This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/m4ddTK804isbAZwCK7aJ6EBhPpU.roa
File:                     m4ddTK804isbAZwCK7aJ6EBhPpU.roa (raw, json)
Hash identifier:          7StX8F57GxKb2pQJDMDon9e+sgj78negT0fCwKTunA8=
Subject key identifier:   9B:87:5D:4C:AF:34:E2:2B:1B:01:9C:02:2B:B6:89:E8:40:61:3E:95
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       019B78A31BEC7E6766BBE54EE52AC8091A2A
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/m4ddTK804isbAZwCK7aJ6EBhPpU.roa
Signing time:             Thu 01 Jan 2026 08:18:34 +0000
ROA not before:           Thu 01 Jan 2026 08:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213546
IP address blocks:        185.224.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:1b:ec:7e:67:66:bb:e5:4e:e5:2a:c8:09:1a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Jan  1 08:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b875d4caf34e22b1b019c022bb689e840613e95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:8e:c5:f8:5b:d9:53:6d:08:d9:00:a8:88:b9:
                    d3:2c:a8:47:08:11:53:20:c2:ff:04:83:ce:3e:a9:
                    cc:d2:bb:2a:c5:b3:b8:a9:3c:8a:85:de:aa:01:4e:
                    6e:06:1f:4e:b3:02:ba:81:53:62:a9:0d:4c:3f:5f:
                    2d:66:55:8b:2a:5f:5a:30:c5:c5:5d:a8:6c:3c:2c:
                    0c:7a:8c:1d:d3:7e:c0:6c:c2:c9:2e:d6:50:97:39:
                    5b:24:b3:91:dc:cb:de:58:eb:fa:69:16:5b:98:4f:
                    ba:73:fb:58:88:cb:62:5d:1a:e1:b1:6b:5f:eb:fa:
                    93:b9:0c:6c:a6:c6:52:39:62:c1:81:39:e9:16:0e:
                    9f:67:66:34:1a:b8:47:b1:b2:6f:6f:fa:19:74:0c:
                    87:6b:2b:71:df:9a:2e:99:1b:02:1b:e5:0b:bd:ae:
                    0f:ff:15:88:b1:7e:82:cd:22:22:0c:1e:a6:62:43:
                    45:3f:4d:fb:c1:4a:d9:72:bc:ee:dc:34:f5:e9:d9:
                    a9:f8:d0:cf:a9:3b:3d:37:89:4f:84:22:41:da:1c:
                    55:5a:62:08:09:98:47:76:23:8a:46:53:57:19:d5:
                    7c:44:df:97:44:e2:0b:ce:32:81:34:6d:b0:0d:2c:
                    30:d6:35:51:ba:70:55:5f:71:05:e8:d8:c2:6c:f8:
                    f4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:87:5D:4C:AF:34:E2:2B:1B:01:9C:02:2B:B6:89:E8:40:61:3E:95
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/m4ddTK804isbAZwCK7aJ6EBhPpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:02:fc:91:58:5f:15:e3:d5:24:d7:e0:27:3a:d2:43:b5:6e:
         ec:df:da:54:7c:fd:5e:c3:2a:08:04:64:57:fd:27:d6:73:53:
         72:fe:2b:63:6b:56:ba:25:f4:0d:f8:9e:24:f0:c9:5d:61:a8:
         9f:6b:87:cb:90:f7:1f:ca:a4:8d:1d:d7:a0:7e:ca:5a:7b:59:
         6e:ba:d5:43:d5:e9:ce:b1:48:96:4e:d7:81:a6:d1:f1:70:ea:
         eb:b5:6d:8a:fd:15:79:ec:c1:5f:33:47:73:00:d6:9e:2a:75:
         46:f3:dd:3d:e7:c8:1a:6f:f0:88:93:d3:e6:38:9f:a5:a1:e6:
         0c:54:39:6e:4d:d2:5a:f7:21:ef:98:68:85:a8:ed:38:c8:f9:
         49:4a:3d:4b:03:b2:8f:91:4d:2d:b2:ef:95:5e:44:8f:a8:8d:
         8f:c7:fc:f8:cc:2d:ba:4f:fe:41:5c:5b:54:ae:05:6a:4c:a3:
         00:e8:47:66:e3:6a:ae:e6:da:03:45:04:b4:aa:38:a9:60:9a:
         30:52:87:0f:4e:a8:56:fd:02:ff:bb:f1:71:31:f9:4f:58:6a:
         36:7f:a0:f9:41:6a:85:8d:db:04:ac:38:b1:ce:ce:ca:81:46:
         58:72:5f:4c:81:8c:38:cf:10:52:ca:65:93:2c:cc:1c:41:d7:
         27:9f:bf:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oxvsfmdmu+VO5SrICRoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjYwMTAxMDgxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg3NWQ0Y2FmMzRlMjJiMWIwMTljMDIyYmI2ODllODQwNjEzZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz47F+FvZU20I2QCoiLnTLKhHCBFT
IML/BIPOPqnM0rsqxbO4qTyKhd6qAU5uBh9OswK6gVNiqQ1MP18tZlWLKl9aMMXF
XahsPCwMeowd037AbMLJLtZQlzlbJLOR3MveWOv6aRZbmE+6c/tYiMtiXRrhsWtf
6/qTuQxspsZSOWLBgTnpFg6fZ2Y0GrhHsbJvb/oZdAyHaytx35oumRsCG+ULva4P
/xWIsX6CzSIiDB6mYkNFP037wUrZcrzu3DT16dmp+NDPqTs9N4lPhCJB2hxVWmII
CZhHdiOKRlNXGdV8RN+XROILzjKBNG2wDSww1jVRunBVX3EF6NjCbPj00QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuHXUyvNOIrGwGcAiu2iehAYT6VMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvbTRkZFRLODA0aXNiQVp3Q0s3YUo2RUJoUHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueDbMA0G
CSqGSIb3DQEBCwUAA4IBAQBSAvyRWF8V49Uk1+AnOtJDtW7s39pUfP1ewyoIBGRX
/SfWc1Ny/itja1a6JfQN+J4k8MldYaifa4fLkPcfyqSNHdegfspae1luutVD1enO
sUiWTteBptHxcOrrtW2K/RV57MFfM0dzANaeKnVG890958gab/CIk9PmOJ+loeYM
VDluTdJa9yHvmGiFqO04yPlJSj1LA7KPkU0tsu+VXkSPqI2Px/z4zC26T/5BXFtU
rgVqTKMA6Edm42qu5toDRQS0qjipYJowUocPTqhW/QL/u/FxMflPWGo2f6D5QWqF
jdsErDixzs7KgUZYcl9MgYw4zxBSymWTLMwcQdcnn79s
-----END CERTIFICATE-----