This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b89c1f-8dcb-438b-8afd-605d135136f7/1/7AOoMOGVRmNfzkuDKRu3Sk1W0eA.roa
File:                     7AOoMOGVRmNfzkuDKRu3Sk1W0eA.roa (raw, json)
Hash identifier:          +394RmOY/Sxcv9d3Us94xh5+rW7+06GfmeDJKppUg3M=
Subject key identifier:   EC:03:A8:30:E1:95:46:63:5F:CE:4B:83:29:1B:B7:4A:4D:56:D1:E0
Certificate issuer:       /CN=687d9b562ba472618f9398e265ca0e7108f687a3
Certificate serial:       019B7F1596D25BCF645099A69C9AAC763750
Authority key identifier: 68:7D:9B:56:2B:A4:72:61:8F:93:98:E2:65:CA:0E:71:08:F6:87:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aH2bViukcmGPk5jiZcoOcQj2h6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b89c1f-8dcb-438b-8afd-605d135136f7/1/7AOoMOGVRmNfzkuDKRu3Sk1W0eA.roa
Signing time:             Fri 02 Jan 2026 14:21:19 +0000
ROA not before:           Fri 02 Jan 2026 14:21:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12360
IP address blocks:        194.55.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b89c1f-8dcb-438b-8afd-605d135136f7/1/aH2bViukcmGPk5jiZcoOcQj2h6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b89c1f-8dcb-438b-8afd-605d135136f7/1/aH2bViukcmGPk5jiZcoOcQj2h6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aH2bViukcmGPk5jiZcoOcQj2h6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:96:d2:5b:cf:64:50:99:a6:9c:9a:ac:76:37:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687d9b562ba472618f9398e265ca0e7108f687a3
        Validity
            Not Before: Jan  2 14:21:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec03a830e19546635fce4b83291bb74a4d56d1e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:db:9f:fd:7d:c9:fb:1f:5a:08:fe:d4:88:a3:
                    52:35:55:2f:a1:59:c8:5c:86:b3:9e:01:17:fb:9a:
                    25:59:3e:c7:e6:c4:f0:9a:ac:3e:b2:d2:51:f4:4f:
                    63:5e:52:a4:a1:c9:0e:16:85:87:4d:80:9d:ef:05:
                    f6:c2:5d:58:2c:29:e3:be:93:0b:51:61:b4:dd:77:
                    52:98:4a:7b:2c:cb:a9:a2:4d:f9:f6:7a:85:8f:02:
                    b7:44:51:ba:73:17:51:f6:12:c0:ed:ea:94:d5:54:
                    c3:32:84:f4:f2:cd:be:9a:e8:e9:d7:90:34:15:68:
                    9e:13:f0:d9:d4:64:8e:ed:6c:73:2f:3a:c2:dd:a6:
                    25:cb:c2:3d:a6:b5:b6:47:e0:c0:e0:66:bf:65:b9:
                    c8:51:41:04:40:1a:7b:ac:02:2a:b6:11:0d:10:e2:
                    ba:57:eb:f0:07:14:1c:9c:79:ae:ce:21:20:34:8a:
                    ae:46:71:7d:77:49:74:1e:eb:f2:12:8c:94:f0:67:
                    58:cb:32:78:f1:11:ce:6e:78:aa:ec:f9:8b:4b:c7:
                    29:7d:5d:71:5e:20:3c:2f:d1:ee:20:1f:9d:6c:84:
                    e9:a0:3f:46:dd:5a:4f:27:23:62:38:06:af:c5:c5:
                    db:90:12:15:90:4b:3c:a1:58:73:59:df:91:6f:4f:
                    bf:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:03:A8:30:E1:95:46:63:5F:CE:4B:83:29:1B:B7:4A:4D:56:D1:E0
            X509v3 Authority Key Identifier:
                keyid:68:7D:9B:56:2B:A4:72:61:8F:93:98:E2:65:CA:0E:71:08:F6:87:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aH2bViukcmGPk5jiZcoOcQj2h6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b89c1f-8dcb-438b-8afd-605d135136f7/1/7AOoMOGVRmNfzkuDKRu3Sk1W0eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b89c1f-8dcb-438b-8afd-605d135136f7/1/aH2bViukcmGPk5jiZcoOcQj2h6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:87:61:10:9d:c1:2b:10:99:4e:c5:ef:d3:87:c8:ac:4b:ad:
         bc:58:bf:b7:7d:5f:5e:d6:2d:f5:56:1b:bd:70:20:18:65:77:
         72:21:b0:44:aa:1c:3f:92:f9:8f:b6:10:b3:34:77:64:34:1a:
         1b:eb:a6:fe:5b:73:20:23:40:23:46:b7:ea:a7:11:80:ee:06:
         1f:94:2a:01:2a:03:63:88:9a:8d:7c:cf:c6:a4:a7:ea:24:bb:
         ae:a4:9b:6b:0d:2d:2c:af:1b:6e:9b:3f:45:f2:b9:97:8b:ba:
         27:15:52:6e:47:6b:78:a7:4d:e5:ea:b2:11:b7:a5:79:a8:1a:
         94:ef:f5:54:5b:77:3e:93:9d:44:16:0d:b8:47:dd:61:63:19:
         9d:8a:17:e8:aa:a3:0c:75:30:44:4c:6b:45:53:4b:fc:77:ff:
         18:17:e9:91:67:c1:77:4f:f3:5c:d5:16:43:64:aa:07:76:05:
         fa:c2:b3:75:e1:d8:73:69:9b:a8:a7:74:ff:87:59:c9:bd:7e:
         d9:9f:68:aa:a5:2c:7f:c8:14:98:af:bd:1c:97:1f:d7:e8:88:
         dd:30:78:c5:cd:e4:38:12:35:2f:bf:55:de:b9:af:bc:84:f4:
         89:0a:67:ba:ad:45:0e:ed:2c:53:e0:bb:73:de:19:6a:08:47:
         c0:35:f6:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FZbSW89kUJmmnJqsdjdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4N2Q5YjU2MmJhNDcyNjE4ZjkzOThlMjY1Y2EwZTcxMDhm
Njg3YTMwHhcNMjYwMTAyMTQyMTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzAzYTgzMGUxOTU0NjYzNWZjZTRiODMyOTFiYjc0YTRkNTZkMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4duf/X3J+x9aCP7UiKNSNVUvoVnI
XIazngEX+5olWT7H5sTwmqw+stJR9E9jXlKkockOFoWHTYCd7wX2wl1YLCnjvpML
UWG03XdSmEp7LMupok359nqFjwK3RFG6cxdR9hLA7eqU1VTDMoT08s2+mujp15A0
FWieE/DZ1GSO7WxzLzrC3aYly8I9prW2R+DA4Ga/ZbnIUUEEQBp7rAIqthENEOK6
V+vwBxQcnHmuziEgNIquRnF9d0l0HuvyEoyU8GdYyzJ48RHObniq7PmLS8cpfV1x
XiA8L9HuIB+dbITpoD9G3VpPJyNiOAavxcXbkBIVkEs8oVhzWd+Rb0+/MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwDqDDhlUZjX85Lgykbt0pNVtHgMB8GA1UdIwQY
MBaAFGh9m1YrpHJhj5OY4mXKDnEI9oejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUgyYlZpdWtjbUdQazVqaVpjb09jUWoyaDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iODljMWYtOGRjYi00MzhiLThhZmQt
NjA1ZDEzNTEzNmY3LzEvN0FPb01PR1ZSbU5memt1REtSdTNTazFXMGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iODljMWYtOGRjYi00MzhiLThhZmQtNjA1ZDEzNTEzNmY3
LzEvYUgyYlZpdWtjbUdQazVqaVpjb09jUWoyaDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjeKMA0G
CSqGSIb3DQEBCwUAA4IBAQB/h2EQncErEJlOxe/Th8isS628WL+3fV9e1i31Vhu9
cCAYZXdyIbBEqhw/kvmPthCzNHdkNBob66b+W3MgI0AjRrfqpxGA7gYflCoBKgNj
iJqNfM/GpKfqJLuupJtrDS0srxtumz9F8rmXi7onFVJuR2t4p03l6rIRt6V5qBqU
7/VUW3c+k51EFg24R91hYxmdihfoqqMMdTBETGtFU0v8d/8YF+mRZ8F3T/Nc1RZD
ZKoHdgX6wrN14dhzaZuop3T/h1nJvX7Zn2iqpSx/yBSYr70clx/X6IjdMHjFzeQ4
EjUvv1Xeua+8hPSJCme6rUUO7SxT4Ltz3hlqCEfANfY1
-----END CERTIFICATE-----