This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/4rItdFCAXyTHzax5zB2EQ6OhwBM.roa
File:                     4rItdFCAXyTHzax5zB2EQ6OhwBM.roa (raw, json)
Hash identifier:          q25Gmt6B02xtO+B5GemXY9TeBKKJKUx9rShQhMwe5HQ=
Subject key identifier:   E2:B2:2D:74:50:80:5F:24:C7:CD:AC:79:CC:1D:84:43:A3:A1:C0:13
Certificate issuer:       /CN=3f947c4fd2396d9edb8bc454405e57558d8b9502
Certificate serial:       019B797E50BA99D0BA10CA5C64F26C3B40D2
Authority key identifier: 3F:94:7C:4F:D2:39:6D:9E:DB:8B:C4:54:40:5E:57:55:8D:8B:95:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/4rItdFCAXyTHzax5zB2EQ6OhwBM.roa
Signing time:             Thu 01 Jan 2026 12:17:59 +0000
ROA not before:           Thu 01 Jan 2026 12:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 09:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:50:ba:99:d0:ba:10:ca:5c:64:f2:6c:3b:40:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f947c4fd2396d9edb8bc454405e57558d8b9502
        Validity
            Not Before: Jan  1 12:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2b22d7450805f24c7cdac79cc1d8443a3a1c013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:29:68:99:a0:53:0b:8c:5b:24:b2:4a:13:d4:
                    99:29:93:59:af:57:0b:27:a7:d9:cf:48:ec:0f:03:
                    b2:a5:3c:9c:65:01:57:1b:61:7b:bb:70:1d:b6:5d:
                    c9:4d:ac:d8:13:36:e9:2b:9a:c4:c3:40:7b:69:a0:
                    18:4e:94:2a:e9:a7:c5:b9:fc:b0:e2:21:01:f7:b3:
                    44:08:33:b9:bc:81:af:95:f0:a8:29:98:48:74:05:
                    1b:3c:11:e0:f4:34:bd:37:fb:dd:c1:a1:88:62:be:
                    53:ec:fc:b6:b8:36:d6:6e:5f:22:54:17:ce:5a:05:
                    66:54:d7:bd:26:c4:d7:96:47:7f:16:a0:af:3b:db:
                    c5:ce:b5:b4:ce:36:58:f0:c8:6c:aa:f9:5c:11:51:
                    c9:69:cd:cc:a1:64:bf:52:3b:73:cc:eb:ab:1e:62:
                    54:5f:42:a2:d4:25:ff:37:37:11:d2:f8:77:f6:2f:
                    35:c5:ff:d6:15:26:ea:a3:ed:e7:77:ed:93:bb:3b:
                    6c:18:97:e0:9a:71:38:d2:31:69:03:50:d2:d8:cb:
                    88:33:86:b6:4d:6e:db:24:69:78:04:ef:20:63:79:
                    7a:c0:be:bc:03:b3:d2:73:93:07:64:bb:3a:d4:a8:
                    a9:26:db:34:06:77:d0:dc:84:0d:e2:11:47:a1:18:
                    e1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B2:2D:74:50:80:5F:24:C7:CD:AC:79:CC:1D:84:43:A3:A1:C0:13
            X509v3 Authority Key Identifier:
                keyid:3F:94:7C:4F:D2:39:6D:9E:DB:8B:C4:54:40:5E:57:55:8D:8B:95:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/4rItdFCAXyTHzax5zB2EQ6OhwBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:9f:ca:11:92:78:3c:7f:73:c2:6c:3a:dd:91:af:a6:d8:ba:
         fb:9c:b4:ff:ba:ee:d2:89:53:be:1c:04:3e:92:ee:e7:7e:12:
         da:70:55:1b:f7:fd:7c:bc:16:a5:46:d7:04:cb:3f:34:b0:95:
         55:a5:af:e5:92:85:c3:81:fa:1f:89:06:01:ca:7c:5f:59:c9:
         39:ba:17:63:ad:71:1d:de:61:72:74:2e:e9:14:e1:9e:a8:f7:
         59:78:74:e9:3a:1d:5f:4b:e3:1e:37:3b:92:47:54:06:10:e6:
         0b:55:02:a7:57:76:af:3d:09:69:e5:d3:b0:00:a4:50:22:c4:
         a2:ef:ee:25:42:68:04:92:c3:8a:d9:14:74:1c:e6:7d:cf:85:
         70:95:fd:d6:e4:ac:36:25:b3:22:ef:de:04:56:3e:48:f0:1d:
         b2:d5:5e:97:da:27:47:1c:25:04:c0:d7:a5:55:97:37:7f:cf:
         18:5a:98:51:4c:62:7d:d5:d2:22:f8:4c:90:b8:84:b4:a4:05:
         39:d1:92:9e:45:87:11:fe:9d:a9:bd:72:d9:aa:bf:05:77:fb:
         fb:f6:07:ff:04:f4:7f:f6:df:da:21:f7:ed:1e:dc:fa:c3:fa:
         e1:59:13:bd:38:b8:18:31:b8:02:f7:f3:16:00:f1:8b:b3:05:
         ab:41:cd:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5flC6mdC6EMpcZPJsO0DSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmOTQ3YzRmZDIzOTZkOWVkYjhiYzQ1NDQwNWU1NzU1OGQ4
Yjk1MDIwHhcNMjYwMTAxMTIxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmIyMmQ3NDUwODA1ZjI0YzdjZGFjNzljYzFkODQ0M2EzYTFjMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlClomaBTC4xbJLJKE9SZKZNZr1cL
J6fZz0jsDwOypTycZQFXG2F7u3Adtl3JTazYEzbpK5rEw0B7aaAYTpQq6afFufyw
4iEB97NECDO5vIGvlfCoKZhIdAUbPBHg9DS9N/vdwaGIYr5T7Py2uDbWbl8iVBfO
WgVmVNe9JsTXlkd/FqCvO9vFzrW0zjZY8MhsqvlcEVHJac3MoWS/UjtzzOurHmJU
X0Ki1CX/NzcR0vh39i81xf/WFSbqo+3nd+2TuztsGJfgmnE40jFpA1DS2MuIM4a2
TW7bJGl4BO8gY3l6wL68A7PSc5MHZLs61KipJts0BnfQ3IQN4hFHoRjhLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKyLXRQgF8kx82secwdhEOjocATMB8GA1UdIwQY
MBaAFD+UfE/SOW2e24vEVEBeV1WNi5UCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDVSOFQ5STViWjdiaThSVVFGNVhWWTJMbFFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOWI0NTAtNzI5ZC00OGRlLWFiOGYt
Y2VjNDBlNDI1MjY0LzEvNHJJdGRGQ0FYeVRIemF4NXpCMkVRNk9od0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kOWI0NTAtNzI5ZC00OGRlLWFiOGYtY2VjNDBlNDI1MjY0
LzEvUDVSOFQ5STViWjdiaThSVVFGNVhWWTJMbFFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQEjMA0G
CSqGSIb3DQEBCwUAA4IBAQCan8oRkng8f3PCbDrdka+m2Lr7nLT/uu7SiVO+HAQ+
ku7nfhLacFUb9/18vBalRtcEyz80sJVVpa/lkoXDgfofiQYBynxfWck5uhdjrXEd
3mFydC7pFOGeqPdZeHTpOh1fS+MeNzuSR1QGEOYLVQKnV3avPQlp5dOwAKRQIsSi
7+4lQmgEksOK2RR0HOZ9z4Vwlf3W5Kw2JbMi794EVj5I8B2y1V6X2idHHCUEwNel
VZc3f88YWphRTGJ91dIi+EyQuIS0pAU50ZKeRYcR/p2pvXLZqr8Fd/v79gf/BPR/
9t/aIfftHtz6w/rhWRO9OLgYMbgC9/MWAPGLswWrQc3Q
-----END CERTIFICATE-----