This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/7cYGhHG7YtiE08uGuW1-X_rHKII.roa
File:                     7cYGhHG7YtiE08uGuW1-X_rHKII.roa (raw, json)
Hash identifier:          hmnCIat4n3k5p2akfmzZ49cT/kokW1B90E1WUFaEO78=
Subject key identifier:   ED:C6:06:84:71:BB:62:D8:84:D3:CB:86:B9:6D:7E:5F:FA:C7:28:82
Certificate issuer:       /CN=dceb548762c7d4caccb616d819ce95cf627b2021
Certificate serial:       019B7758E69EA7E7197AA069CBA693666D03
Authority key identifier: DC:EB:54:87:62:C7:D4:CA:CC:B6:16:D8:19:CE:95:CF:62:7B:20:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OtUh2LH1MrMthbYGc6Vz2J7ICE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/7cYGhHG7YtiE08uGuW1-X_rHKII.roa
Signing time:             Thu 01 Jan 2026 02:17:53 +0000
ROA not before:           Thu 01 Jan 2026 02:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212011
IP address blocks:        91.206.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/3OtUh2LH1MrMthbYGc6Vz2J7ICE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/3OtUh2LH1MrMthbYGc6Vz2J7ICE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OtUh2LH1MrMthbYGc6Vz2J7ICE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:e6:9e:a7:e7:19:7a:a0:69:cb:a6:93:66:6d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dceb548762c7d4caccb616d819ce95cf627b2021
        Validity
            Not Before: Jan  1 02:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edc6068471bb62d884d3cb86b96d7e5ffac72882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:80:d8:9f:24:10:43:3b:d7:8b:c2:d7:cb:ce:
                    73:b5:39:1d:fb:fe:88:86:2d:c7:f6:2d:b3:3a:ad:
                    c1:4b:f0:cf:21:91:22:51:60:ee:71:e5:83:0a:e2:
                    aa:bb:0d:66:54:96:49:3c:c6:8e:74:9b:11:7f:cc:
                    d6:aa:ae:ad:ba:06:8f:e2:a3:44:fe:ed:71:0c:64:
                    45:af:7a:bf:bd:61:f0:2e:69:1b:1f:e5:5a:1c:0f:
                    63:16:13:90:5c:17:e4:fc:a0:1a:b0:18:be:1a:d0:
                    4c:2e:32:90:8c:7f:06:d0:f2:05:65:ff:d5:40:3c:
                    91:cf:4e:bf:de:10:91:3a:1e:a9:3a:69:e0:32:98:
                    f3:d8:78:a9:28:a9:50:ad:98:da:8d:60:1a:b5:62:
                    4e:14:f0:3e:2d:99:da:fe:d1:a8:76:8a:d1:f5:69:
                    ca:f1:a8:55:0c:12:e8:af:f9:18:44:5e:cb:cf:fd:
                    f3:dc:1c:20:1f:02:cc:f0:96:20:9a:64:cc:24:bd:
                    a5:8f:9f:b8:fc:5e:f3:f0:f9:1e:32:7b:b0:d1:07:
                    c7:04:94:df:40:8f:82:fb:a6:c2:6e:45:a9:8e:b7:
                    a0:4c:31:64:e9:0c:67:1d:05:02:1a:40:58:1d:c0:
                    c8:80:db:e5:30:84:05:ee:72:58:7b:26:ba:c0:6e:
                    24:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C6:06:84:71:BB:62:D8:84:D3:CB:86:B9:6D:7E:5F:FA:C7:28:82
            X509v3 Authority Key Identifier:
                keyid:DC:EB:54:87:62:C7:D4:CA:CC:B6:16:D8:19:CE:95:CF:62:7B:20:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OtUh2LH1MrMthbYGc6Vz2J7ICE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/7cYGhHG7YtiE08uGuW1-X_rHKII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/3OtUh2LH1MrMthbYGc6Vz2J7ICE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:43:3d:63:4d:20:d0:de:8c:77:01:e1:67:f7:42:5f:88:47:
         b8:db:32:eb:bc:45:85:b5:71:f2:d6:87:2f:a4:ba:84:71:06:
         5f:42:85:f2:db:9a:bb:cc:74:53:37:56:61:d7:7a:d7:f8:84:
         78:cc:db:b2:62:95:75:03:42:d1:71:a3:50:81:73:8b:78:d3:
         f1:6c:e1:90:e8:d9:8e:fc:98:79:0b:c1:80:f1:e7:be:63:6a:
         5d:34:50:18:d2:34:43:39:33:d2:ed:0b:0e:62:9e:44:c0:ed:
         c6:86:9b:d9:f3:0e:c1:c2:79:87:8b:bc:ee:e8:31:71:07:74:
         a5:12:8c:e8:01:6f:6e:7a:f0:26:47:3d:5c:f9:1a:29:13:93:
         54:47:85:5c:b9:b3:66:26:1c:2c:61:77:b2:69:22:8f:98:9c:
         99:a4:bf:f3:41:4c:7a:5d:57:20:39:96:7b:d1:24:c1:da:86:
         c4:28:56:1e:52:0a:c0:3a:99:86:89:76:06:71:48:09:09:26:
         60:24:57:8c:64:d4:e4:8d:d7:3b:77:00:3d:d8:ce:6a:6b:ad:
         75:84:a0:13:62:44:43:c2:76:da:62:a8:42:ba:89:70:44:10:
         f6:6e:48:9a:d5:2d:e3:19:39:2e:2e:1f:80:7c:96:2b:99:0d:
         55:ec:f5:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WOaep+cZeqBpy6aTZm0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWI1NDg3NjJjN2Q0Y2FjY2I2MTZkODE5Y2U5NWNmNjI3
YjIwMjEwHhcNMjYwMTAxMDIxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM2MDY4NDcxYmI2MmQ4ODRkM2NiODZiOTZkN2U1ZmZhYzcyODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYDYnyQQQzvXi8LXy85ztTkd+/6I
hi3H9i2zOq3BS/DPIZEiUWDuceWDCuKquw1mVJZJPMaOdJsRf8zWqq6tugaP4qNE
/u1xDGRFr3q/vWHwLmkbH+VaHA9jFhOQXBfk/KAasBi+GtBMLjKQjH8G0PIFZf/V
QDyRz06/3hCROh6pOmngMpjz2HipKKlQrZjajWAatWJOFPA+LZna/tGodorR9WnK
8ahVDBLor/kYRF7Lz/3z3BwgHwLM8JYgmmTMJL2lj5+4/F7z8PkeMnuw0QfHBJTf
QI+C+6bCbkWpjregTDFk6QxnHQUCGkBYHcDIgNvlMIQF7nJYeya6wG4k9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3GBoRxu2LYhNPLhrltfl/6xyiCMB8GA1UdIwQY
MBaAFNzrVIdix9TKzLYW2BnOlc9ieyAhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM090VWgyTEgxTXJNdGhiWUdjNlZ6Mko3SUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iZTIyMzYtYzJiYS00NzhhLWFiYzMt
YjRjZWE1MTQ1NmI0LzEvN2NZR2hIRzdZdGlFMDh1R3VXMS1YX3JIS0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iZTIyMzYtYzJiYS00NzhhLWFiYzMtYjRjZWE1MTQ1NmI0
LzEvM090VWgyTEgxTXJNdGhiWUdjNlZ6Mko3SUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW85GMA0G
CSqGSIb3DQEBCwUAA4IBAQA6Qz1jTSDQ3ox3AeFn90JfiEe42zLrvEWFtXHy1ocv
pLqEcQZfQoXy25q7zHRTN1Zh13rX+IR4zNuyYpV1A0LRcaNQgXOLeNPxbOGQ6NmO
/Jh5C8GA8ee+Y2pdNFAY0jRDOTPS7QsOYp5EwO3GhpvZ8w7BwnmHi7zu6DFxB3Sl
EozoAW9uevAmRz1c+RopE5NUR4VcubNmJhwsYXeyaSKPmJyZpL/zQUx6XVcgOZZ7
0STB2obEKFYeUgrAOpmGiXYGcUgJCSZgJFeMZNTkjdc7dwA92M5qa611hKATYkRD
wnbaYqhCuolwRBD2bkia1S3jGTkuLh+AfJYrmQ1V7PWX
-----END CERTIFICATE-----