This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4gak6ZN75yEy3SghtW1obhjjY_g.roa
File:                     4gak6ZN75yEy3SghtW1obhjjY_g.roa (raw, json)
Hash identifier:          Dlexyz7E0orjE/tlNnAdAP3DVvKpSdfqNvgZBAWIF/M=
Subject key identifier:   E2:06:A4:E9:93:7B:E7:21:32:DD:28:21:B5:6D:68:6E:18:E3:63:F8
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019B79106D41EC4A6738F5D22C0C936D22E9
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4gak6ZN75yEy3SghtW1obhjjY_g.roa
Signing time:             Thu 01 Jan 2026 10:17:58 +0000
ROA not before:           Thu 01 Jan 2026 10:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213002
IP address blocks:        185.241.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:6d:41:ec:4a:67:38:f5:d2:2c:0c:93:6d:22:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  1 10:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e206a4e9937be72132dd2821b56d686e18e363f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:61:0e:c2:08:61:85:d7:ab:90:72:a3:bc:db:
                    93:bd:64:19:8b:24:77:91:19:54:6b:f2:be:a8:ef:
                    1c:bc:df:7c:6b:90:54:93:ab:a9:3c:31:1f:00:6b:
                    97:b4:21:7f:81:d9:de:7e:c2:fa:20:d3:bc:72:cb:
                    b3:3a:65:cb:52:b4:dd:b8:d5:56:04:f9:ee:0f:35:
                    3c:f7:8e:14:d8:70:ab:46:06:bf:a2:82:c8:1a:06:
                    7e:a7:ac:ef:f4:ce:8b:5b:db:e9:2a:b4:d3:47:00:
                    dc:89:c1:ac:b1:7d:9b:15:3e:5e:9a:7d:91:21:ea:
                    9f:1d:c9:ac:de:9c:1f:bf:4e:d5:4d:43:e3:e7:6a:
                    02:7e:95:90:45:eb:c1:03:ea:e8:d6:9d:58:29:19:
                    ce:1f:e6:1e:1f:bb:2f:fa:64:5f:72:6f:bc:1b:b4:
                    72:d9:28:ee:76:92:87:d6:34:9d:d3:47:c7:66:8b:
                    2e:bb:52:e4:4a:65:da:15:91:a1:51:6d:8e:e1:e5:
                    4b:ae:08:fc:91:a4:42:77:fb:23:c8:c5:38:1e:31:
                    be:72:df:76:a3:a2:41:4f:35:30:af:c5:42:91:07:
                    39:1f:a1:a9:fa:df:94:ea:32:17:46:45:2d:d4:3f:
                    c6:39:e0:3a:98:7b:bd:a4:e3:5e:04:0b:f5:de:42:
                    3a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:06:A4:E9:93:7B:E7:21:32:DD:28:21:B5:6D:68:6E:18:E3:63:F8
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4gak6ZN75yEy3SghtW1obhjjY_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:81:2b:ff:84:bd:6c:1d:25:2c:10:cf:62:56:ff:bf:5a:42:
         65:3d:44:ea:9a:2e:5e:03:1f:81:e4:7f:b2:f8:2b:39:5b:0c:
         7b:b1:3b:f8:07:c1:9a:b6:3c:20:8c:56:7c:7f:24:1f:47:42:
         a0:d8:a2:66:8e:04:8f:ba:fc:fe:24:4d:d7:9a:99:d3:7d:76:
         6c:bc:ff:ba:5c:95:dc:77:b2:64:cb:59:f2:06:87:e1:80:c7:
         b0:f2:30:23:b8:5d:e3:c0:44:9a:57:74:22:44:03:15:9a:35:
         a2:76:00:4d:74:55:bd:6b:7c:ca:92:3c:7c:b0:77:f7:6b:71:
         1f:b0:36:76:36:37:a6:85:38:59:1f:83:12:c2:a1:db:1a:f3:
         b1:c2:2f:c7:87:60:65:d6:1c:c8:16:06:7d:08:de:b5:d7:a6:
         29:d9:9f:da:04:12:c1:b3:52:f1:db:ed:58:aa:06:53:17:c9:
         40:72:00:76:6e:f6:c1:c3:e0:df:1b:da:74:08:67:c9:b3:91:
         da:c1:c8:95:f1:5d:3b:f6:24:8b:63:3a:7d:75:41:43:79:9e:
         fb:c5:2c:08:15:47:60:5e:a6:c9:15:93:97:72:fc:c0:42:eb:
         ae:83:8b:fc:40:9f:8d:64:ed:96:8d:49:ab:73:e0:17:13:13:
         38:f1:3d:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EG1B7EpnOPXSLAyTbSLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwMTAxMTAxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjA2YTRlOTkzN2JlNzIxMzJkZDI4MjFiNTZkNjg2ZTE4ZTM2M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GEOwghhhderkHKjvNuTvWQZiyR3
kRlUa/K+qO8cvN98a5BUk6upPDEfAGuXtCF/gdnefsL6INO8csuzOmXLUrTduNVW
BPnuDzU8944U2HCrRga/ooLIGgZ+p6zv9M6LW9vpKrTTRwDcicGssX2bFT5emn2R
IeqfHcms3pwfv07VTUPj52oCfpWQRevBA+ro1p1YKRnOH+YeH7sv+mRfcm+8G7Ry
2SjudpKH1jSd00fHZosuu1LkSmXaFZGhUW2O4eVLrgj8kaRCd/sjyMU4HjG+ct92
o6JBTzUwr8VCkQc5H6Gp+t+U6jIXRkUt1D/GOeA6mHu9pONeBAv13kI6ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIGpOmTe+chMt0oIbVtaG4Y42P4MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvNGdhazZaTjc1eUV5M1NnaHRXMW9iaGpqWV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufEKMA0G
CSqGSIb3DQEBCwUAA4IBAQBYgSv/hL1sHSUsEM9iVv+/WkJlPUTqmi5eAx+B5H+y
+Cs5Wwx7sTv4B8GatjwgjFZ8fyQfR0Kg2KJmjgSPuvz+JE3XmpnTfXZsvP+6XJXc
d7Jky1nyBofhgMew8jAjuF3jwESaV3QiRAMVmjWidgBNdFW9a3zKkjx8sHf3a3Ef
sDZ2NjemhThZH4MSwqHbGvOxwi/Hh2Bl1hzIFgZ9CN6116Yp2Z/aBBLBs1Lx2+1Y
qgZTF8lAcgB2bvbBw+DfG9p0CGfJs5HawciV8V079iSLYzp9dUFDeZ77xSwIFUdg
XqbJFZOXcvzAQuuug4v8QJ+NZO2WjUmrc+AXExM48T3G
-----END CERTIFICATE-----