This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/67caee-4c11-4a6f-bf63-5518b0e86566/1/7z2YGPcEqsEw9wB3cXl_nQ3NHO4.roa
File:                     7z2YGPcEqsEw9wB3cXl_nQ3NHO4.roa (raw, json)
Hash identifier:          Bvn+rA+635xtyl4tft39rNzvvTGpmQ30acIvRfRFLQI=
Subject key identifier:   EF:3D:98:18:F7:04:AA:C1:30:F7:00:77:71:79:7F:9D:0D:CD:1C:EE
Certificate issuer:       /CN=2a94c7df8557b653447c3e06fb4b372d5120a222
Certificate serial:       019AD9C3F0897E75CDDF3D32AF7D85C693CB
Authority key identifier: 2A:94:C7:DF:85:57:B6:53:44:7C:3E:06:FB:4B:37:2D:51:20:A2:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KpTH34VXtlNEfD4G-0s3LVEgoiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/67caee-4c11-4a6f-bf63-5518b0e86566/1/7z2YGPcEqsEw9wB3cXl_nQ3NHO4.roa
Signing time:             Mon 01 Dec 2025 11:54:48 +0000
ROA not before:           Mon 01 Dec 2025 11:54:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196854
IP address blocks:        185.121.0.0/24 maxlen: 24
                          185.121.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/67caee-4c11-4a6f-bf63-5518b0e86566/1/KpTH34VXtlNEfD4G-0s3LVEgoiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/67caee-4c11-4a6f-bf63-5518b0e86566/1/KpTH34VXtlNEfD4G-0s3LVEgoiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KpTH34VXtlNEfD4G-0s3LVEgoiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 23:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:d9:c3:f0:89:7e:75:cd:df:3d:32:af:7d:85:c6:93:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94c7df8557b653447c3e06fb4b372d5120a222
        Validity
            Not Before: Dec  1 11:54:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef3d9818f704aac130f7007771797f9d0dcd1cee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:06:ed:7e:6f:89:e6:db:96:de:e6:c2:de:c7:
                    9d:5c:5b:c9:9e:65:a1:86:03:cd:a3:4d:e7:7f:98:
                    9c:a9:48:b9:d8:60:e3:11:0c:9b:99:b2:7a:87:75:
                    a2:86:df:db:a6:0a:21:cf:46:e2:2f:ba:e3:07:b2:
                    75:a1:54:fd:ae:98:0e:eb:36:ee:e9:98:45:de:c4:
                    ab:4e:6c:c8:6b:f3:4b:20:d8:ec:0b:64:d7:70:5c:
                    27:c2:ee:59:2d:46:fb:d6:86:6a:94:f4:ac:c2:7f:
                    22:44:dc:1e:9c:f4:83:ba:7f:b6:fa:63:45:f5:1c:
                    cb:46:da:1c:ca:10:86:4d:ea:0a:ba:a9:92:97:ee:
                    76:96:31:4b:d6:ff:05:fd:46:da:f4:d2:e5:4f:0e:
                    04:2c:7f:97:c8:34:e3:c2:16:6e:a1:47:32:25:16:
                    b2:5b:06:d6:ae:c6:5f:09:9a:6d:bb:e4:71:7d:09:
                    54:77:d1:a1:32:8f:d1:ed:e4:54:c0:58:58:ed:42:
                    79:62:02:87:76:36:f1:29:fc:8e:11:24:0b:b2:5c:
                    51:b2:f4:e7:24:23:eb:af:ce:d5:05:4d:d6:63:1f:
                    b2:b2:48:23:57:b3:0d:e0:0c:49:eb:dc:19:70:22:
                    b4:30:68:fc:fd:96:f5:63:67:54:e7:3c:74:cf:f1:
                    ec:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:3D:98:18:F7:04:AA:C1:30:F7:00:77:71:79:7F:9D:0D:CD:1C:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:C7:DF:85:57:B6:53:44:7C:3E:06:FB:4B:37:2D:51:20:A2:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KpTH34VXtlNEfD4G-0s3LVEgoiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/67caee-4c11-4a6f-bf63-5518b0e86566/1/7z2YGPcEqsEw9wB3cXl_nQ3NHO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/67caee-4c11-4a6f-bf63-5518b0e86566/1/KpTH34VXtlNEfD4G-0s3LVEgoiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:6c:20:ac:fd:2b:73:18:2e:be:56:70:62:8b:30:18:6d:23:
         5a:ba:db:9a:3b:09:4b:9f:d0:cf:3a:81:ce:a7:c4:5f:d7:18:
         f7:a3:47:dd:32:40:04:9d:a7:45:4d:b6:50:b2:47:ec:db:d4:
         84:e6:cf:4b:ca:bb:4d:72:ca:86:61:af:c6:26:bb:44:f4:f9:
         59:fa:2f:ae:4c:bb:3c:22:92:c0:9b:ef:40:91:fa:13:34:30:
         fd:c7:0b:b1:ae:36:c2:15:21:a9:92:d4:be:79:94:ad:01:31:
         a7:a2:ac:d2:d6:61:77:bd:0a:f1:99:47:ca:cb:35:8a:62:76:
         30:51:92:ca:1b:3f:77:be:66:96:ac:8e:7a:80:4e:9d:82:f5:
         0c:4b:14:41:18:a7:37:3c:2f:75:bd:9f:f1:5e:5a:15:06:49:
         3d:9e:93:d6:61:b7:81:af:ea:6f:f9:3c:77:89:57:35:78:f5:
         fb:23:0b:44:4f:69:ed:13:79:f3:5f:13:62:86:f2:d9:c6:e9:
         c8:cd:b8:6b:31:57:16:a9:76:89:5a:71:ed:71:87:85:bf:f8:
         8f:d0:4d:f8:ed:0e:b0:28:11:08:b6:c9:b7:dc:9a:8f:6f:57:
         ed:e7:7e:01:74:85:a2:77:ef:77:04:cb:18:06:3f:76:55:47:
         e2:3e:97:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrZw/CJfnXN3z0yr32FxpPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRjN2RmODU1N2I2NTM0NDdjM2UwNmZiNGIzNzJkNTEy
MGEyMjIwHhcNMjUxMjAxMTE1NDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjNkOTgxOGY3MDRhYWMxMzBmNzAwNzc3MTc5N2Y5ZDBkY2QxY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Abtfm+J5tuW3ubC3sedXFvJnmWh
hgPNo03nf5icqUi52GDjEQybmbJ6h3Wiht/bpgohz0biL7rjB7J1oVT9rpgO6zbu
6ZhF3sSrTmzIa/NLINjsC2TXcFwnwu5ZLUb71oZqlPSswn8iRNwenPSDun+2+mNF
9RzLRtocyhCGTeoKuqmSl+52ljFL1v8F/Uba9NLlTw4ELH+XyDTjwhZuoUcyJRay
WwbWrsZfCZptu+RxfQlUd9GhMo/R7eRUwFhY7UJ5YgKHdjbxKfyOESQLslxRsvTn
JCPrr87VBU3WYx+yskgjV7MN4AxJ69wZcCK0MGj8/Zb1Y2dU5zx0z/HsYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO89mBj3BKrBMPcAd3F5f50NzRzuMB8GA1UdIwQY
MBaAFCqUx9+FV7ZTRHw+BvtLNy1RIKIiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3BUSDM0Vlh0bE5FZkQ0Ry0wczNMVkVnb2lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC82N2NhZWUtNGMxMS00YTZmLWJmNjMt
NTUxOGIwZTg2NTY2LzEvN3oyWUdQY0Vxc0V3OXdCM2NYbF9uUTNOSE80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC82N2NhZWUtNGMxMS00YTZmLWJmNjMtNTUxOGIwZTg2NTY2
LzEvS3BUSDM0Vlh0bE5FZkQ0Ry0wczNMVkVnb2lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXkAMA0G
CSqGSIb3DQEBCwUAA4IBAQBWbCCs/StzGC6+VnBiizAYbSNautuaOwlLn9DPOoHO
p8Rf1xj3o0fdMkAEnadFTbZQskfs29SE5s9LyrtNcsqGYa/GJrtE9PlZ+i+uTLs8
IpLAm+9AkfoTNDD9xwuxrjbCFSGpktS+eZStATGnoqzS1mF3vQrxmUfKyzWKYnYw
UZLKGz93vmaWrI56gE6dgvUMSxRBGKc3PC91vZ/xXloVBkk9npPWYbeBr+pv+Tx3
iVc1ePX7IwtET2ntE3nzXxNihvLZxunIzbhrMVcWqXaJWnHtcYeFv/iP0E347Q6w
KBEItsm33JqPb1ft534BdIWid+93BMsYBj92VUfiPpdk
-----END CERTIFICATE-----