This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/84wKpW8a2FdOFdtJH09XGOkEUps.roa
File:                     84wKpW8a2FdOFdtJH09XGOkEUps.roa (raw, json)
Hash identifier:          1qhPnlo4Dt7J0oeNCr3M9RW7SmJ0MpohWBFUgdLw/U4=
Subject key identifier:   F3:8C:0A:A5:6F:1A:D8:57:4E:15:DB:49:1F:4F:57:18:E9:04:52:9B
Certificate issuer:       /CN=712f9cb3c298b150beb79080376f74bdeac438ac
Certificate serial:       019B77C7501547DF6A4A269B8535EFB96DC7
Authority key identifier: 71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/84wKpW8a2FdOFdtJH09XGOkEUps.roa
Signing time:             Thu 01 Jan 2026 04:18:29 +0000
ROA not before:           Thu 01 Jan 2026 04:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203500
IP address blocks:        185.22.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:50:15:47:df:6a:4a:26:9b:85:35:ef:b9:6d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f9cb3c298b150beb79080376f74bdeac438ac
        Validity
            Not Before: Jan  1 04:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f38c0aa56f1ad8574e15db491f4f5718e904529b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4f:c0:e5:7e:60:d0:15:21:48:00:34:d4:15:
                    35:a8:a9:f3:5a:25:12:fa:6f:45:99:b9:39:b4:31:
                    b1:80:16:68:9f:1f:3c:7c:b5:d7:90:3e:21:8d:15:
                    6b:af:09:aa:40:ac:34:05:31:4b:97:e1:24:aa:68:
                    4c:68:ba:fd:20:9e:dd:9f:e2:17:aa:89:93:1c:f5:
                    89:8a:63:f1:af:74:9a:80:ab:a7:ed:ff:7f:2c:51:
                    f0:c6:15:68:b8:9c:12:50:71:21:1b:be:a4:83:69:
                    41:b3:9d:fa:b6:d1:f0:4e:3b:87:28:63:9e:83:87:
                    0e:3f:27:66:5b:b5:7a:20:a0:6b:72:ed:21:2e:25:
                    b1:b8:54:5b:02:31:46:57:5f:b8:e7:fa:f4:29:5d:
                    f2:62:f8:ff:2a:e6:36:31:12:9d:45:34:a5:70:f5:
                    9e:08:43:f1:18:c2:b2:fe:38:d5:1a:49:04:8f:13:
                    87:db:eb:ed:e1:d0:a7:23:e4:03:cf:a6:8a:b4:c6:
                    12:2b:1b:75:d5:0e:ba:11:09:42:f4:14:cf:c0:2e:
                    27:bb:cc:ed:37:da:3e:c5:96:9a:26:a9:e4:74:f0:
                    4e:3a:7a:4c:12:8f:ff:d1:55:93:76:ac:74:7f:9e:
                    ce:90:f9:a6:14:80:26:d6:f3:27:41:e7:6f:20:b3:
                    16:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8C:0A:A5:6F:1A:D8:57:4E:15:DB:49:1F:4F:57:18:E9:04:52:9B
            X509v3 Authority Key Identifier:
                keyid:71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/84wKpW8a2FdOFdtJH09XGOkEUps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:72:73:f5:da:86:9d:0f:eb:c7:39:75:a6:f5:a4:93:7f:27:
         cd:c0:6f:75:46:48:43:9d:48:c3:40:11:20:15:35:8d:26:4d:
         79:4b:c6:48:64:e9:b1:91:c5:6f:c3:5d:81:a1:d8:66:e6:dc:
         5e:26:c3:27:f6:4c:07:37:02:85:de:e8:cd:6a:19:d8:fd:bb:
         f0:70:0d:06:5f:a1:51:5c:b8:02:62:b0:7f:6f:a7:6f:78:83:
         42:28:dc:38:aa:3f:a6:86:09:c6:65:ff:03:02:c5:a2:09:08:
         4f:c4:ee:a4:ff:91:d9:8a:6a:f7:0b:cf:88:56:e5:ce:87:ee:
         76:a8:15:fa:92:41:ac:83:53:52:da:33:d4:8b:dd:26:cb:b9:
         46:37:a6:a1:07:f3:81:c6:36:35:4d:1d:38:e4:2f:62:24:c8:
         3a:d3:ce:b7:f3:27:16:8f:78:94:70:75:ba:9f:43:e3:87:ac:
         26:86:6b:84:c2:05:bb:68:55:2e:91:2e:c6:25:a1:fe:cd:e8:
         3c:4f:90:15:e2:b2:d8:fb:8d:8b:fe:ed:9c:2c:c6:09:67:c4:
         d7:de:89:c4:12:d1:69:dd:3f:95:fa:8e:9d:b9:7d:23:95:5a:
         67:1e:fa:12:4d:61:05:5e:d2:2e:76:13:5c:53:32:0c:27:72:
         cb:f3:ca:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x1AVR99qSiabhTXvuW3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmY5Y2IzYzI5OGIxNTBiZWI3OTA4MDM3NmY3NGJkZWFj
NDM4YWMwHhcNMjYwMTAxMDQxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzhjMGFhNTZmMWFkODU3NGUxNWRiNDkxZjRmNTcxOGU5MDQ1MjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE/A5X5g0BUhSAA01BU1qKnzWiUS
+m9Fmbk5tDGxgBZonx88fLXXkD4hjRVrrwmqQKw0BTFLl+EkqmhMaLr9IJ7dn+IX
qomTHPWJimPxr3SagKun7f9/LFHwxhVouJwSUHEhG76kg2lBs536ttHwTjuHKGOe
g4cOPydmW7V6IKBrcu0hLiWxuFRbAjFGV1+45/r0KV3yYvj/KuY2MRKdRTSlcPWe
CEPxGMKy/jjVGkkEjxOH2+vt4dCnI+QDz6aKtMYSKxt11Q66EQlC9BTPwC4nu8zt
N9o+xZaaJqnkdPBOOnpMEo//0VWTdqx0f57OkPmmFIAm1vMnQedvILMWcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOMCqVvGthXThXbSR9PVxjpBFKbMB8GA1UdIwQY
MBaAFHEvnLPCmLFQvreQgDdvdL3qxDisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEt
OTg3ZGE0MzkyMDU2LzEvODR3S3BXOGEyRmRPRmR0SkgwOVhHT2tFVXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEtOTg3ZGE0MzkyMDU2
LzEvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRaCMA0G
CSqGSIb3DQEBCwUAA4IBAQBucnP12oadD+vHOXWm9aSTfyfNwG91RkhDnUjDQBEg
FTWNJk15S8ZIZOmxkcVvw12Bodhm5txeJsMn9kwHNwKF3ujNahnY/bvwcA0GX6FR
XLgCYrB/b6dveINCKNw4qj+mhgnGZf8DAsWiCQhPxO6k/5HZimr3C8+IVuXOh+52
qBX6kkGsg1NS2jPUi90my7lGN6ahB/OBxjY1TR045C9iJMg608638ycWj3iUcHW6
n0Pjh6wmhmuEwgW7aFUukS7GJaH+zeg8T5AV4rLY+42L/u2cLMYJZ8TX3onEEtFp
3T+V+o6duX0jlVpnHvoSTWEFXtIudhNcUzIMJ3LL88qW
-----END CERTIFICATE-----