This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4WijXRQsTuAJtSd_hSZYlUqj8lA.roa
File:                     4WijXRQsTuAJtSd_hSZYlUqj8lA.roa (raw, json)
Hash identifier:          cDODijNSh6xud6bY86CXr7OdBhes8GnABNkzt2sQT9E=
Subject key identifier:   E1:68:A3:5D:14:2C:4E:E0:09:B5:27:7F:85:26:58:95:4A:A3:F2:50
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019B77593C90A1DE8C754603EA05470A858D
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4WijXRQsTuAJtSd_hSZYlUqj8lA.roa
Signing time:             Thu 01 Jan 2026 02:18:15 +0000
ROA not before:           Thu 01 Jan 2026 02:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47929
IP address blocks:        185.216.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:3c:90:a1:de:8c:75:46:03:ea:05:47:0a:85:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  1 02:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e168a35d142c4ee009b5277f852658954aa3f250
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d3:0b:2a:d0:df:e2:e5:3e:69:d8:62:48:e7:
                    92:7d:30:7b:0c:4f:9e:92:1b:4b:6b:25:d0:0f:38:
                    90:45:89:ab:cc:ee:f5:4d:2a:e3:0d:f3:4a:3d:96:
                    72:8e:18:fd:99:c6:0b:50:c3:fb:6e:9c:f5:17:c2:
                    83:b8:59:ef:0e:ab:14:d1:1c:ab:de:1a:13:22:9c:
                    5c:92:94:c1:b7:04:09:21:98:d7:38:ed:60:35:0e:
                    d5:79:29:db:cf:1d:51:d3:86:dc:9b:0d:c0:6d:46:
                    41:cf:6e:d3:c4:ce:5a:a0:97:56:7f:a4:28:18:17:
                    dc:a6:20:2b:2c:36:de:47:ad:01:ca:9a:f0:b7:e8:
                    78:36:3b:17:f3:fe:46:9a:8b:a3:33:d8:62:d7:25:
                    3e:4b:af:e0:b0:ea:72:c9:ca:55:b1:42:ca:8a:35:
                    78:c9:47:65:9a:00:d2:a4:a6:45:b4:a0:cf:a4:d4:
                    9a:48:20:bc:5a:d4:08:20:99:dd:6c:6a:fd:80:5a:
                    2d:48:42:46:47:77:91:22:17:ce:03:72:d5:30:89:
                    ed:62:33:66:81:be:3a:c1:ef:bb:50:0b:1d:a9:2e:
                    e7:c9:50:db:34:41:ec:8c:e3:ea:84:89:42:1f:a5:
                    5b:91:79:da:e2:e1:80:dc:bb:1a:60:81:2f:dd:da:
                    00:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:68:A3:5D:14:2C:4E:E0:09:B5:27:7F:85:26:58:95:4A:A3:F2:50
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4WijXRQsTuAJtSd_hSZYlUqj8lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:3f:20:b7:9f:e0:a1:d5:f6:c6:7b:f3:ba:ec:6c:e1:70:8f:
         3c:98:d6:1f:87:5c:a4:8b:25:a9:3a:19:45:cf:ad:bb:a9:51:
         99:d0:dd:46:93:f3:90:14:77:dc:5f:fd:78:54:47:03:eb:34:
         7f:e9:13:41:57:f9:1c:3d:6b:cf:1a:13:71:81:c6:4e:20:d8:
         01:24:d1:f0:b0:94:78:fc:7e:a1:36:55:b2:69:8b:ca:c4:11:
         1f:bc:4c:18:04:15:32:ba:1f:76:04:65:6b:4b:e5:b2:c4:45:
         e4:d1:63:d5:93:07:64:e9:14:96:f6:8e:b1:d5:70:7b:21:1a:
         65:de:d8:c6:cf:6a:75:9b:e0:6b:69:80:99:2d:6c:06:82:5f:
         61:6e:94:48:23:4d:35:0f:01:a4:93:80:87:7d:e9:82:2a:98:
         45:49:31:91:31:7f:b1:3f:56:ff:cd:71:51:f0:88:1b:b0:20:
         84:b4:f4:31:58:c6:10:6c:e4:05:b5:8b:bc:8a:63:f6:28:9c:
         17:55:04:60:bc:6b:f1:3a:84:19:cd:a8:f5:eb:e9:85:f0:37:
         9b:de:e0:3e:68:a1:0d:a4:e5:6a:00:fb:72:ed:2e:e5:6d:c8:
         9e:b9:26:f8:a3:1b:19:8f:03:8a:37:ca:66:99:09:17:c9:72:
         c6:cc:e6:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WTyQod6MdUYD6gVHCoWNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwMTAxMDIxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTY4YTM1ZDE0MmM0ZWUwMDliNTI3N2Y4NTI2NTg5NTRhYTNmMjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNMLKtDf4uU+adhiSOeSfTB7DE+e
khtLayXQDziQRYmrzO71TSrjDfNKPZZyjhj9mcYLUMP7bpz1F8KDuFnvDqsU0Ryr
3hoTIpxckpTBtwQJIZjXOO1gNQ7VeSnbzx1R04bcmw3AbUZBz27TxM5aoJdWf6Qo
GBfcpiArLDbeR60Byprwt+h4NjsX8/5GmoujM9hi1yU+S6/gsOpyycpVsULKijV4
yUdlmgDSpKZFtKDPpNSaSCC8WtQIIJndbGr9gFotSEJGR3eRIhfOA3LVMIntYjNm
gb46we+7UAsdqS7nyVDbNEHsjOPqhIlCH6VbkXna4uGA3LsaYIEv3doAGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFoo10ULE7gCbUnf4UmWJVKo/JQMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvNFdpalhSUXNUdUFKdFNkX2hTWllsVXFqOGxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudjQMA0G
CSqGSIb3DQEBCwUAA4IBAQB1PyC3n+Ch1fbGe/O67GzhcI88mNYfh1ykiyWpOhlF
z627qVGZ0N1Gk/OQFHfcX/14VEcD6zR/6RNBV/kcPWvPGhNxgcZOINgBJNHwsJR4
/H6hNlWyaYvKxBEfvEwYBBUyuh92BGVrS+WyxEXk0WPVkwdk6RSW9o6x1XB7IRpl
3tjGz2p1m+BraYCZLWwGgl9hbpRII001DwGkk4CHfemCKphFSTGRMX+xP1b/zXFR
8IgbsCCEtPQxWMYQbOQFtYu8imP2KJwXVQRgvGvxOoQZzaj16+mF8Deb3uA+aKEN
pOVqAPty7S7lbcieuSb4oxsZjwOKN8pmmQkXyXLGzOY7
-----END CERTIFICATE-----