This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/B98Na_a83Vv6WOdnNK9X7tvtcj0.roa
File:                     B98Na_a83Vv6WOdnNK9X7tvtcj0.roa (raw, json)
Hash identifier:          PXmyFKP/K4gTc4J+g6Mr+MdcQlhc12c0wCEqSEbX9pE=
Subject key identifier:   07:DF:0D:6B:F6:BC:DD:5B:FA:58:E7:67:34:AF:57:EE:DB:ED:72:3D
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019B88A5AD23675F42640CF6136AC26DB296
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/B98Na_a83Vv6WOdnNK9X7tvtcj0.roa
Signing time:             Sun 04 Jan 2026 10:55:17 +0000
ROA not before:           Sun 04 Jan 2026 10:55:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211043
IP address blocks:        185.243.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:88:a5:ad:23:67:5f:42:64:0c:f6:13:6a:c2:6d:b2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  4 10:55:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07df0d6bf6bcdd5bfa58e76734af57eedbed723d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e1:7b:5d:92:85:ec:fd:2c:58:5d:fe:59:9f:
                    30:82:00:a1:63:6d:c3:2f:35:c6:6c:8c:ce:d6:0e:
                    11:19:f6:3d:df:11:99:f5:78:f5:64:38:51:3b:a4:
                    e3:de:7e:7b:f0:5c:98:1b:93:35:0d:0f:2b:5f:cc:
                    3d:71:b9:74:a8:4d:b2:e8:f5:e0:7a:10:fc:90:f6:
                    f9:dd:2e:b4:34:9b:e9:6f:b3:8b:ab:e6:53:d1:a8:
                    76:1d:e9:a2:2a:7a:09:5a:25:de:41:fb:89:9c:d2:
                    78:17:b8:79:76:97:cb:b4:47:0c:42:75:b2:ab:b1:
                    fe:f8:0e:ed:e6:14:7a:8b:f3:a3:dc:e2:09:d1:c7:
                    98:89:c3:fc:61:2a:8b:0e:c4:22:ad:b0:e2:1b:e0:
                    bb:2a:d4:1f:c8:a3:6e:d5:a8:a4:dc:16:a0:32:0a:
                    21:24:71:c0:fc:86:36:1f:32:c7:b1:7c:fb:7c:ba:
                    9b:59:22:dc:79:ed:c4:2d:c4:3d:3a:6e:0a:48:d7:
                    bd:e2:87:e2:7f:a0:02:69:2c:db:c2:40:2c:e3:f4:
                    36:7f:aa:3d:28:32:b0:21:b9:82:36:6a:7b:7a:d2:
                    dd:05:4c:9b:32:f9:0a:83:02:bd:c2:b8:ff:8e:dd:
                    fa:f0:6f:e2:23:73:2d:1e:db:fc:d6:1a:2f:dd:37:
                    23:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:DF:0D:6B:F6:BC:DD:5B:FA:58:E7:67:34:AF:57:EE:DB:ED:72:3D
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/B98Na_a83Vv6WOdnNK9X7tvtcj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:ff:3d:05:f8:7b:c3:8f:0c:fe:09:11:79:1c:c2:aa:f7:f5:
         38:b7:97:fa:67:bd:9e:a9:2c:05:ee:91:8e:6c:4c:d7:e7:5b:
         ef:eb:cf:86:4f:ab:a7:ec:40:27:d1:46:0f:11:15:9e:59:53:
         ad:34:3a:40:36:0d:21:32:56:11:1a:f3:1c:6d:af:e4:82:24:
         45:bf:ff:1b:ae:9d:ce:ab:f2:a2:28:12:85:18:be:69:ed:1f:
         64:6c:22:30:b8:10:70:5e:ce:c6:8f:63:02:1b:c9:1f:ce:bb:
         f4:bd:cd:d2:c2:e2:32:db:fe:1d:9a:9d:4a:0e:3d:13:3b:3f:
         41:d5:29:ba:95:73:ce:6d:60:da:2e:2f:89:e8:13:c4:12:04:
         ac:71:c5:79:a0:6c:87:c3:dc:f0:2b:0c:b6:5c:7e:01:c1:a5:
         de:cc:d2:ad:db:e6:0e:fc:ed:18:36:1a:b5:b1:0c:76:28:cc:
         21:43:f4:c8:b2:4c:d2:9d:1a:f2:cb:82:eb:12:67:08:b1:56:
         55:b9:7e:d8:2e:e3:8a:c1:42:de:6a:7e:39:6b:3d:7d:84:d5:
         93:28:57:4c:19:41:be:80:50:1e:a2:94:34:b5:96:65:c1:2d:
         45:c2:6a:b8:68:68:95:87:16:e6:d4:96:5d:54:bf:4c:f2:8e:
         62:3d:2f:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuIpa0jZ19CZAz2E2rCbbKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMTA0MTA1NTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2RmMGQ2YmY2YmNkZDViZmE1OGU3NjczNGFmNTdlZWRiZWQ3MjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eF7XZKF7P0sWF3+WZ8wggChY23D
LzXGbIzO1g4RGfY93xGZ9Xj1ZDhRO6Tj3n578FyYG5M1DQ8rX8w9cbl0qE2y6PXg
ehD8kPb53S60NJvpb7OLq+ZT0ah2HemiKnoJWiXeQfuJnNJ4F7h5dpfLtEcMQnWy
q7H++A7t5hR6i/Oj3OIJ0ceYicP8YSqLDsQirbDiG+C7KtQfyKNu1aik3BagMgoh
JHHA/IY2HzLHsXz7fLqbWSLcee3ELcQ9Om4KSNe94ofif6ACaSzbwkAs4/Q2f6o9
KDKwIbmCNmp7etLdBUybMvkKgwK9wrj/jt368G/iI3MtHtv81hov3TcjnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAffDWv2vN1b+ljnZzSvV+7b7XI9MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvQjk4TmFfYTgzVnY2V09kbk5LOVg3dHZ0Y2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMEMA0G
CSqGSIb3DQEBCwUAA4IBAQCd/z0F+HvDjwz+CRF5HMKq9/U4t5f6Z72eqSwF7pGO
bEzX51vv68+GT6un7EAn0UYPERWeWVOtNDpANg0hMlYRGvMcba/kgiRFv/8brp3O
q/KiKBKFGL5p7R9kbCIwuBBwXs7Gj2MCG8kfzrv0vc3SwuIy2/4dmp1KDj0TOz9B
1Sm6lXPObWDaLi+J6BPEEgSsccV5oGyHw9zwKwy2XH4BwaXezNKt2+YO/O0YNhq1
sQx2KMwhQ/TIskzSnRryy4LrEmcIsVZVuX7YLuOKwULean45az19hNWTKFdMGUG+
gFAeopQ0tZZlwS1Fwmq4aGiVhxbm1JZdVL9M8o5iPS8p
-----END CERTIFICATE-----