This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/iz9uFkVCxlGkO0q2Vomad-UpEE4.roa
File:                     iz9uFkVCxlGkO0q2Vomad-UpEE4.roa (raw, json)
Hash identifier:          XLZd5kxRdg3ruk3ddoYMA/iZNYl5TZ92R+EdM4jPdmU=
Subject key identifier:   8B:3F:6E:16:45:42:C6:51:A4:3B:4A:B6:56:89:9A:77:E5:29:10:4E
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       019B7C11479C2BBA2097935689FEB41533EC
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/iz9uFkVCxlGkO0q2Vomad-UpEE4.roa
Signing time:             Fri 02 Jan 2026 00:17:45 +0000
ROA not before:           Fri 02 Jan 2026 00:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60781
IP address blocks:        185.221.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 06:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:47:9c:2b:ba:20:97:93:56:89:fe:b4:15:33:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jan  2 00:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b3f6e164542c651a43b4ab656899a77e529104e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:bb:7f:ab:a5:ab:26:c9:8c:22:70:03:29:da:
                    f8:38:70:92:9e:dd:e1:87:32:93:0e:48:11:40:0e:
                    81:6b:5e:b2:a6:8b:2c:ab:84:cd:a6:a8:5e:fa:34:
                    3f:6a:6b:f8:5f:87:21:e1:b7:4d:0d:8f:d7:4f:b0:
                    7d:b6:ba:ea:2f:45:5b:17:bb:ac:2a:5e:23:17:62:
                    56:8b:d2:53:27:dd:35:0f:45:d6:9d:f1:f7:4b:3f:
                    4e:c5:06:2a:c9:27:0b:63:e3:55:28:ae:43:cc:15:
                    e0:fd:f4:87:42:c4:76:de:f6:08:ba:f2:15:15:2a:
                    ed:17:32:9d:6c:d3:e2:98:8d:f0:53:5c:82:18:5b:
                    1e:2c:ca:a0:29:dc:be:ba:03:54:13:b5:4f:9f:5b:
                    17:8a:ae:d4:f1:8d:d9:bf:b8:f8:6d:55:34:72:a3:
                    53:c6:69:8c:14:be:46:0e:7c:c9:c5:2e:ac:66:39:
                    90:8b:e4:8f:d1:4d:3d:dd:4e:96:a7:d6:e6:a4:b1:
                    68:e5:6e:c5:fc:64:3e:35:9d:51:e0:ae:61:d8:af:
                    df:05:1e:5b:01:39:22:39:cf:5a:59:f6:c5:dd:ee:
                    66:1b:17:c8:6a:a0:92:a0:99:5a:9f:c4:32:94:ea:
                    f5:aa:50:61:65:73:d1:50:ae:98:ba:04:94:71:ca:
                    2c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3F:6E:16:45:42:C6:51:A4:3B:4A:B6:56:89:9A:77:E5:29:10:4E
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/iz9uFkVCxlGkO0q2Vomad-UpEE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:ed:7b:b4:ad:12:77:3c:7a:63:f5:75:3b:15:f9:dd:df:58:
         ed:6b:cf:75:99:5e:83:78:40:57:32:1f:2f:92:5a:df:f9:30:
         3f:5f:6c:90:39:1f:d2:83:24:ab:0f:49:98:40:5e:2c:a7:bd:
         8e:d5:d2:a1:d8:50:f7:34:b4:f3:02:fb:0f:e6:ff:ce:b1:5c:
         e6:54:f6:68:1e:40:fe:86:c0:54:61:29:24:4c:b1:5f:2f:c8:
         71:05:94:3d:2b:11:53:75:ec:7d:4c:eb:5a:65:d7:3c:6b:97:
         66:e5:c6:b8:21:13:cb:88:4e:1e:60:7a:b0:47:69:8b:f8:7e:
         81:9e:59:7e:92:fe:18:11:59:e4:66:af:a5:66:29:79:55:58:
         01:8f:8d:79:b7:1c:c1:04:c6:e9:e8:fa:ff:35:06:2f:1a:00:
         fa:48:14:75:04:7f:6f:21:79:67:50:d2:7c:33:43:df:30:13:
         92:1c:57:38:2f:4a:5c:19:7d:81:dd:a7:97:ac:55:46:b5:1d:
         18:d2:e1:7f:3a:02:47:9c:0c:09:33:ad:84:31:61:0a:af:8a:
         77:51:56:b4:7d:f8:88:14:79:c8:d6:ea:df:c2:89:68:1f:94:
         88:5c:f5:3a:19:0c:33:e4:20:62:b3:c7:e5:9b:d0:50:a3:22:
         52:15:9c:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EUecK7ogl5NWif60FTPsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjYwMTAyMDAxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjNmNmUxNjQ1NDJjNjUxYTQzYjRhYjY1Njg5OWE3N2U1MjkxMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7t/q6WrJsmMInADKdr4OHCSnt3h
hzKTDkgRQA6Ba16ypossq4TNpqhe+jQ/amv4X4ch4bdNDY/XT7B9trrqL0VbF7us
Kl4jF2JWi9JTJ901D0XWnfH3Sz9OxQYqyScLY+NVKK5DzBXg/fSHQsR23vYIuvIV
FSrtFzKdbNPimI3wU1yCGFseLMqgKdy+ugNUE7VPn1sXiq7U8Y3Zv7j4bVU0cqNT
xmmMFL5GDnzJxS6sZjmQi+SP0U093U6Wp9bmpLFo5W7F/GQ+NZ1R4K5h2K/fBR5b
ATkiOc9aWfbF3e5mGxfIaqCSoJlan8QylOr1qlBhZXPRUK6YugSUccoseQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIs/bhZFQsZRpDtKtlaJmnflKRBOMB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvaXo5dUZrVkN4bEdrTzBxMlZvbWFkLVVwRUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3aMA0G
CSqGSIb3DQEBCwUAA4IBAQBd7Xu0rRJ3PHpj9XU7Ffnd31jta891mV6DeEBXMh8v
klrf+TA/X2yQOR/SgySrD0mYQF4sp72O1dKh2FD3NLTzAvsP5v/OsVzmVPZoHkD+
hsBUYSkkTLFfL8hxBZQ9KxFTdex9TOtaZdc8a5dm5ca4IRPLiE4eYHqwR2mL+H6B
nll+kv4YEVnkZq+lZil5VVgBj415txzBBMbp6Pr/NQYvGgD6SBR1BH9vIXlnUNJ8
M0PfMBOSHFc4L0pcGX2B3aeXrFVGtR0Y0uF/OgJHnAwJM62EMWEKr4p3UVa0ffiI
FHnI1urfwoloH5SIXPU6GQwz5CBis8flm9BQoyJSFZxi
-----END CERTIFICATE-----