This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/7CXGDptf2okcN_TUuRa0vGLyCaQ.roa
File:                     7CXGDptf2okcN_TUuRa0vGLyCaQ.roa (raw, json)
Hash identifier:          uAwFHhRb6M0iaad5i6SJTir06b/xHTrf77HmrAGNoN0=
Subject key identifier:   EC:25:C6:0E:9B:5F:DA:89:1C:37:F4:D4:B9:16:B4:BC:62:F2:09:A4
Certificate issuer:       /CN=24d470214c69e430f8b385e0936ad960166acdf0
Certificate serial:       019B7C8086B4621EEA6F45ED091DC771A2BD
Authority key identifier: 24:D4:70:21:4C:69:E4:30:F8:B3:85:E0:93:6A:D9:60:16:6A:CD:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/7CXGDptf2okcN_TUuRa0vGLyCaQ.roa
Signing time:             Fri 02 Jan 2026 02:19:16 +0000
ROA not before:           Fri 02 Jan 2026 02:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        213.255.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:20:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:86:b4:62:1e:ea:6f:45:ed:09:1d:c7:71:a2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24d470214c69e430f8b385e0936ad960166acdf0
        Validity
            Not Before: Jan  2 02:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec25c60e9b5fda891c37f4d4b916b4bc62f209a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6b:7e:96:6c:8f:92:b7:c2:42:36:15:99:81:
                    ab:1b:ba:dd:18:ac:5a:36:07:fe:fa:eb:0e:97:a9:
                    07:d7:28:dd:3f:d5:69:84:4b:ad:22:f9:27:d6:c5:
                    7a:ab:e7:be:e5:60:c0:9b:5d:81:66:39:14:fd:82:
                    63:4c:38:39:a7:3c:c1:e7:6c:54:1b:6b:f4:09:d3:
                    47:39:f2:96:ab:3e:f2:48:e7:d0:3b:50:85:7e:6a:
                    b2:4d:dd:32:76:d0:e8:19:c6:06:ae:a8:c4:fd:2e:
                    c5:b7:02:85:7f:0d:44:b2:50:05:d5:72:c2:d2:9a:
                    e9:94:e2:05:09:82:61:45:da:9b:e3:1e:48:8b:4b:
                    f4:92:fc:bb:a4:e4:df:7a:a1:40:b9:4d:76:e1:2b:
                    6a:91:e3:01:7c:1b:f1:8a:18:f1:ad:43:88:6b:36:
                    33:ad:49:8b:51:bd:ef:a3:21:ab:74:3b:c1:d8:41:
                    2c:64:7b:2c:27:80:2e:9b:23:da:c8:57:45:b1:a9:
                    0f:f1:75:d6:5b:a7:84:37:d6:bd:87:30:28:b4:cc:
                    12:f7:6e:26:86:76:9c:4a:41:93:3d:47:f5:18:b1:
                    a7:2c:a9:db:12:43:86:8e:6a:2f:1e:41:c3:a5:1d:
                    ac:66:68:38:1a:2a:4a:66:56:30:a8:82:04:4e:75:
                    62:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:25:C6:0E:9B:5F:DA:89:1C:37:F4:D4:B9:16:B4:BC:62:F2:09:A4
            X509v3 Authority Key Identifier:
                keyid:24:D4:70:21:4C:69:E4:30:F8:B3:85:E0:93:6A:D9:60:16:6A:CD:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/7CXGDptf2okcN_TUuRa0vGLyCaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.255.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:66:85:24:92:91:33:c2:33:1d:14:f6:80:bb:e6:45:ab:44:
         33:ce:48:18:6c:12:3e:81:fd:9f:d8:2a:72:fb:4e:a1:14:f2:
         70:9a:5c:47:ed:6b:5c:b6:b7:5a:3b:1d:c0:c3:59:b8:39:ba:
         5d:7e:86:61:6c:6e:bc:cd:69:3c:7b:55:fb:af:8a:c5:63:ad:
         52:02:16:0e:e3:5d:ec:b8:a9:95:42:16:49:8d:79:d5:64:4d:
         84:39:dc:c8:d0:f4:d7:81:76:52:84:88:1b:67:85:ee:80:41:
         df:2c:d9:1a:ff:77:79:3a:c0:b7:5c:e7:39:e1:85:73:7d:8b:
         a9:31:84:72:e7:e4:6e:18:13:85:d1:7c:f9:de:7c:2c:89:28:
         8f:59:63:5f:ab:c2:7c:e2:a1:95:47:23:87:d7:34:da:a4:51:
         1d:f0:c1:23:1c:e2:9e:88:72:0a:01:3e:4d:7a:87:a0:b6:d4:
         04:00:c4:54:d5:63:75:1e:ec:31:18:af:12:d0:95:a5:4c:ee:
         e2:ed:4c:08:24:51:93:09:30:30:1e:7e:ee:53:bf:5c:57:b6:
         cf:2d:2d:a2:e1:df:d8:69:71:c3:20:c8:92:2e:ba:31:b5:43:
         23:6f:b4:5d:d6:01:be:a8:9e:40:c5:bc:d7:b5:93:aa:76:5b:
         5b:cb:93:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gIa0Yh7qb0XtCR3HcaK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZDQ3MDIxNGM2OWU0MzBmOGIzODVlMDkzNmFkOTYwMTY2
YWNkZjAwHhcNMjYwMTAyMDIxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzI1YzYwZTliNWZkYTg5MWMzN2Y0ZDRiOTE2YjRiYzYyZjIwOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGt+lmyPkrfCQjYVmYGrG7rdGKxa
Ngf++usOl6kH1yjdP9VphEutIvkn1sV6q+e+5WDAm12BZjkU/YJjTDg5pzzB52xU
G2v0CdNHOfKWqz7ySOfQO1CFfmqyTd0ydtDoGcYGrqjE/S7FtwKFfw1EslAF1XLC
0prplOIFCYJhRdqb4x5Ii0v0kvy7pOTfeqFAuU124StqkeMBfBvxihjxrUOIazYz
rUmLUb3voyGrdDvB2EEsZHssJ4AumyPayFdFsakP8XXWW6eEN9a9hzAotMwS924m
hnacSkGTPUf1GLGnLKnbEkOGjmovHkHDpR2sZmg4GipKZlYwqIIETnVi/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwlxg6bX9qJHDf01LkWtLxi8gmkMB8GA1UdIwQY
MBaAFCTUcCFMaeQw+LOF4JNq2WAWas3wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk5Sd0lVeHA1REQ0czRYZ2syclpZQlpxemZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xYjk2MzctMjc5NS00ZTdjLWIzM2Yt
ZTI4Mjk1ZTU0YzNjLzEvN0NYR0RwdGYyb2tjTl9UVXVSYTB2R0x5Q2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xYjk2MzctMjc5NS00ZTdjLWIzM2YtZTI4Mjk1ZTU0YzNj
LzEvSk5Sd0lVeHA1REQ0czRYZ2syclpZQlpxemZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f/OMA0G
CSqGSIb3DQEBCwUAA4IBAQCLZoUkkpEzwjMdFPaAu+ZFq0QzzkgYbBI+gf2f2Cpy
+06hFPJwmlxH7WtctrdaOx3Aw1m4ObpdfoZhbG68zWk8e1X7r4rFY61SAhYO413s
uKmVQhZJjXnVZE2EOdzI0PTXgXZShIgbZ4XugEHfLNka/3d5OsC3XOc54YVzfYup
MYRy5+RuGBOF0Xz53nwsiSiPWWNfq8J84qGVRyOH1zTapFEd8MEjHOKeiHIKAT5N
eoegttQEAMRU1WN1HuwxGK8S0JWlTO7i7UwIJFGTCTAwHn7uU79cV7bPLS2i4d/Y
aXHDIMiSLroxtUMjb7Rd1gG+qJ5AxbzXtZOqdltby5O6
-----END CERTIFICATE-----