This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/K7C1ZpfWRovOP6UH3yp-ezhjpsc.roa
File:                     K7C1ZpfWRovOP6UH3yp-ezhjpsc.roa (raw, json)
Hash identifier:          8HColfIrAJIEMPgWDvtcgdPiCcBeEHNyE1jflu4faJ8=
Subject key identifier:   2B:B0:B5:66:97:D6:46:8B:CE:3F:A5:07:DF:2A:7E:7B:38:63:A6:C7
Certificate issuer:       /CN=31db847d1db1e0b2c2c25502210ff5a719967a19
Certificate serial:       019B7758CE116449CC3DBE5CD2BD22C20CA4
Authority key identifier: 31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/K7C1ZpfWRovOP6UH3yp-ezhjpsc.roa
Signing time:             Thu 01 Jan 2026 02:17:47 +0000
ROA not before:           Thu 01 Jan 2026 02:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     18186
IP address blocks:        185.238.212.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ce:11:64:49:cc:3d:be:5c:d2:bd:22:c2:0c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31db847d1db1e0b2c2c25502210ff5a719967a19
        Validity
            Not Before: Jan  1 02:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bb0b56697d6468bce3fa507df2a7e7b3863a6c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:24:7f:7e:0f:55:e1:10:c5:b3:be:ef:9c:fa:
                    e5:61:0f:ab:2f:b5:22:c0:12:68:68:3d:6a:04:1d:
                    81:4a:22:38:55:ed:35:7a:81:06:0d:e9:e1:d9:f1:
                    2b:e4:80:1e:40:ef:80:ce:d5:b9:3e:f8:a9:19:c4:
                    68:10:dd:d7:8b:76:8d:f3:12:4c:c8:42:23:2a:7b:
                    e2:af:60:b1:7e:d3:f1:d0:f4:a9:96:df:89:c3:23:
                    a4:c9:3b:2f:4c:8b:c5:54:52:44:ab:00:e8:7f:16:
                    ff:23:c1:31:43:b7:2d:d5:d5:71:cc:d0:c4:4f:d0:
                    21:31:d4:fc:7d:05:64:09:1c:15:f1:78:e3:c2:52:
                    64:93:b1:12:5d:8d:54:71:e7:6f:cd:5e:18:9f:54:
                    92:09:33:18:bb:4e:99:38:5a:73:fa:90:31:29:93:
                    7b:f3:35:e4:c4:65:10:fc:13:19:c4:41:fb:11:a7:
                    d7:3a:18:d5:03:3f:aa:9b:94:ec:22:2d:7d:5f:9f:
                    b5:e5:28:eb:fb:f9:df:77:3f:80:78:7e:6d:82:51:
                    5d:45:96:b9:a0:7c:17:8b:e9:6a:50:12:61:47:aa:
                    31:f2:ee:37:42:0d:e3:1b:79:3b:9e:df:bb:a5:30:
                    5a:e2:42:44:3e:38:48:b5:7b:89:63:06:c5:7d:27:
                    96:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B0:B5:66:97:D6:46:8B:CE:3F:A5:07:DF:2A:7E:7B:38:63:A6:C7
            X509v3 Authority Key Identifier:
                keyid:31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/K7C1ZpfWRovOP6UH3yp-ezhjpsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:b6:65:ee:25:7f:5a:c8:8d:1d:89:c3:ad:dc:b0:72:8a:f0:
         51:67:07:8b:77:00:f3:8d:14:cb:c0:32:8e:65:a9:ca:89:7f:
         ef:28:87:a9:b4:84:a3:dd:52:6d:10:c3:79:0e:b9:c9:3d:82:
         93:fc:86:03:5c:83:ad:df:d6:44:5a:79:cd:9f:cd:72:d5:05:
         a3:f8:65:b3:9e:51:2d:c3:cd:3f:6a:36:fe:da:5c:9d:54:fd:
         ea:1c:e7:a5:54:81:fd:95:2b:3b:56:cf:5c:92:7e:73:ba:29:
         25:24:5c:90:98:f9:25:0d:09:f9:6d:81:8e:b1:0e:7a:7a:7c:
         5b:72:36:a1:b8:a3:58:b3:2f:19:83:37:b2:f3:40:2a:71:38:
         9b:9c:91:9d:01:5d:06:b4:71:24:c2:8e:06:70:85:cc:30:ae:
         75:ca:36:4c:6f:04:30:13:27:01:ad:3b:4b:a1:be:95:08:93:
         6d:97:2d:0e:df:1f:fe:c4:0a:50:ec:f4:bc:fe:6a:0a:d9:02:
         47:71:fc:7f:66:3a:cb:fb:ed:49:89:0c:61:c9:80:e8:f0:54:
         04:e7:43:81:c2:f1:ac:11:20:45:be:49:77:f5:61:d2:93:3c:
         67:04:4a:5e:57:dd:98:63:8f:ac:f7:af:61:38:89:c4:1d:39:
         89:e0:16:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WM4RZEnMPb5c0r0iwgykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZGI4NDdkMWRiMWUwYjJjMmMyNTUwMjIxMGZmNWE3MTk5
NjdhMTkwHhcNMjYwMTAxMDIxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmIwYjU2Njk3ZDY0NjhiY2UzZmE1MDdkZjJhN2U3YjM4NjNhNmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SR/fg9V4RDFs77vnPrlYQ+rL7Ui
wBJoaD1qBB2BSiI4Ve01eoEGDenh2fEr5IAeQO+AztW5PvipGcRoEN3Xi3aN8xJM
yEIjKnvir2CxftPx0PSplt+JwyOkyTsvTIvFVFJEqwDofxb/I8ExQ7ct1dVxzNDE
T9AhMdT8fQVkCRwV8XjjwlJkk7ESXY1UcedvzV4Yn1SSCTMYu06ZOFpz+pAxKZN7
8zXkxGUQ/BMZxEH7EafXOhjVAz+qm5TsIi19X5+15Sjr+/nfdz+AeH5tglFdRZa5
oHwXi+lqUBJhR6ox8u43Qg3jG3k7nt+7pTBa4kJEPjhItXuJYwbFfSeWTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuwtWaX1kaLzj+lB98qfns4Y6bHMB8GA1UdIwQY
MBaAFDHbhH0dseCywsJVAiEP9acZlnoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEt
YmQ2ZTNiMDI2YzM3LzEvSzdDMVpwZldSb3ZPUDZVSDN5cC1lemhqcHNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEtYmQ2ZTNiMDI2YzM3
LzEvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue7UMA0G
CSqGSIb3DQEBCwUAA4IBAQAStmXuJX9ayI0dicOt3LByivBRZweLdwDzjRTLwDKO
ZanKiX/vKIeptISj3VJtEMN5DrnJPYKT/IYDXIOt39ZEWnnNn81y1QWj+GWznlEt
w80/ajb+2lydVP3qHOelVIH9lSs7Vs9ckn5zuiklJFyQmPklDQn5bYGOsQ56enxb
cjahuKNYsy8Zgzey80AqcTibnJGdAV0GtHEkwo4GcIXMMK51yjZMbwQwEycBrTtL
ob6VCJNtly0O3x/+xApQ7PS8/moK2QJHcfx/ZjrL++1JiQxhyYDo8FQE50OBwvGs
ESBFvkl39WHSkzxnBEpeV92YY4+s969hOInEHTmJ4Bbt
-----END CERTIFICATE-----