This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/cHwQrhBna2lxomTJDkhtmpkhfTU.roa
File:                     cHwQrhBna2lxomTJDkhtmpkhfTU.roa (raw, json)
Hash identifier:          0pTkk47OKi+H2lTtbFgx7fEy5JTDq1MlYtJ8OXb0yNM=
Subject key identifier:   70:7C:10:AE:10:67:6B:69:71:A2:64:C9:0E:48:6D:9A:99:21:7D:35
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019B7FF173D0010F6565E222C1C2B9D39954
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/cHwQrhBna2lxomTJDkhtmpkhfTU.roa
Signing time:             Fri 02 Jan 2026 18:21:28 +0000
ROA not before:           Fri 02 Jan 2026 18:21:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395793
IP address blocks:        147.185.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:73:d0:01:0f:65:65:e2:22:c1:c2:b9:d3:99:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  2 18:21:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=707c10ae10676b6971a264c90e486d9a99217d35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0b:e8:03:a4:b2:ee:cb:68:24:54:68:1a:23:
                    22:bf:c4:e8:81:b0:56:c3:e1:21:b8:9f:c5:c9:35:
                    9d:75:60:35:90:b2:b4:44:e3:71:42:b9:3b:c9:50:
                    1e:ce:ed:34:7c:a0:0b:44:1c:51:7a:09:eb:9c:25:
                    77:71:ce:89:8b:6b:6d:b3:4e:f2:b8:78:0f:32:ac:
                    c3:bc:fd:19:a3:ef:49:66:9a:0b:00:0a:6b:a6:1f:
                    68:6a:ad:19:41:31:54:58:e6:a8:43:34:27:59:35:
                    04:04:43:58:94:45:28:64:df:11:f2:e9:01:3f:e1:
                    c1:be:8d:b2:6d:0e:d9:f2:41:5f:cc:f7:40:de:1b:
                    9b:a4:40:e6:b5:a7:42:ec:60:6d:6b:6c:91:b9:0d:
                    5b:d2:b1:9d:ca:db:ad:b2:be:75:56:4a:3e:ca:d6:
                    3f:bd:fd:ec:2e:d3:62:ab:1a:0f:09:83:40:42:a6:
                    58:d9:66:d6:fe:cf:4e:ca:14:0b:fa:23:22:da:99:
                    71:ed:d6:a4:24:b1:f1:87:3e:5d:1a:67:dc:6b:14:
                    d0:b6:df:0b:b7:15:f2:53:66:34:cf:e6:97:98:fc:
                    91:48:8e:8f:fe:04:2a:b7:3e:da:31:6f:2e:7a:2f:
                    c9:46:d8:de:37:7e:14:d9:ce:5a:54:f8:b4:20:72:
                    71:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:10:AE:10:67:6B:69:71:A2:64:C9:0E:48:6D:9A:99:21:7D:35
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/cHwQrhBna2lxomTJDkhtmpkhfTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a0:2e:21:95:e0:01:e9:65:a0:07:74:d7:74:0f:44:52:60:
         86:89:83:8c:b5:76:dc:1d:a6:d1:3c:32:b2:90:9d:c6:eb:1b:
         08:08:53:8a:f1:5e:85:86:0f:82:da:ad:71:4d:4e:a1:94:11:
         57:7f:7d:61:a0:8c:92:72:b0:1d:80:2e:4d:a1:d5:8f:80:0d:
         46:55:36:c5:e4:43:e9:8a:8e:bf:fc:15:da:92:c3:c2:24:36:
         af:8b:b8:10:36:be:e3:fa:64:2c:e1:51:29:f2:b2:ab:e2:cf:
         09:a5:59:b8:82:7c:a0:55:3e:83:a1:0e:27:db:5b:72:76:27:
         81:16:b5:72:45:78:29:10:8b:0b:22:43:15:bd:d9:f2:c1:1d:
         79:c0:12:ba:dc:79:56:d0:7b:4e:d4:9d:63:e9:16:7b:a8:4f:
         e7:6a:6f:22:e7:4d:cc:c5:54:f1:21:48:f3:a6:39:d6:20:6b:
         2a:d7:ff:04:0a:3b:e7:0b:5c:ef:e4:82:7b:17:5b:82:ae:fd:
         bf:33:16:dd:81:ae:59:92:86:fe:74:a8:77:57:f0:d3:0a:24:
         f4:1d:43:ab:00:45:c6:cb:29:85:d2:71:5e:7f:58:e2:be:09:
         6d:42:91:88:8f:12:0e:17:82:1e:07:08:af:61:62:85:c0:73:
         d1:dc:4e:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8XPQAQ9lZeIiwcK505lUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjYwMTAyMTgyMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdjMTBhZTEwNjc2YjY5NzFhMjY0YzkwZTQ4NmQ5YTk5MjE3ZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAvoA6Sy7stoJFRoGiMiv8TogbBW
w+EhuJ/FyTWddWA1kLK0RONxQrk7yVAezu00fKALRBxRegnrnCV3cc6Ji2tts07y
uHgPMqzDvP0Zo+9JZpoLAAprph9oaq0ZQTFUWOaoQzQnWTUEBENYlEUoZN8R8ukB
P+HBvo2ybQ7Z8kFfzPdA3hubpEDmtadC7GBta2yRuQ1b0rGdytutsr51Vko+ytY/
vf3sLtNiqxoPCYNAQqZY2WbW/s9OyhQL+iMi2plx7dakJLHxhz5dGmfcaxTQtt8L
txXyU2Y0z+aXmPyRSI6P/gQqtz7aMW8uei/JRtjeN34U2c5aVPi0IHJxqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB8EK4QZ2tpcaJkyQ5IbZqZIX01MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvY0h3UXJoQm5hMmx4b21USkRraHRtcGtoZlRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7nPMA0G
CSqGSIb3DQEBCwUAA4IBAQB1oC4hleAB6WWgB3TXdA9EUmCGiYOMtXbcHabRPDKy
kJ3G6xsICFOK8V6Fhg+C2q1xTU6hlBFXf31hoIyScrAdgC5NodWPgA1GVTbF5EPp
io6//BXaksPCJDavi7gQNr7j+mQs4VEp8rKr4s8JpVm4gnygVT6DoQ4n21tydieB
FrVyRXgpEIsLIkMVvdnywR15wBK63HlW0HtO1J1j6RZ7qE/nam8i503MxVTxIUjz
pjnWIGsq1/8ECjvnC1zv5IJ7F1uCrv2/Mxbdga5Zkob+dKh3V/DTCiT0HUOrAEXG
yymF0nFef1jivgltQpGIjxIOF4IeBwivYWKFwHPR3E51
-----END CERTIFICATE-----