This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/7NvDrma6r6gB3hHNw0Vi2Vzvyhs.roa
File:                     7NvDrma6r6gB3hHNw0Vi2Vzvyhs.roa (raw, json)
Hash identifier:          ISxkma2rRuPPt+U4h7db2Z80Qilt+neqVoaxwbxMhHg=
Subject key identifier:   EC:DB:C3:AE:66:BA:AF:A8:01:DE:11:CD:C3:45:62:D9:5C:EF:CA:1B
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       019B7910AA6BD8EA48EC891B565633AB728B
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/7NvDrma6r6gB3hHNw0Vi2Vzvyhs.roa
Signing time:             Thu 01 Jan 2026 10:18:13 +0000
ROA not before:           Thu 01 Jan 2026 10:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        85.11.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:aa:6b:d8:ea:48:ec:89:1b:56:56:33:ab:72:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Jan  1 10:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ecdbc3ae66baafa801de11cdc34562d95cefca1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9c:65:13:d6:c9:da:3d:db:77:dd:07:24:9e:
                    df:c2:18:83:c1:0d:d6:70:11:f5:8b:d1:17:b9:47:
                    1e:ed:e5:71:4b:bb:72:62:d8:bb:9c:41:88:6c:e7:
                    1f:65:dd:b5:ea:c2:1f:6d:78:8f:b3:79:8f:71:ed:
                    44:e6:d8:9b:d0:70:f4:27:6f:c6:f2:3e:01:5c:2c:
                    8b:1b:58:f9:64:de:51:0b:df:7a:c5:65:31:06:ce:
                    1a:a7:00:75:94:47:17:19:6b:a9:a6:24:74:14:a2:
                    a9:03:3c:44:6c:6b:83:ee:f7:fb:db:a5:d2:da:3f:
                    98:90:7e:8c:a9:fb:19:a8:0e:9b:09:3e:bc:80:f8:
                    9e:a5:76:79:40:e2:2d:35:bf:b2:23:ed:70:81:6c:
                    c1:d8:87:72:5c:4d:a0:5a:e3:29:de:bc:3b:96:7d:
                    f0:e2:8d:19:23:e5:ae:4e:94:b4:7b:fe:a5:01:e5:
                    56:44:77:e8:27:ed:35:67:5a:37:74:ce:08:ef:66:
                    bf:18:55:2f:22:36:c1:58:b6:14:87:80:75:92:01:
                    e4:e5:44:7f:a4:ee:0c:87:f3:49:e2:3f:82:01:b7:
                    a3:aa:1d:cb:fd:4c:31:af:38:1b:fc:ab:95:46:a0:
                    a6:3a:f5:81:f4:48:01:9f:5c:ed:20:f7:d5:35:2d:
                    70:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:DB:C3:AE:66:BA:AF:A8:01:DE:11:CD:C3:45:62:D9:5C:EF:CA:1B
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/7NvDrma6r6gB3hHNw0Vi2Vzvyhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:86:31:c4:39:85:93:b1:8e:01:0a:36:76:a6:98:36:e4:42:
         0a:fd:5e:45:d6:89:fe:a7:86:47:b5:c5:b6:e9:db:ce:b3:c3:
         95:06:8b:b1:df:c8:a1:13:44:a6:2b:cb:22:d9:2f:bb:73:f0:
         cc:10:1a:1c:47:8d:46:f4:ae:d1:d0:32:98:1b:41:1a:ee:c7:
         81:d9:ab:a3:25:5b:2e:9f:11:37:95:77:ed:0d:c8:35:fc:ee:
         bc:eb:e8:9b:e1:8a:bb:4f:6d:24:93:ea:4b:bb:0f:bc:e2:7e:
         85:1f:6c:ee:82:5d:9e:55:de:12:bb:74:1e:81:79:d8:ee:29:
         37:41:df:9a:d3:cd:3f:02:4f:3c:6b:83:31:90:b5:22:80:d9:
         bd:d4:46:5d:16:db:76:b9:93:15:c8:15:56:e7:db:65:9a:9f:
         a3:10:31:35:36:8a:87:38:cc:58:6f:43:0f:0c:5b:e8:6a:79:
         79:75:f8:c1:42:c6:e1:12:36:ba:2b:42:21:65:2e:56:eb:7c:
         1a:13:32:ac:b7:d6:ca:db:4c:2a:25:c2:a3:8d:cd:0f:80:61:
         90:1d:32:82:53:65:f6:fa:4d:e8:fa:f7:95:da:40:5f:ed:4c:
         31:e5:53:4c:e7:27:da:60:ec:a3:19:cb:24:8c:13:54:3c:3b:
         5e:ec:f9:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EKpr2OpI7IkbVlYzq3KLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjYwMTAxMTAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2RiYzNhZTY2YmFhZmE4MDFkZTExY2RjMzQ1NjJkOTVjZWZjYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZxlE9bJ2j3bd90HJJ7fwhiDwQ3W
cBH1i9EXuUce7eVxS7tyYti7nEGIbOcfZd216sIfbXiPs3mPce1E5tib0HD0J2/G
8j4BXCyLG1j5ZN5RC996xWUxBs4apwB1lEcXGWuppiR0FKKpAzxEbGuD7vf726XS
2j+YkH6MqfsZqA6bCT68gPiepXZ5QOItNb+yI+1wgWzB2IdyXE2gWuMp3rw7ln3w
4o0ZI+WuTpS0e/6lAeVWRHfoJ+01Z1o3dM4I72a/GFUvIjbBWLYUh4B1kgHk5UR/
pO4Mh/NJ4j+CAbejqh3L/Uwxrzgb/KuVRqCmOvWB9EgBn1ztIPfVNS1wgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzbw65muq+oAd4RzcNFYtlc78obMB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvN052RHJtYTZyNmdCM2hITncwVmkyVnp2eWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQu7MA0G
CSqGSIb3DQEBCwUAA4IBAQClhjHEOYWTsY4BCjZ2ppg25EIK/V5F1on+p4ZHtcW2
6dvOs8OVBoux38ihE0SmK8si2S+7c/DMEBocR41G9K7R0DKYG0Ea7seB2aujJVsu
nxE3lXftDcg1/O686+ib4Yq7T20kk+pLuw+84n6FH2zugl2eVd4Su3QegXnY7ik3
Qd+a080/Ak88a4MxkLUigNm91EZdFtt2uZMVyBVW59tlmp+jEDE1NoqHOMxYb0MP
DFvoanl5dfjBQsbhEja6K0IhZS5W63waEzKst9bK20wqJcKjjc0PgGGQHTKCU2X2
+k3o+veV2kBf7Uwx5VNM5yfaYOyjGcskjBNUPDte7Pmq
-----END CERTIFICATE-----