This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7PZoQx6MrRy9_J58LfxleAu6yLU.roa
File:                     7PZoQx6MrRy9_J58LfxleAu6yLU.roa (raw, json)
Hash identifier:          DNE7pUNogQjYu6aVDRlFfbYe+TjJZwQRHkvs6pA5yVY=
Subject key identifier:   EC:F6:68:43:1E:8C:AD:1C:BD:FC:9E:7C:2D:FC:65:78:0B:BA:C8:B5
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA52B89C476243483CB8B763987DEEE
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7PZoQx6MrRy9_J58LfxleAu6yLU.roa
Signing time:             Thu 01 Jan 2026 22:19:40 +0000
ROA not before:           Thu 01 Jan 2026 22:19:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21337
IP address blocks:        213.91.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:2b:89:c4:76:24:34:83:cb:8b:76:39:87:de:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ecf668431e8cad1cbdfc9e7c2dfc65780bbac8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fd:98:03:5b:73:63:76:92:b0:33:e0:08:48:
                    7a:ed:eb:c3:cb:6c:b8:9d:d0:0d:6b:34:c3:6f:ca:
                    95:db:40:1c:0d:2a:76:56:85:56:42:88:7d:a6:bf:
                    b3:38:77:d1:73:99:a1:37:55:7e:65:2e:2a:7c:09:
                    16:32:40:64:d1:07:52:56:fb:92:8f:3d:e2:52:6f:
                    98:de:86:97:12:0f:8d:e4:ee:5b:42:68:55:6a:dc:
                    8e:4b:f4:46:25:5d:92:7b:8e:41:0a:a1:bb:fb:9b:
                    de:9c:78:58:63:bd:f5:bc:0d:d3:4b:cf:b9:25:4a:
                    ea:32:cb:68:0f:82:42:f5:3f:3c:ad:c7:11:46:64:
                    de:5e:a7:74:e6:6a:c2:48:e5:15:c9:42:4e:c1:11:
                    49:14:fa:26:61:87:6e:53:83:88:8d:fd:5f:28:44:
                    ef:7e:e5:48:18:86:9d:bd:1a:3a:fd:01:3a:0e:a3:
                    cc:12:32:6e:65:02:31:8e:e4:c3:d9:08:37:95:78:
                    f4:0e:36:4b:4b:94:2b:71:5b:a8:a4:da:a2:e8:a1:
                    18:ca:9f:56:b6:e7:82:05:86:02:8a:e3:8b:84:c1:
                    53:bd:9a:38:fa:d1:e4:9f:ea:76:46:28:f8:01:ad:
                    bd:d7:e6:52:db:22:c7:73:de:2c:09:2e:58:d4:c2:
                    c3:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F6:68:43:1E:8C:AD:1C:BD:FC:9E:7C:2D:FC:65:78:0B:BA:C8:B5
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7PZoQx6MrRy9_J58LfxleAu6yLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:49:29:e7:38:4f:c3:03:a3:f8:42:36:23:ff:4a:24:2f:2c:
         76:58:8a:af:7a:95:67:7b:9a:53:ca:ef:00:0d:50:12:00:db:
         39:28:43:d0:08:b6:b6:79:7f:be:b0:29:06:b9:e3:4d:41:26:
         2c:f7:0c:a4:20:68:97:78:10:b6:90:ee:3f:c9:30:7e:e8:42:
         44:e7:69:f2:cd:67:d0:eb:51:1b:7e:c8:7a:41:51:f5:48:1c:
         bf:1f:98:b1:2f:32:0c:1a:bf:7b:a4:cc:f7:b1:3f:84:5d:2d:
         40:ee:79:58:45:1f:4d:7d:ce:13:02:e3:12:37:b8:86:fa:3f:
         40:b1:a8:83:f7:be:49:a0:4c:9f:cd:1c:02:50:ed:d1:64:e6:
         49:02:a0:92:7d:95:e8:9b:f3:23:73:db:89:99:49:25:cf:41:
         3e:30:e6:da:3a:c3:4b:3b:13:bb:b7:51:2c:49:cb:9a:7c:7d:
         a2:ce:0e:63:02:27:31:25:9e:60:f1:29:44:41:50:ae:28:58:
         b7:f0:24:af:56:b1:cc:35:b5:5a:82:c2:94:7e:82:e8:43:8e:
         03:5f:71:c8:75:88:55:59:81:49:52:64:dd:d3:a8:60:63:e0:
         da:bb:c5:7c:ca:b4:cb:3f:70:4b:cb:7a:5c:c1:8d:14:2e:9e:
         10:33:82:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSuJxHYkNIPLi3Y5h97uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Y2Njg0MzFlOGNhZDFjYmRmYzllN2MyZGZjNjU3ODBiYmFjOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/2YA1tzY3aSsDPgCEh67evDy2y4
ndANazTDb8qV20AcDSp2VoVWQoh9pr+zOHfRc5mhN1V+ZS4qfAkWMkBk0QdSVvuS
jz3iUm+Y3oaXEg+N5O5bQmhVatyOS/RGJV2Se45BCqG7+5venHhYY731vA3TS8+5
JUrqMstoD4JC9T88rccRRmTeXqd05mrCSOUVyUJOwRFJFPomYYduU4OIjf1fKETv
fuVIGIadvRo6/QE6DqPMEjJuZQIxjuTD2Qg3lXj0DjZLS5QrcVuopNqi6KEYyp9W
tueCBYYCiuOLhMFTvZo4+tHkn+p2Rij4Aa291+ZS2yLHc94sCS5Y1MLDIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOz2aEMejK0cvfyefC38ZXgLusi1MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvN1Bab1F4Nk1yUnk5X0o1OExmeGxlQXU2eUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VvEMA0G
CSqGSIb3DQEBCwUAA4IBAQCoSSnnOE/DA6P4QjYj/0okLyx2WIqvepVne5pTyu8A
DVASANs5KEPQCLa2eX++sCkGueNNQSYs9wykIGiXeBC2kO4/yTB+6EJE52nyzWfQ
61Ebfsh6QVH1SBy/H5ixLzIMGr97pMz3sT+EXS1A7nlYRR9Nfc4TAuMSN7iG+j9A
saiD975JoEyfzRwCUO3RZOZJAqCSfZXom/Mjc9uJmUklz0E+MObaOsNLOxO7t1Es
ScuafH2izg5jAicxJZ5g8SlEQVCuKFi38CSvVrHMNbVagsKUfoLoQ44DX3HIdYhV
WYFJUmTd06hgY+Dau8V8yrTLP3BLy3pcwY0ULp4QM4Id
-----END CERTIFICATE-----