This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/4io-REhzFRxPhNR2ODLWtq5-pVg.roa
File:                     4io-REhzFRxPhNR2ODLWtq5-pVg.roa (raw, json)
Hash identifier:          wvYJq+OJ0yBLuz2nx1cnZCl0Nf5x5+pis6cfSb4TkHk=
Subject key identifier:   E2:2A:3E:44:48:73:15:1C:4F:84:D4:76:38:32:D6:B6:AE:7E:A5:58
Certificate issuer:       /CN=ce704858b643266f7c7107721c98f2ba93dd5265
Certificate serial:       019B797F0338921BC9BCC4217ACC0F0DC3A3
Authority key identifier: CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/4io-REhzFRxPhNR2ODLWtq5-pVg.roa
Signing time:             Thu 01 Jan 2026 12:18:45 +0000
ROA not before:           Thu 01 Jan 2026 12:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        185.200.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:03:38:92:1b:c9:bc:c4:21:7a:cc:0f:0d:c3:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce704858b643266f7c7107721c98f2ba93dd5265
        Validity
            Not Before: Jan  1 12:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e22a3e444873151c4f84d4763832d6b6ae7ea558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:86:02:35:36:ac:18:33:b7:d0:2c:c4:01:9f:
                    ae:4d:f0:26:94:2b:ea:48:a2:86:28:34:79:1c:cd:
                    67:07:16:b7:99:69:3a:93:82:7a:75:ab:fa:0b:20:
                    cc:63:8e:54:c4:94:c3:41:c3:58:c4:72:f1:87:dd:
                    53:2b:6a:5c:10:6e:01:ba:7d:cf:81:c1:b7:0c:a4:
                    c8:91:36:d0:cd:0d:23:76:5a:c4:54:53:4f:3c:c4:
                    97:61:69:70:4c:0d:c4:79:78:f4:4a:03:b6:b6:1b:
                    8c:8a:c8:31:53:76:d9:d0:51:ca:96:1a:92:73:66:
                    6e:94:cb:0a:65:3b:47:fd:9d:40:72:23:9a:93:18:
                    65:d0:49:08:ae:72:36:ec:66:d4:93:c3:d7:44:f6:
                    fc:8c:c7:ad:bf:fc:0d:89:8b:32:ce:79:a5:83:cb:
                    1e:cc:ac:7c:d5:d6:13:c6:ea:4a:11:69:f8:bc:f6:
                    ff:43:03:68:05:e4:68:16:ae:cb:4d:96:25:86:c2:
                    9f:1d:6a:56:82:05:99:4c:0b:59:d0:ad:6c:61:a2:
                    af:d9:76:34:11:83:0e:77:84:55:f7:2c:a7:a4:2e:
                    5f:8d:38:b3:e8:b0:37:1c:d7:7c:41:ec:f8:5a:f5:
                    94:6f:f3:92:e4:e1:3c:93:c1:e8:8d:01:90:51:ad:
                    f9:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2A:3E:44:48:73:15:1C:4F:84:D4:76:38:32:D6:B6:AE:7E:A5:58
            X509v3 Authority Key Identifier:
                keyid:CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/4io-REhzFRxPhNR2ODLWtq5-pVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:b3:1b:bc:c0:f7:7c:76:80:38:4a:66:6a:fc:16:43:45:78:
         d2:df:76:66:38:cf:bf:a0:8d:31:d1:08:8a:1a:88:b4:94:40:
         a7:fa:ef:a5:1a:08:79:74:e9:c9:e4:be:3b:86:e4:65:e0:73:
         90:93:5f:dc:0e:6b:73:20:d7:00:76:a0:f8:90:ec:b9:08:9f:
         c2:3d:54:62:a2:39:2e:7f:4c:87:7d:16:fe:1d:f4:88:ae:f4:
         11:3b:45:37:c1:86:1c:e5:c4:42:e8:fd:19:4d:20:1a:50:6a:
         2a:45:8b:6a:3e:b4:15:c6:49:7e:a2:93:ff:58:88:a4:24:bb:
         79:46:4b:38:4a:3b:cb:77:7c:01:ea:d2:a7:a9:af:cf:5b:ca:
         4d:44:70:2f:00:fd:7f:50:36:c4:7c:ef:2f:da:82:0a:c1:b0:
         ea:9f:82:9f:9c:b3:a8:04:8a:cf:24:1f:4b:f3:18:cc:01:1b:
         8d:c4:c7:49:64:99:8b:95:c1:25:32:62:11:6a:08:c5:25:a0:
         88:59:70:9b:03:3b:ce:34:3a:9f:38:4b:e0:8d:03:53:cf:0c:
         e2:fb:fb:28:d7:09:f1:49:35:5d:bf:66:da:e7:7e:69:07:86:
         e6:b5:1f:b2:fe:0e:88:23:b3:2a:d7:0b:60:87:10:ac:cf:f2:
         e4:32:c1:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fwM4khvJvMQheswPDcOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzA0ODU4YjY0MzI2NmY3YzcxMDc3MjFjOThmMmJhOTNk
ZDUyNjUwHhcNMjYwMTAxMTIxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJhM2U0NDQ4NzMxNTFjNGY4NGQ0NzYzODMyZDZiNmFlN2VhNTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34YCNTasGDO30CzEAZ+uTfAmlCvq
SKKGKDR5HM1nBxa3mWk6k4J6dav6CyDMY45UxJTDQcNYxHLxh91TK2pcEG4Bun3P
gcG3DKTIkTbQzQ0jdlrEVFNPPMSXYWlwTA3EeXj0SgO2thuMisgxU3bZ0FHKlhqS
c2ZulMsKZTtH/Z1AciOakxhl0EkIrnI27GbUk8PXRPb8jMetv/wNiYsyznmlg8se
zKx81dYTxupKEWn4vPb/QwNoBeRoFq7LTZYlhsKfHWpWggWZTAtZ0K1sYaKv2XY0
EYMOd4RV9yynpC5fjTiz6LA3HNd8Qez4WvWUb/OS5OE8k8HojQGQUa35VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIqPkRIcxUcT4TUdjgy1raufqVYMB8GA1UdIwQY
MBaAFM5wSFi2QyZvfHEHchyY8rqT3VJlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0Yzkt
MzhmODBkNjk2MWVjLzEvNGlvLVJFaHpGUnhQaE5SMk9ETFd0cTUtcFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0YzktMzhmODBkNjk2MWVj
LzEvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucgMMA0G
CSqGSIb3DQEBCwUAA4IBAQAcsxu8wPd8doA4SmZq/BZDRXjS33ZmOM+/oI0x0QiK
Goi0lECn+u+lGgh5dOnJ5L47huRl4HOQk1/cDmtzINcAdqD4kOy5CJ/CPVRiojku
f0yHfRb+HfSIrvQRO0U3wYYc5cRC6P0ZTSAaUGoqRYtqPrQVxkl+opP/WIikJLt5
Rks4SjvLd3wB6tKnqa/PW8pNRHAvAP1/UDbEfO8v2oIKwbDqn4KfnLOoBIrPJB9L
8xjMARuNxMdJZJmLlcElMmIRagjFJaCIWXCbAzvONDqfOEvgjQNTzwzi+/so1wnx
STVdv2ba535pB4bmtR+y/g6II7Mq1wtghxCsz/LkMsG4
-----END CERTIFICATE-----