This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/4bNlVON9xCdsARp_CZ5ll0ht23Q.roa
File:                     4bNlVON9xCdsARp_CZ5ll0ht23Q.roa (raw, json)
Hash identifier:          r8pI01bxr501PmXiSeH2G+Xx+qveym+0Uqo3tM8jR6I=
Subject key identifier:   E1:B3:65:54:E3:7D:C4:27:6C:01:1A:7F:09:9E:65:97:48:6D:DB:74
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       019B79EBCDA662DA8E57C34105C7669999A1
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/4bNlVON9xCdsARp_CZ5ll0ht23Q.roa
Signing time:             Thu 01 Jan 2026 14:17:35 +0000
ROA not before:           Thu 01 Jan 2026 14:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44947
IP address blocks:        185.83.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:cd:a6:62:da:8e:57:c3:41:05:c7:66:99:99:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Jan  1 14:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1b36554e37dc4276c011a7f099e6597486ddb74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fb:af:4c:8f:b2:b6:c3:2e:26:60:c5:2d:19:
                    d5:16:ff:c7:fe:82:11:c7:3d:ab:1b:27:76:99:82:
                    b5:f3:92:4c:42:cc:4d:0c:57:bc:e5:16:65:4d:78:
                    aa:f5:2d:e6:a7:aa:5b:fb:25:a1:04:c7:1d:7d:b8:
                    02:0f:27:2d:a4:25:78:66:85:5d:1e:fa:14:6e:ec:
                    37:40:67:cc:c3:cf:17:36:80:9e:77:9c:07:54:30:
                    98:62:c7:ef:d0:c6:8f:4b:3b:64:43:b2:ae:53:8a:
                    ca:4f:a5:c7:a6:da:19:53:ba:e1:7f:bf:ff:3f:06:
                    29:4f:ac:b3:dc:a1:25:d0:bd:b9:e2:51:d2:38:60:
                    33:4e:3e:68:76:ea:bd:09:be:45:56:32:56:2d:3f:
                    63:2c:8e:c1:f5:c5:6a:34:fa:b1:92:53:ae:86:05:
                    b6:56:60:40:dd:a6:fe:b8:c8:c2:d3:45:6a:dd:75:
                    24:c1:dd:27:7d:54:df:8a:d0:11:d5:eb:4b:8d:af:
                    ef:55:62:6b:fd:d5:25:ad:8f:f3:dc:10:de:87:2f:
                    5a:59:18:cc:af:43:f3:ec:90:5a:b4:84:fe:be:b1:
                    b1:11:e2:8b:3c:52:13:02:f7:b2:f1:f3:83:7d:b3:
                    d3:1d:bf:a8:d8:0b:4d:82:1f:3d:51:5b:f9:94:68:
                    97:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B3:65:54:E3:7D:C4:27:6C:01:1A:7F:09:9E:65:97:48:6D:DB:74
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/4bNlVON9xCdsARp_CZ5ll0ht23Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:19:4c:ac:7f:89:75:2a:ab:13:36:8e:b5:d7:bb:5c:bf:6e:
         4c:09:f6:f0:6c:47:f3:5b:2e:71:b4:02:c0:d1:31:19:e8:5d:
         1f:8a:ff:4a:a3:f7:cc:d8:02:2e:16:a6:57:81:94:09:56:67:
         22:69:37:70:a4:a2:5f:ae:de:83:bd:28:8c:71:77:84:c9:9f:
         61:ac:c1:75:60:44:d2:86:eb:5d:56:5b:c9:5d:c1:97:90:c1:
         67:6a:dd:36:7d:7c:34:7a:61:d9:83:29:57:bb:31:93:fb:06:
         cb:44:2f:f0:f6:de:1b:e0:e2:04:63:8d:d7:c5:0e:f7:51:82:
         99:fc:78:0b:44:3d:ce:e3:c5:86:8b:26:47:fc:fa:01:5f:f1:
         24:03:ec:06:d0:9e:89:c8:3a:3c:56:da:a5:26:c8:58:93:32:
         29:8a:17:e3:b2:86:18:79:5e:f5:ab:d0:74:ec:ba:20:cd:a4:
         2a:5e:3a:83:83:15:31:21:aa:c0:17:97:33:ed:59:a5:92:90:
         5f:81:74:86:f1:b2:43:ae:02:69:33:8b:ba:34:93:6c:1a:c4:
         a1:d2:a4:dd:68:9f:7e:9e:95:22:43:5b:ab:6e:36:28:ae:d1:
         d5:d7:df:5a:e9:b2:b0:08:22:9b:7f:47:e5:35:2a:71:65:2c:
         78:06:c9:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5682mYtqOV8NBBcdmmZmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjYwMTAxMTQxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWIzNjU1NGUzN2RjNDI3NmMwMTFhN2YwOTllNjU5NzQ4NmRkYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvuvTI+ytsMuJmDFLRnVFv/H/oIR
xz2rGyd2mYK185JMQsxNDFe85RZlTXiq9S3mp6pb+yWhBMcdfbgCDyctpCV4ZoVd
HvoUbuw3QGfMw88XNoCed5wHVDCYYsfv0MaPSztkQ7KuU4rKT6XHptoZU7rhf7//
PwYpT6yz3KEl0L254lHSOGAzTj5oduq9Cb5FVjJWLT9jLI7B9cVqNPqxklOuhgW2
VmBA3ab+uMjC00Vq3XUkwd0nfVTfitAR1etLja/vVWJr/dUlrY/z3BDehy9aWRjM
r0Pz7JBatIT+vrGxEeKLPFITAvey8fODfbPTHb+o2AtNgh89UVv5lGiX3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGzZVTjfcQnbAEafwmeZZdIbdt0MB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvNGJObFZPTjl4Q2RzQVJwX0NaNWxsMGh0MjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVO2MA0G
CSqGSIb3DQEBCwUAA4IBAQBiGUysf4l1KqsTNo6117tcv25MCfbwbEfzWy5xtALA
0TEZ6F0fiv9Ko/fM2AIuFqZXgZQJVmciaTdwpKJfrt6DvSiMcXeEyZ9hrMF1YETS
hutdVlvJXcGXkMFnat02fXw0emHZgylXuzGT+wbLRC/w9t4b4OIEY43XxQ73UYKZ
/HgLRD3O48WGiyZH/PoBX/EkA+wG0J6JyDo8VtqlJshYkzIpihfjsoYYeV71q9B0
7LogzaQqXjqDgxUxIarAF5cz7VmlkpBfgXSG8bJDrgJpM4u6NJNsGsSh0qTdaJ9+
npUiQ1urbjYortHV199a6bKwCCKbf0flNSpxZSx4BskX
-----END CERTIFICATE-----