This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/Ho8BmWtRsGIfoh9TadeITydo350.roa
File:                     Ho8BmWtRsGIfoh9TadeITydo350.roa (raw, json)
Hash identifier:          jhic1+8GxEt2CK46n93QnO3HxEVdv0LVkgGPn/QSDf0=
Subject key identifier:   1E:8F:01:99:6B:51:B0:62:1F:A2:1F:53:69:D7:88:4F:27:68:DF:9D
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       019B7E38716C96440CDAB15CD191E1EE1893
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/Ho8BmWtRsGIfoh9TadeITydo350.roa
Signing time:             Fri 02 Jan 2026 10:19:46 +0000
ROA not before:           Fri 02 Jan 2026 10:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46635
IP address blocks:        185.22.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 19:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:71:6c:96:44:0c:da:b1:5c:d1:91:e1:ee:18:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jan  2 10:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e8f01996b51b0621fa21f5369d7884f2768df9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9e:4b:e6:bf:44:89:d5:58:77:0b:6a:20:0c:
                    9e:d2:04:98:f6:78:33:46:30:b5:a8:b8:aa:2c:bc:
                    ce:3d:33:17:ec:b3:ff:ea:09:76:4d:bf:ed:df:4b:
                    97:1c:03:00:97:a6:02:31:89:b9:cc:f1:d4:bb:2f:
                    e0:6a:b9:ad:18:a9:5a:a3:dc:03:d6:66:2c:f8:51:
                    90:73:2c:83:99:44:07:48:80:4d:14:da:af:64:1c:
                    05:2f:35:a3:73:88:78:38:d9:d1:74:ca:73:b5:bf:
                    42:a6:50:d5:2d:fb:d2:e7:7e:c2:98:c4:c3:6c:ad:
                    80:23:1f:4a:bd:f6:fd:f7:ec:50:ad:44:ed:b5:d2:
                    d1:80:94:17:a5:89:d2:08:cd:41:8a:8a:b7:dc:34:
                    8a:fd:3a:0b:1f:6b:4b:c8:07:2d:ef:3c:ce:90:dd:
                    1d:68:dd:56:dc:8d:dc:db:c4:dc:e5:55:fc:b3:5b:
                    9d:d5:e8:90:1b:2c:c3:3e:68:68:3a:85:d1:a4:e0:
                    d2:55:fd:e8:7f:3a:6d:5b:38:fa:f7:40:a6:a8:ba:
                    b0:5b:6a:38:d0:50:c8:57:e4:29:d1:62:95:7d:dd:
                    28:4b:e0:ab:9c:bb:52:9e:58:3a:3a:30:47:8f:e4:
                    9a:30:6f:67:51:10:22:c4:ed:68:34:7e:d7:54:be:
                    2c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:8F:01:99:6B:51:B0:62:1F:A2:1F:53:69:D7:88:4F:27:68:DF:9D
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/Ho8BmWtRsGIfoh9TadeITydo350.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:57:0a:d0:2f:ce:bd:d9:50:4b:f7:8a:ad:83:73:bf:ca:19:
         60:c4:22:2c:be:9a:f9:a1:2c:00:fb:11:e6:ab:79:49:c2:10:
         f3:7b:4c:b9:4b:9c:bb:e2:c8:46:41:9e:f5:0f:36:e7:37:a2:
         e2:a9:2a:87:09:ef:81:c5:24:cf:24:c5:98:61:98:23:99:46:
         09:0b:72:6b:79:35:4e:4b:4a:3b:b7:05:1c:03:8c:ba:52:2b:
         0a:4e:b4:5b:6c:d7:87:f9:7d:3d:ba:5f:60:1f:e2:1e:13:a8:
         27:ee:e8:8f:dd:d3:86:23:30:da:32:4b:cb:83:6b:82:3c:54:
         93:72:05:20:50:3a:51:98:28:70:19:f2:ce:ac:81:73:22:34:
         e0:1e:77:42:c3:f0:ad:f3:71:71:3a:c7:da:90:17:d2:eb:fc:
         ff:c2:da:a2:5e:6d:2a:18:89:a8:59:ac:55:bd:c7:6c:e5:58:
         e1:90:e3:1e:aa:8f:42:31:ee:db:05:61:51:c4:04:ef:b3:bf:
         c6:2f:04:f7:ff:e6:ed:e3:d5:d9:51:6f:0b:3f:fc:1c:a1:5e:
         90:5c:c3:81:60:20:ba:36:28:ad:e1:c7:17:d7:3e:58:d1:6c:
         21:ce:ab:a6:13:14:ef:3f:2a:ee:50:9e:14:ef:88:3f:7c:ee:
         1d:be:a4:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OHFslkQM2rFc0ZHh7hiTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjYwMTAyMTAxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZThmMDE5OTZiNTFiMDYyMWZhMjFmNTM2OWQ3ODg0ZjI3NjhkZjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ5L5r9EidVYdwtqIAye0gSY9ngz
RjC1qLiqLLzOPTMX7LP/6gl2Tb/t30uXHAMAl6YCMYm5zPHUuy/garmtGKlao9wD
1mYs+FGQcyyDmUQHSIBNFNqvZBwFLzWjc4h4ONnRdMpztb9CplDVLfvS537CmMTD
bK2AIx9Kvfb99+xQrUTttdLRgJQXpYnSCM1Bioq33DSK/ToLH2tLyAct7zzOkN0d
aN1W3I3c28Tc5VX8s1ud1eiQGyzDPmhoOoXRpODSVf3ofzptWzj690CmqLqwW2o4
0FDIV+Qp0WKVfd0oS+CrnLtSnlg6OjBHj+SaMG9nURAixO1oNH7XVL4scQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6PAZlrUbBiH6IfU2nXiE8naN+dMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvSG84Qm1XdFJzR0lmb2g5VGFkZUlUeWRvMzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRYpMA0G
CSqGSIb3DQEBCwUAA4IBAQCxVwrQL8692VBL94qtg3O/yhlgxCIsvpr5oSwA+xHm
q3lJwhDze0y5S5y74shGQZ71DzbnN6LiqSqHCe+BxSTPJMWYYZgjmUYJC3JreTVO
S0o7twUcA4y6UisKTrRbbNeH+X09ul9gH+IeE6gn7uiP3dOGIzDaMkvLg2uCPFST
cgUgUDpRmChwGfLOrIFzIjTgHndCw/Ct83FxOsfakBfS6/z/wtqiXm0qGImoWaxV
vcds5VjhkOMeqo9CMe7bBWFRxATvs7/GLwT3/+bt49XZUW8LP/wcoV6QXMOBYCC6
Niit4ccX1z5Y0WwhzqumExTvPyruUJ4U74g/fO4dvqTd
-----END CERTIFICATE-----