This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/7ca-yqYFy5zkEtowaK37eO4cWhw.roa
File:                     7ca-yqYFy5zkEtowaK37eO4cWhw.roa (raw, json)
Hash identifier:          qkXi06WNJoj9N2Ed/7Tck+0n8JOBZBK4mD8Jxcj+240=
Subject key identifier:   ED:C6:BE:CA:A6:05:CB:9C:E4:12:DA:30:68:AD:FB:78:EE:1C:5A:1C
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019BB17551F6C00FDE7FF75618CE330A97F3
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/7ca-yqYFy5zkEtowaK37eO4cWhw.roa
Signing time:             Mon 12 Jan 2026 09:06:54 +0000
ROA not before:           Mon 12 Jan 2026 09:06:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137235
IP address blocks:        95.170.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b1:75:51:f6:c0:0f:de:7f:f7:56:18:ce:33:0a:97:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Jan 12 09:06:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edc6becaa605cb9ce412da3068adfb78ee1c5a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1c:d0:b7:a3:71:c7:28:b4:08:bd:10:70:74:
                    5c:c1:8a:dd:03:5e:19:47:f2:8f:67:c8:f1:15:b3:
                    8d:93:fa:75:21:d4:b9:c2:e0:16:b1:47:d3:2b:8f:
                    a3:06:d7:a1:89:76:d1:13:02:45:03:1c:bd:e6:89:
                    fb:4b:b9:71:91:1a:f5:8a:03:6f:bb:68:3d:ee:52:
                    50:f7:6d:8f:a9:41:1b:56:92:e4:59:9f:46:a5:7b:
                    2b:b0:7b:cd:0f:cf:0a:f2:c8:60:98:da:cf:9f:ad:
                    fc:6e:74:40:64:a2:ea:38:47:5d:cb:9f:4d:58:44:
                    c7:2e:50:c8:1f:8d:22:6b:c0:af:69:72:36:26:37:
                    2f:78:17:35:71:e6:cb:7e:c0:5f:f9:c1:48:bd:0d:
                    04:0b:a8:06:eb:82:c6:69:9e:cd:b8:e7:7f:c4:66:
                    02:d4:8a:7b:9d:ff:63:8a:5b:62:80:0c:dc:2d:63:
                    20:e9:e1:6c:58:f4:b1:3a:5e:8a:cf:b3:60:34:4c:
                    34:ba:a3:70:f8:4b:22:0d:dc:d4:4f:d2:3b:65:9c:
                    ee:b7:28:47:69:8f:8d:d4:f2:54:34:7a:fd:58:2c:
                    73:7b:c8:36:06:73:3d:d6:59:97:28:c7:88:0c:e5:
                    ad:ba:b6:f9:85:8c:ac:9b:5e:0e:65:76:9e:05:1d:
                    78:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C6:BE:CA:A6:05:CB:9C:E4:12:DA:30:68:AD:FB:78:EE:1C:5A:1C
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/7ca-yqYFy5zkEtowaK37eO4cWhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:88:0e:e2:92:b1:02:ad:2a:f6:85:14:13:5b:b0:69:b5:9c:
         22:4b:bf:30:43:55:47:7f:4d:ec:78:82:b8:77:33:2a:df:db:
         d2:13:b7:73:ab:0b:84:3f:54:0f:c7:04:59:ec:16:89:54:fa:
         d2:64:d7:68:09:25:1e:19:c6:0e:f5:40:be:a4:81:65:cf:55:
         e2:07:7e:fd:8f:b4:46:ef:30:16:18:76:42:c1:47:1c:b7:09:
         b5:69:c0:96:87:e4:9f:36:2e:6f:e4:99:c8:b7:53:a3:db:92:
         2a:69:df:7d:75:1c:af:bc:c9:b2:6a:81:56:93:f4:aa:d6:b1:
         ce:08:67:e9:ea:40:05:22:78:6a:86:f6:3f:c4:8e:ad:b8:1a:
         90:e5:19:d0:24:0a:c2:cd:68:10:1b:18:46:6f:d6:9f:e6:48:
         4e:34:99:60:a1:32:a6:6b:12:fe:14:b9:99:e7:e3:4e:7a:f3:
         a5:ed:95:4a:16:b6:fa:0d:2e:1c:c7:0c:ad:1f:fb:3b:67:b8:
         76:ff:f3:18:66:f8:d8:ee:aa:8a:ff:cb:76:30:90:8f:e9:30:
         49:85:35:3c:4d:87:72:94:d2:88:9c:f7:89:ee:7b:ee:ed:91:
         c7:e9:f8:25:b7:f6:a3:2a:a1:cc:b3:18:ee:8c:eb:b1:af:04:
         e9:c5:b2:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuxdVH2wA/ef/dWGM4zCpfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjYwMTEyMDkwNjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM2YmVjYWE2MDVjYjljZTQxMmRhMzA2OGFkZmI3OGVlMWM1YTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4RzQt6Nxxyi0CL0QcHRcwYrdA14Z
R/KPZ8jxFbONk/p1IdS5wuAWsUfTK4+jBtehiXbREwJFAxy95on7S7lxkRr1igNv
u2g97lJQ922PqUEbVpLkWZ9GpXsrsHvND88K8shgmNrPn638bnRAZKLqOEddy59N
WETHLlDIH40ia8CvaXI2JjcveBc1cebLfsBf+cFIvQ0EC6gG64LGaZ7NuOd/xGYC
1Ip7nf9jiltigAzcLWMg6eFsWPSxOl6Kz7NgNEw0uqNw+EsiDdzUT9I7ZZzutyhH
aY+N1PJUNHr9WCxze8g2BnM91lmXKMeIDOWturb5hYysm14OZXaeBR14DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3GvsqmBcuc5BLaMGit+3juHFocMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvN2NhLXlxWUZ5NXprRXRvd2FLMzdlTzRjV2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oUMA0G
CSqGSIb3DQEBCwUAA4IBAQBBiA7ikrECrSr2hRQTW7BptZwiS78wQ1VHf03seIK4
dzMq39vSE7dzqwuEP1QPxwRZ7BaJVPrSZNdoCSUeGcYO9UC+pIFlz1XiB379j7RG
7zAWGHZCwUcctwm1acCWh+SfNi5v5JnIt1Oj25Iqad99dRyvvMmyaoFWk/Sq1rHO
CGfp6kAFInhqhvY/xI6tuBqQ5RnQJArCzWgQGxhGb9af5khONJlgoTKmaxL+FLmZ
5+NOevOl7ZVKFrb6DS4cxwytH/s7Z7h2//MYZvjY7qqK/8t2MJCP6TBJhTU8TYdy
lNKInPeJ7nvu7ZHH6fglt/ajKqHMsxjujOuxrwTpxbLt
-----END CERTIFICATE-----