This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/07sEtYgDD4P8DDdRCKN5iG4AMmY.roa
File:                     07sEtYgDD4P8DDdRCKN5iG4AMmY.roa (raw, json)
Hash identifier:          1D7e4u6dPSbKGI3tO20WfhKAQ8qfjqNxZrP0FvNTv4I=
Subject key identifier:   D3:BB:04:B5:88:03:0F:83:FC:0C:37:51:08:A3:79:88:6E:00:32:66
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019B78A2323BDA78E4FD54EDD5F0897FEF48
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/07sEtYgDD4P8DDdRCKN5iG4AMmY.roa
Signing time:             Thu 01 Jan 2026 08:17:34 +0000
ROA not before:           Thu 01 Jan 2026 08:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211211
IP address blocks:        185.23.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 11:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:32:3b:da:78:e4:fd:54:ed:d5:f0:89:7f:ef:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jan  1 08:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3bb04b588030f83fc0c375108a379886e003266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:80:c2:df:59:e8:5e:10:97:5b:49:75:f7:78:
                    80:dd:f0:c8:63:64:96:07:7a:0f:f5:99:79:d3:cc:
                    2f:32:b9:98:40:9b:87:c7:72:86:71:fa:e0:d7:c0:
                    2d:8f:9a:cc:3f:0d:21:5d:34:0d:c7:50:12:8a:e5:
                    4b:7a:55:ab:f0:54:8d:92:bd:9f:a3:e8:7a:0a:2d:
                    a5:b6:9b:1e:79:15:d2:01:43:56:b1:b0:d7:b0:7e:
                    b7:05:a1:a4:94:a5:50:8b:c9:16:fd:80:4d:be:f6:
                    8c:8a:d2:c5:79:71:28:46:31:f9:d2:e0:ae:be:ec:
                    a2:16:0d:b5:85:18:8c:de:ea:d6:c7:2c:75:71:71:
                    86:61:87:44:49:77:d8:f9:f6:cf:26:38:09:45:fb:
                    26:57:5a:7b:bd:09:3d:f0:7f:6d:d2:ac:d6:6e:af:
                    73:a5:94:90:37:6f:ae:24:5b:ec:a4:3d:fd:7a:02:
                    e6:da:61:6a:ca:cd:f4:dc:04:3e:5e:98:cf:19:9b:
                    3f:4a:57:08:c9:ba:3d:c6:72:80:14:ba:53:c7:d4:
                    da:06:3f:af:e7:56:12:79:f6:55:f8:8a:6d:d0:f7:
                    71:6c:ae:81:7d:60:19:a8:5a:90:1c:fc:7c:81:73:
                    62:b5:92:1d:c6:73:45:de:ba:8f:c4:a6:3b:b5:bd:
                    f0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:BB:04:B5:88:03:0F:83:FC:0C:37:51:08:A3:79:88:6E:00:32:66
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/07sEtYgDD4P8DDdRCKN5iG4AMmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:05:61:62:1e:38:4f:10:a0:26:53:58:b8:be:b2:80:f2:2f:
         a1:6d:36:59:40:ca:3e:88:0d:3a:26:05:3e:dc:0f:a1:15:96:
         a0:5e:79:25:9f:f1:41:e7:e5:22:e8:27:e6:61:15:d7:af:af:
         31:ee:b1:b6:5d:a8:71:92:9f:aa:2e:33:6e:d4:07:5f:8f:b5:
         97:c9:b5:fd:25:99:73:cf:31:af:14:4e:12:a9:34:a2:b6:ed:
         e1:8c:db:64:91:f4:c2:27:83:ec:22:eb:05:6d:92:4e:90:8c:
         f0:c2:99:a9:ae:ee:d2:1c:43:93:0b:4c:9c:52:6d:ea:ed:74:
         21:24:98:cd:dd:24:25:a8:a5:e7:e6:90:94:27:bf:d9:dd:07:
         1f:22:a3:3c:2e:79:cd:f2:54:a1:26:a9:de:31:54:10:3a:af:
         be:1a:98:3d:4b:49:e7:c6:0e:98:55:b8:02:b0:5a:15:2f:bd:
         15:55:ab:f7:71:ef:61:d4:a5:de:19:ba:26:bc:f0:f5:d9:ba:
         fd:56:d2:02:35:be:ab:75:7e:54:35:63:7b:e7:f4:35:e4:56:
         15:6a:d0:db:b4:65:bb:b1:10:f0:d6:16:a6:2d:71:6b:0e:b6:
         33:91:15:4f:48:93:b1:4a:aa:49:7f:de:0a:5c:8d:80:e2:07:
         0c:a2:15:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ojI72njk/VTt1fCJf+9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwMTAxMDgxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2JiMDRiNTg4MDMwZjgzZmMwYzM3NTEwOGEzNzk4ODZlMDAzMjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYDC31noXhCXW0l193iA3fDIY2SW
B3oP9Zl508wvMrmYQJuHx3KGcfrg18Atj5rMPw0hXTQNx1ASiuVLelWr8FSNkr2f
o+h6Ci2ltpseeRXSAUNWsbDXsH63BaGklKVQi8kW/YBNvvaMitLFeXEoRjH50uCu
vuyiFg21hRiM3urWxyx1cXGGYYdESXfY+fbPJjgJRfsmV1p7vQk98H9t0qzWbq9z
pZSQN2+uJFvspD39egLm2mFqys303AQ+XpjPGZs/SlcIybo9xnKAFLpTx9TaBj+v
51YSefZV+Ipt0PdxbK6BfWAZqFqQHPx8gXNitZIdxnNF3rqPxKY7tb3w4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNO7BLWIAw+D/Aw3UQijeYhuADJmMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvMDdzRXRZZ0RENFA4RERkUkNLTjVpRzRBTW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRfsMA0G
CSqGSIb3DQEBCwUAA4IBAQCeBWFiHjhPEKAmU1i4vrKA8i+hbTZZQMo+iA06JgU+
3A+hFZagXnkln/FB5+Ui6CfmYRXXr68x7rG2Xahxkp+qLjNu1Adfj7WXybX9JZlz
zzGvFE4SqTSitu3hjNtkkfTCJ4PsIusFbZJOkIzwwpmpru7SHEOTC0ycUm3q7XQh
JJjN3SQlqKXn5pCUJ7/Z3QcfIqM8LnnN8lShJqneMVQQOq++Gpg9S0nnxg6YVbgC
sFoVL70VVav3ce9h1KXeGbomvPD12br9VtICNb6rdX5UNWN75/Q15FYVatDbtGW7
sRDw1hamLXFrDrYzkRVPSJOxSqpJf94KXI2A4gcMohW1
-----END CERTIFICATE-----