This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/ISt_Cm9mi8ihjAyxE3N-YOnrclQ.roa
File:                     ISt_Cm9mi8ihjAyxE3N-YOnrclQ.roa (raw, json)
Hash identifier:          XDxiPqOdkF1uFsD4HB/DDPcVZVTS73Tko3hAigtWvL0=
Subject key identifier:   21:2B:7F:0A:6F:66:8B:C8:A1:8C:0C:B1:13:73:7E:60:E9:EB:72:54
Certificate issuer:       /CN=1abc9fb3312a4abf1ddc28518e7608e0ec3275df
Certificate serial:       019B7AC85A16C8738166F622FD63597B0CC4
Authority key identifier: 1A:BC:9F:B3:31:2A:4A:BF:1D:DC:28:51:8E:76:08:E0:EC:32:75:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GryfszEqSr8d3ChRjnYI4Owydd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/ISt_Cm9mi8ihjAyxE3N-YOnrclQ.roa
Signing time:             Thu 01 Jan 2026 18:18:29 +0000
ROA not before:           Thu 01 Jan 2026 18:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57844
IP address blocks:        185.93.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/GryfszEqSr8d3ChRjnYI4Owydd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/GryfszEqSr8d3ChRjnYI4Owydd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GryfszEqSr8d3ChRjnYI4Owydd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:5a:16:c8:73:81:66:f6:22:fd:63:59:7b:0c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1abc9fb3312a4abf1ddc28518e7608e0ec3275df
        Validity
            Not Before: Jan  1 18:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=212b7f0a6f668bc8a18c0cb113737e60e9eb7254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:5c:dd:26:45:18:60:49:bd:02:70:5e:63:a6:
                    1d:5e:4e:52:d0:0c:8d:04:d9:43:8c:6e:a8:24:c3:
                    a7:72:ef:26:ee:6a:4b:d3:4f:9b:26:a1:0e:bf:3f:
                    df:00:9a:07:3a:66:2a:e1:dc:3a:e0:80:6b:5f:d0:
                    27:0e:94:74:7e:5e:42:2e:3d:41:20:a8:83:e1:3c:
                    d1:d0:64:30:ce:25:70:e4:4e:b7:12:08:63:8b:90:
                    4e:9d:2e:dc:bf:39:42:6e:ea:c5:e3:54:7d:e5:a3:
                    23:69:93:f7:8c:e6:a1:e3:72:8e:c8:62:38:7b:23:
                    ea:65:ca:92:fa:bc:0f:d5:b2:64:88:87:d9:1f:90:
                    1f:5e:b3:4a:17:53:fc:07:0a:32:f4:98:a6:76:ed:
                    9f:59:53:f4:95:a3:fd:97:2d:06:c9:ff:57:94:78:
                    64:b2:53:f8:28:d2:ce:9b:62:d2:a9:35:75:cc:d1:
                    2d:c2:54:58:f2:49:49:83:b6:ee:62:fa:b1:6d:ef:
                    59:a8:d5:bb:ce:61:d8:dd:3a:27:22:31:de:4f:71:
                    d8:94:51:dd:f0:6d:bf:1a:28:2a:b2:7f:d0:2a:fc:
                    8b:e8:35:fd:26:c5:15:54:63:40:80:5f:8a:d7:d1:
                    25:1b:c8:5e:e6:c5:44:11:63:bb:c6:6f:c5:32:92:
                    d6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:2B:7F:0A:6F:66:8B:C8:A1:8C:0C:B1:13:73:7E:60:E9:EB:72:54
            X509v3 Authority Key Identifier:
                keyid:1A:BC:9F:B3:31:2A:4A:BF:1D:DC:28:51:8E:76:08:E0:EC:32:75:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GryfszEqSr8d3ChRjnYI4Owydd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/ISt_Cm9mi8ihjAyxE3N-YOnrclQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/26e77f-fa37-4900-a33d-d1d6dea98790/1/GryfszEqSr8d3ChRjnYI4Owydd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b6:e5:b1:86:6c:7a:af:24:bc:e2:bb:8e:73:12:55:39:59:
         6a:14:00:47:39:f0:63:dd:22:98:f7:d6:3e:69:8f:d8:78:18:
         22:fe:76:57:9a:e7:50:58:56:6a:30:54:e2:5b:57:fd:cc:f6:
         e0:1b:59:70:bc:79:d6:06:9e:41:3b:8a:31:65:24:c4:b7:a4:
         9b:69:c0:b5:cd:d1:f0:96:59:1a:a7:10:38:62:f1:f3:45:f8:
         12:bd:c4:4d:9b:ee:b2:92:69:2f:5a:ca:3d:56:94:34:08:c6:
         6b:6f:d1:15:2d:5e:73:7e:69:87:77:ed:a8:79:c2:c3:99:61:
         2b:4c:9b:56:8a:d1:38:d0:bf:c0:7b:0e:56:aa:6d:ca:47:d4:
         2f:24:25:92:b2:bb:b6:62:24:fc:08:7d:70:0d:3e:78:d7:a9:
         5d:b1:fb:65:ad:11:9c:fb:97:61:eb:6a:9b:a6:f6:ee:2c:09:
         07:b3:96:d8:13:e6:08:c4:97:82:b6:23:b3:6d:15:00:a2:2c:
         3b:2d:98:29:5d:07:20:d7:88:3f:4d:b5:59:4f:c8:3c:07:96:
         aa:61:80:38:bb:4b:2c:c9:e4:c2:7d:d3:ef:7a:ab:f9:24:09:
         dc:fd:1b:0e:56:d5:82:09:97:48:3f:13:d4:9c:46:02:3f:80:
         f3:2e:64:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yFoWyHOBZvYi/WNZewzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYmM5ZmIzMzEyYTRhYmYxZGRjMjg1MThlNzYwOGUwZWMz
Mjc1ZGYwHhcNMjYwMTAxMTgxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTJiN2YwYTZmNjY4YmM4YTE4YzBjYjExMzczN2U2MGU5ZWI3MjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFzdJkUYYEm9AnBeY6YdXk5S0AyN
BNlDjG6oJMOncu8m7mpL00+bJqEOvz/fAJoHOmYq4dw64IBrX9AnDpR0fl5CLj1B
IKiD4TzR0GQwziVw5E63Eghji5BOnS7cvzlCburF41R95aMjaZP3jOah43KOyGI4
eyPqZcqS+rwP1bJkiIfZH5AfXrNKF1P8Bwoy9Jimdu2fWVP0laP9ly0Gyf9XlHhk
slP4KNLOm2LSqTV1zNEtwlRY8klJg7buYvqxbe9ZqNW7zmHY3TonIjHeT3HYlFHd
8G2/Gigqsn/QKvyL6DX9JsUVVGNAgF+K19ElG8he5sVEEWO7xm/FMpLWzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCErfwpvZovIoYwMsRNzfmDp63JUMB8GA1UdIwQY
MBaAFBq8n7MxKkq/HdwoUY52CODsMnXfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3J5ZnN6RXFTcjhkM0NoUmpuWUk0T3d5ZGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8yNmU3N2YtZmEzNy00OTAwLWEzM2Qt
ZDFkNmRlYTk4NzkwLzEvSVN0X0NtOW1pOGloakF5eEUzTi1ZT25yY2xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8yNmU3N2YtZmEzNy00OTAwLWEzM2QtZDFkNmRlYTk4Nzkw
LzEvR3J5ZnN6RXFTcjhkM0NoUmpuWUk0T3d5ZGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1HMA0G
CSqGSIb3DQEBCwUAA4IBAQBytuWxhmx6ryS84ruOcxJVOVlqFABHOfBj3SKY99Y+
aY/YeBgi/nZXmudQWFZqMFTiW1f9zPbgG1lwvHnWBp5BO4oxZSTEt6SbacC1zdHw
llkapxA4YvHzRfgSvcRNm+6ykmkvWso9VpQ0CMZrb9EVLV5zfmmHd+2oecLDmWEr
TJtWitE40L/Aew5Wqm3KR9QvJCWSsru2YiT8CH1wDT5416ldsftlrRGc+5dh62qb
pvbuLAkHs5bYE+YIxJeCtiOzbRUAoiw7LZgpXQcg14g/TbVZT8g8B5aqYYA4u0ss
yeTCfdPveqv5JAnc/RsOVtWCCZdIPxPUnEYCP4DzLmQr
-----END CERTIFICATE-----