This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/en-Q7yeb2Z7kIhNbVjOcGbm5MIc.roa
File:                     en-Q7yeb2Z7kIhNbVjOcGbm5MIc.roa (raw, json)
Hash identifier:          rXbw78vAg5cjNMmUQ0XTeSV5YcEgAXrrBnTa2Pbv9+k=
Subject key identifier:   7A:7F:90:EF:27:9B:D9:9E:E4:22:13:5B:56:33:9C:19:B9:B9:30:87
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019B7D5B2A741BD11DEAA570DA3996292975
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/en-Q7yeb2Z7kIhNbVjOcGbm5MIc.roa
Signing time:             Fri 02 Jan 2026 06:18:05 +0000
ROA not before:           Fri 02 Jan 2026 06:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204203
IP address blocks:        185.239.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:2a:74:1b:d1:1d:ea:a5:70:da:39:96:29:29:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  2 06:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a7f90ef279bd99ee422135b56339c19b9b93087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f8:cd:63:49:6b:4b:0c:65:79:ac:47:50:29:
                    bf:00:ae:4c:b6:e6:15:d4:5c:9b:92:98:20:0a:32:
                    21:0d:1e:0e:5a:dc:ee:c9:ea:1a:ea:64:d4:bf:b0:
                    b7:1e:30:fe:19:68:26:95:df:63:bb:f5:e6:40:c8:
                    c0:77:3a:a7:a0:5b:21:4f:01:8f:fb:0b:26:f6:f3:
                    2f:78:76:55:d4:0a:2b:1e:ab:ec:0d:f8:98:ca:8b:
                    0a:a7:3a:67:bd:b8:24:35:c0:8e:8f:77:79:d0:35:
                    b9:7f:71:6e:93:be:1f:27:df:f9:7d:3e:8b:8f:be:
                    6b:52:84:90:24:30:ef:bb:64:40:6d:96:b5:a9:8f:
                    42:46:78:10:4c:25:d0:78:0b:58:dc:21:4f:70:ae:
                    84:f1:db:82:2d:81:3a:1e:87:16:7d:1c:fe:19:1e:
                    0e:5a:21:f6:44:37:79:cf:92:56:b7:ad:a4:05:ab:
                    e8:70:f7:75:1c:fa:06:b9:78:5e:c9:60:9f:11:34:
                    ae:63:33:dc:d3:fd:da:bd:c3:b8:74:a6:ac:b8:f8:
                    98:aa:79:34:69:49:35:4d:2a:b8:93:4a:2d:fd:ca:
                    30:7b:f0:d8:b4:cc:8c:5c:78:8a:44:f9:80:02:80:
                    cc:0f:aa:7d:26:d6:73:87:93:a5:40:a0:5d:15:6d:
                    e3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:7F:90:EF:27:9B:D9:9E:E4:22:13:5B:56:33:9C:19:B9:B9:30:87
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/en-Q7yeb2Z7kIhNbVjOcGbm5MIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:fe:bd:09:69:84:00:95:5a:84:aa:6b:b8:4d:10:27:a3:33:
         cd:3e:c0:ca:73:3e:71:30:58:74:50:c1:83:e9:5b:f9:6f:a7:
         f3:31:9a:7a:03:59:24:8a:e7:b9:5f:ae:e4:7e:26:3e:52:f4:
         b9:31:4f:70:a1:90:a5:ba:15:4d:7e:28:9d:3f:f9:86:89:80:
         33:75:8c:da:eb:33:2d:d0:7e:be:8d:f7:78:30:cc:94:4b:57:
         59:1b:c7:9a:33:62:2e:73:56:1d:b2:d6:a5:f0:94:d3:5e:ea:
         dd:81:a0:5e:fc:f2:0c:62:3d:4d:fd:3d:a9:44:6d:4d:b9:9b:
         84:f2:f2:c2:4c:02:df:30:94:31:bf:79:d8:d0:57:a1:bc:22:
         fd:ef:6e:9c:09:1a:35:e4:3b:e7:b7:ff:e6:f4:fd:6e:3e:9a:
         93:27:38:a6:d9:13:b1:02:00:5f:c1:03:d3:de:e6:97:8c:ea:
         d1:4f:7e:a3:eb:4d:7a:67:8f:dd:c1:fd:e7:8c:08:6b:26:38:
         3b:20:c8:08:f9:24:e2:27:44:02:d1:57:19:3a:d9:29:8f:3b:
         ee:12:41:2d:b5:5e:e9:95:87:ed:6f:61:95:0c:6a:f4:37:b1:
         e4:7d:24:d6:0d:07:d6:66:ab:b4:8b:84:0b:ad:54:b1:3e:a7:
         99:28:0d:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wyp0G9Ed6qVw2jmWKSl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMTAyMDYxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTdmOTBlZjI3OWJkOTllZTQyMjEzNWI1NjMzOWMxOWI5YjkzMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/jNY0lrSwxleaxHUCm/AK5MtuYV
1FybkpggCjIhDR4OWtzuyeoa6mTUv7C3HjD+GWgmld9ju/XmQMjAdzqnoFshTwGP
+wsm9vMveHZV1AorHqvsDfiYyosKpzpnvbgkNcCOj3d50DW5f3Fuk74fJ9/5fT6L
j75rUoSQJDDvu2RAbZa1qY9CRngQTCXQeAtY3CFPcK6E8duCLYE6HocWfRz+GR4O
WiH2RDd5z5JWt62kBavocPd1HPoGuXheyWCfETSuYzPc0/3avcO4dKasuPiYqnk0
aUk1TSq4k0ot/cowe/DYtMyMXHiKRPmAAoDMD6p9JtZzh5OlQKBdFW3jYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHp/kO8nm9me5CITW1YznBm5uTCHMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvZW4tUTd5ZWIyWjdrSWhOYlZqT2NHYm01TUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue8BMA0G
CSqGSIb3DQEBCwUAA4IBAQBA/r0JaYQAlVqEqmu4TRAnozPNPsDKcz5xMFh0UMGD
6Vv5b6fzMZp6A1kkiue5X67kfiY+UvS5MU9woZCluhVNfiidP/mGiYAzdYza6zMt
0H6+jfd4MMyUS1dZG8eaM2Iuc1Ydstal8JTTXurdgaBe/PIMYj1N/T2pRG1NuZuE
8vLCTALfMJQxv3nY0FehvCL9726cCRo15Dvnt//m9P1uPpqTJzim2ROxAgBfwQPT
3uaXjOrRT36j6016Z4/dwf3njAhrJjg7IMgI+STiJ0QC0VcZOtkpjzvuEkEttV7p
lYftb2GVDGr0N7HkfSTWDQfWZqu0i4QLrVSxPqeZKA3c
-----END CERTIFICATE-----