This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/4wB5Vx3J3kyGcFmVM0hOKa-agUU.roa
File:                     4wB5Vx3J3kyGcFmVM0hOKa-agUU.roa (raw, json)
Hash identifier:          QUMFn2JOAzkbZ6gtP+0O9ijRO/p8JgNTBxbAEdtK4V0=
Subject key identifier:   E3:00:79:57:1D:C9:DE:4C:86:70:59:95:33:48:4E:29:AF:9A:81:45
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019B76EB158B8125A5D7E228BBE6B8AB52FF
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/4wB5Vx3J3kyGcFmVM0hOKa-agUU.roa
Signing time:             Thu 01 Jan 2026 00:17:56 +0000
ROA not before:           Thu 01 Jan 2026 00:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204464
IP address blocks:        185.248.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:15:8b:81:25:a5:d7:e2:28:bb:e6:b8:ab:52:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 00:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e30079571dc9de4c8670599533484e29af9a8145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:26:ea:57:fa:19:2f:3a:5f:d5:0c:1d:5e:ab:
                    67:5a:4d:bb:36:15:5a:e6:a1:b9:66:f8:f6:ee:63:
                    58:93:6f:76:63:3b:6a:fb:fe:c1:8f:c3:d7:d8:81:
                    15:5d:50:9d:bc:53:c5:c9:04:38:1e:5f:95:9c:af:
                    67:75:de:75:ac:28:bd:02:29:99:3d:17:1e:94:46:
                    ab:30:e9:91:94:7e:07:28:9b:93:2d:e1:3f:f3:5e:
                    90:8d:c2:ee:3c:5b:34:50:25:7a:d3:a8:e1:18:3f:
                    d3:0e:3e:50:c8:29:2b:2f:49:f1:6b:a0:71:ae:48:
                    5d:f9:e9:d8:e9:51:a2:f1:a6:27:54:3e:cc:2c:3f:
                    b3:48:6d:30:b8:55:7a:b8:90:ff:11:eb:f1:74:1d:
                    b2:81:74:68:45:f4:c2:ec:34:6b:e5:76:26:69:e3:
                    ec:bc:1d:1e:d3:c9:e6:c1:38:d8:4c:12:f2:51:ae:
                    3e:5a:d1:6c:94:73:cf:58:31:63:f8:1d:00:60:ec:
                    4b:71:92:55:6d:06:8d:55:b2:e5:48:87:3d:7d:64:
                    5e:78:85:88:63:76:02:d5:78:ef:e7:86:68:e3:a1:
                    c6:3f:ec:b9:07:69:65:89:a6:59:bc:f2:1a:90:96:
                    0a:9c:21:a8:89:d9:00:4f:ee:57:67:7e:00:a8:b8:
                    6f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:00:79:57:1D:C9:DE:4C:86:70:59:95:33:48:4E:29:AF:9A:81:45
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/4wB5Vx3J3kyGcFmVM0hOKa-agUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:12:0f:64:44:35:32:ae:f0:79:d8:ae:bf:3f:71:06:ac:b6:
         a8:0f:d3:25:04:d0:01:d6:46:33:c8:d6:40:80:97:bd:78:6b:
         7c:e7:4e:39:b1:2f:71:04:7f:f5:a3:8a:3e:61:67:57:c0:c7:
         47:db:2e:a1:a6:01:be:ce:e3:77:87:7f:ba:0e:18:d8:e3:95:
         71:ea:8f:92:66:0e:78:ef:32:d7:bc:7e:ae:49:d0:40:de:34:
         9d:7b:b4:0d:f7:b8:5c:6b:fe:2f:1f:8a:75:f6:e0:1d:c5:3f:
         b1:36:b3:13:74:4c:36:95:4e:8c:ac:1c:5b:df:8e:eb:87:ae:
         fa:57:cc:ed:75:11:7e:e3:e3:97:88:c9:7a:78:3c:de:9b:1d:
         17:2d:94:f9:06:30:4b:cc:fd:aa:ff:a2:14:e4:41:51:3d:d6:
         f4:56:09:f0:64:44:4b:f6:81:b8:83:ff:0c:1a:af:8b:30:6b:
         54:3a:42:20:a7:51:36:2a:11:3c:de:aa:bb:15:d1:1b:7b:74:
         12:5b:54:88:1f:d1:b0:4d:be:fd:0b:d4:c5:98:e0:cd:f7:12:
         a2:9f:19:54:ef:56:a3:f2:9c:af:01:a8:41:33:36:27:b4:bd:
         af:01:20:ae:f6:c0:87:b1:7f:70:c8:e7:cb:be:70:18:c9:06:
         3e:0e:23:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26xWLgSWl1+Iou+a4q1L/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwMTAxMDAxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzAwNzk1NzFkYzlkZTRjODY3MDU5OTUzMzQ4NGUyOWFmOWE4MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAribqV/oZLzpf1QwdXqtnWk27NhVa
5qG5Zvj27mNYk292Yztq+/7Bj8PX2IEVXVCdvFPFyQQ4Hl+VnK9ndd51rCi9AimZ
PRcelEarMOmRlH4HKJuTLeE/816QjcLuPFs0UCV606jhGD/TDj5QyCkrL0nxa6Bx
rkhd+enY6VGi8aYnVD7MLD+zSG0wuFV6uJD/EevxdB2ygXRoRfTC7DRr5XYmaePs
vB0e08nmwTjYTBLyUa4+WtFslHPPWDFj+B0AYOxLcZJVbQaNVbLlSIc9fWReeIWI
Y3YC1Xjv54Zo46HGP+y5B2lliaZZvPIakJYKnCGoidkAT+5XZ34AqLhvSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMAeVcdyd5MhnBZlTNITimvmoFFMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvNHdCNVZ4M0oza3lHY0ZtVk0waE9LYS1hZ1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufhgMA0G
CSqGSIb3DQEBCwUAA4IBAQCaEg9kRDUyrvB52K6/P3EGrLaoD9MlBNAB1kYzyNZA
gJe9eGt85045sS9xBH/1o4o+YWdXwMdH2y6hpgG+zuN3h3+6DhjY45Vx6o+SZg54
7zLXvH6uSdBA3jSde7QN97hca/4vH4p19uAdxT+xNrMTdEw2lU6MrBxb347rh676
V8ztdRF+4+OXiMl6eDzemx0XLZT5BjBLzP2q/6IU5EFRPdb0VgnwZERL9oG4g/8M
Gq+LMGtUOkIgp1E2KhE83qq7FdEbe3QSW1SIH9GwTb79C9TFmODN9xKinxlU71aj
8pyvAahBMzYntL2vASCu9sCHsX9wyOfLvnAYyQY+DiMx
-----END CERTIFICATE-----