeVcFj8vlsptI5qYaNNG732tjgmPVxhEAnWgH34uOOsV0r94nz+OH
I31niqE/ZvhcXJ5rSQsKg0FnPcoNH4323HXqOHQrjMO4aJExslC2mh01ndD0agJX
RuNw91zjxCrveFVQCYgxKjcomwpm7VhdfrBxAbeqLY1M
-----END CERTIFICATE-----