This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zn8V7zZ8VeyC_lxm4jc8_wGVLz0.roa
File:                     zn8V7zZ8VeyC_lxm4jc8_wGVLz0.roa (raw, json)
Hash identifier:          B5cyTPibhVbreaIUM1/ijDLREkUHT8qqRL7UzeO1dRk=
Subject key identifier:   CE:7F:15:EF:36:7C:55:EC:82:FE:5C:66:E2:37:3C:FF:01:95:2F:3D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C13A56BD100456925A111FF5D9F8D67
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zn8V7zZ8VeyC_lxm4jc8_wGVLz0.roa
Signing time:             Fri 02 Jan 2026 00:20:20 +0000
ROA not before:           Fri 02 Jan 2026 00:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216431
IP address blocks:        185.221.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:a5:6b:d1:00:45:69:25:a1:11:ff:5d:9f:8d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce7f15ef367c55ec82fe5c66e2373cff01952f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:4a:29:f0:90:1f:49:9d:77:cc:20:ff:85:1a:
                    10:67:c6:b1:ed:02:22:7b:da:46:d1:94:43:a2:b0:
                    8a:aa:ed:db:d5:12:a0:f8:59:f9:d8:5c:8e:ec:b7:
                    3d:73:4b:53:92:1f:4b:0a:5b:2b:8c:ff:36:c8:ca:
                    a7:dc:6e:e9:b7:6b:52:41:9e:73:37:2c:7a:d9:33:
                    b0:bc:01:11:1b:b1:e6:2b:33:3f:4b:93:3b:b9:2b:
                    22:01:55:04:6d:00:f4:aa:34:f7:5c:66:dd:4c:09:
                    d8:09:bf:59:d7:b6:8d:3c:96:42:ce:e7:23:bf:4e:
                    a1:ee:d2:ac:3d:ca:e0:11:72:16:69:9f:96:74:39:
                    6a:4a:35:b1:da:e8:eb:48:5d:8c:61:77:4c:4c:a2:
                    6c:e9:cf:64:45:a1:d6:f7:2e:2f:c5:3b:12:81:0d:
                    10:20:36:1d:42:14:c1:5c:bb:a3:cd:3c:ea:f8:ec:
                    58:ab:75:28:e6:84:35:26:2b:79:ae:a1:08:fa:3f:
                    b7:38:21:a3:d2:57:04:89:4e:80:c0:89:03:55:2e:
                    56:cb:fc:72:d1:ef:cb:c5:a3:3f:1a:59:c1:48:2f:
                    1e:bc:eb:45:be:fe:84:ca:dc:0e:6a:6f:17:cf:df:
                    80:61:29:ae:c3:6a:f6:7f:27:1a:9a:f5:d7:e8:e9:
                    ef:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:7F:15:EF:36:7C:55:EC:82:FE:5C:66:E2:37:3C:FF:01:95:2F:3D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zn8V7zZ8VeyC_lxm4jc8_wGVLz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:f1:65:ff:66:b1:53:5c:98:b6:fa:60:66:c3:eb:b0:0e:be:
         6f:61:e5:b9:9a:fa:33:25:31:71:25:2f:87:4a:db:10:bc:80:
         07:ca:ae:7c:2f:f5:7c:71:ad:0f:2e:9e:e8:4c:f6:ea:4a:57:
         a2:18:fa:47:2c:eb:9a:1f:71:1f:c7:0c:42:12:02:24:19:df:
         8e:e7:f1:94:00:dd:49:95:a6:ca:b2:00:8e:09:11:cc:a4:69:
         12:7c:e7:12:ed:84:61:b1:5c:90:9c:ca:c9:60:8b:ef:54:4f:
         6e:15:b8:dd:54:25:9f:d7:85:14:fb:07:e7:4d:87:8c:b5:5d:
         fc:c6:58:23:7c:14:4d:f5:78:ee:9a:de:d1:e3:a9:c6:73:84:
         37:90:52:f0:72:b1:3a:1c:13:ae:83:6c:4f:8a:86:3f:16:ed:
         46:c0:c2:02:0b:69:aa:a6:01:ef:e7:cf:07:57:0c:c5:66:31:
         bf:5e:a9:8c:4c:4d:46:53:30:1a:e3:da:2e:a8:4b:96:7d:cc:
         90:e7:75:dc:75:a2:f4:6d:10:0b:fe:4e:b3:e2:10:6d:a3:5f:
         94:72:86:b2:47:28:0c:ba:d2:e5:74:59:a1:3c:76:2c:3e:ab:
         79:7d:28:80:f1:ac:30:45:36:b8:49:c2:99:3c:bf:cf:74:0b:
         51:cd:48:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E6Vr0QBFaSWhEf9dn41nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTdmMTVlZjM2N2M1NWVjODJmZTVjNjZlMjM3M2NmZjAxOTUyZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30op8JAfSZ13zCD/hRoQZ8ax7QIi
e9pG0ZRDorCKqu3b1RKg+Fn52FyO7Lc9c0tTkh9LClsrjP82yMqn3G7pt2tSQZ5z
Nyx62TOwvAERG7HmKzM/S5M7uSsiAVUEbQD0qjT3XGbdTAnYCb9Z17aNPJZCzucj
v06h7tKsPcrgEXIWaZ+WdDlqSjWx2ujrSF2MYXdMTKJs6c9kRaHW9y4vxTsSgQ0Q
IDYdQhTBXLujzTzq+OxYq3Uo5oQ1Jit5rqEI+j+3OCGj0lcEiU6AwIkDVS5Wy/xy
0e/LxaM/GlnBSC8evOtFvv6EytwOam8Xz9+AYSmuw2r2fycamvXX6Onv2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5/Fe82fFXsgv5cZuI3PP8BlS89MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvem44Vjd6WjhWZXlDX2x4bTRqYzhfd0dWTHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0VMA0G
CSqGSIb3DQEBCwUAA4IBAQBt8WX/ZrFTXJi2+mBmw+uwDr5vYeW5mvozJTFxJS+H
StsQvIAHyq58L/V8ca0PLp7oTPbqSleiGPpHLOuaH3EfxwxCEgIkGd+O5/GUAN1J
labKsgCOCRHMpGkSfOcS7YRhsVyQnMrJYIvvVE9uFbjdVCWf14UU+wfnTYeMtV38
xlgjfBRN9Xjumt7R46nGc4Q3kFLwcrE6HBOug2xPioY/Fu1GwMICC2mqpgHv588H
VwzFZjG/XqmMTE1GUzAa49ouqEuWfcyQ53XcdaL0bRAL/k6z4hBto1+UcoayRygM
utLldFmhPHYsPqt5fSiA8awwRTa4ScKZPL/PdAtRzUiD
-----END CERTIFICATE-----