This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/6Iy2stVYyAOK3cFHUzFrtU3yqqk.roa
File:                     6Iy2stVYyAOK3cFHUzFrtU3yqqk.roa (raw, json)
Hash identifier:          bKEKJSPPjiwCBk9eimfoK2bSfRI82vMED1F3ZbZRo7E=
Subject key identifier:   E8:8C:B6:B2:D5:58:C8:03:8A:DD:C1:47:53:31:6B:B5:4D:F2:AA:A9
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       019B79ECF557B04F871A98BB88E3B6F0FBED
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/6Iy2stVYyAOK3cFHUzFrtU3yqqk.roa
Signing time:             Thu 01 Jan 2026 14:18:50 +0000
ROA not before:           Thu 01 Jan 2026 14:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205379
IP address blocks:        145.14.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:f5:57:b0:4f:87:1a:98:bb:88:e3:b6:f0:fb:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 14:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e88cb6b2d558c8038addc14753316bb54df2aaa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:7c:be:95:88:c6:b6:a3:57:91:09:03:8e:aa:
                    45:d4:61:a2:73:60:2c:39:74:f7:b0:45:db:f3:8e:
                    f5:d8:5e:bf:0e:d9:cf:5c:6d:8a:e1:bf:e4:2e:0b:
                    fa:1d:90:b3:60:6d:29:f3:58:b0:8d:ce:a8:48:3c:
                    56:45:7c:aa:c7:29:5b:dc:4b:72:e4:c5:c1:c1:ff:
                    2d:e3:8a:4d:6d:ec:16:17:b7:e1:2b:7e:f4:94:c2:
                    ea:38:7d:f8:3f:46:0b:7b:3c:05:24:60:45:68:c0:
                    0c:93:7e:d4:f0:1f:99:f8:63:6d:bf:9c:b4:1a:fb:
                    f1:e0:46:a5:06:3c:a8:ae:2c:d7:1d:0a:43:49:e0:
                    7f:58:80:d9:cb:03:bf:40:48:12:b8:96:1e:76:51:
                    f1:21:6c:cf:c0:07:b8:81:b6:4f:9f:5d:db:91:0f:
                    82:16:e5:31:3e:0f:5d:c5:85:c2:87:4e:4a:11:35:
                    e6:b3:c2:e9:8b:a7:24:dc:10:35:77:51:04:e9:25:
                    8a:a1:5d:0d:47:9d:7f:d7:89:3f:8a:3b:f0:bf:c1:
                    3a:4d:17:a0:38:55:bd:6d:dd:03:d6:29:30:ec:2a:
                    16:02:f0:21:d5:47:84:80:d5:e4:43:e9:e5:17:ac:
                    79:e9:78:48:7d:25:3f:dd:f2:53:dd:57:48:b1:91:
                    9d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:8C:B6:B2:D5:58:C8:03:8A:DD:C1:47:53:31:6B:B5:4D:F2:AA:A9
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/6Iy2stVYyAOK3cFHUzFrtU3yqqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.14.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:61:93:c9:6a:7f:f0:bf:8f:dc:63:54:c7:bc:9f:d3:a0:bf:
         bd:e0:8e:22:68:29:58:17:b3:ce:a8:87:32:1f:24:89:2c:16:
         84:7b:5b:dc:a9:36:05:7d:3d:b0:de:be:fe:55:f7:7c:d2:9d:
         20:1b:92:21:3b:76:1f:3e:f6:3d:bb:62:8c:39:6c:f6:37:c6:
         b8:58:80:dc:e5:eb:78:31:04:4d:39:09:ea:18:53:df:75:a1:
         e0:6d:3c:32:18:55:35:eb:0d:c3:5d:e4:d6:bb:ce:85:0b:4c:
         03:0c:b4:cb:38:45:ac:f3:77:52:0d:3d:f2:83:68:3c:e0:84:
         e1:cc:d7:d6:58:f1:a3:f7:b2:05:84:31:bf:bf:7b:8e:00:83:
         74:a8:fa:08:c3:ed:93:48:70:a0:8d:e0:bd:24:f2:14:51:d4:
         10:54:7b:5d:9b:cc:ca:8c:1d:62:f0:33:fb:83:30:31:db:eb:
         58:59:bc:2c:d1:26:38:62:e7:33:66:fb:e7:1e:82:a2:fa:5e:
         98:2b:cf:da:5d:b7:0d:e1:69:16:7c:c0:65:5e:0f:f1:f0:68:
         ca:5b:c0:56:e1:a2:45:86:de:63:b8:d6:e2:12:78:56:7a:49:
         ab:a7:ed:bc:2d:28:05:50:b3:93:5b:03:8e:16:e8:37:c1:f4:
         5a:fc:80:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57PVXsE+HGpi7iOO28PvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjYwMTAxMTQxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODhjYjZiMmQ1NThjODAzOGFkZGMxNDc1MzMxNmJiNTRkZjJhYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXy+lYjGtqNXkQkDjqpF1GGic2As
OXT3sEXb84712F6/DtnPXG2K4b/kLgv6HZCzYG0p81iwjc6oSDxWRXyqxylb3Ety
5MXBwf8t44pNbewWF7fhK370lMLqOH34P0YLezwFJGBFaMAMk37U8B+Z+GNtv5y0
Gvvx4EalBjyorizXHQpDSeB/WIDZywO/QEgSuJYedlHxIWzPwAe4gbZPn13bkQ+C
FuUxPg9dxYXCh05KETXms8Lpi6ck3BA1d1EE6SWKoV0NR51/14k/ijvwv8E6TReg
OFW9bd0D1ikw7CoWAvAh1UeEgNXkQ+nlF6x56XhIfSU/3fJT3VdIsZGd6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiMtrLVWMgDit3BR1Mxa7VN8qqpMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvNkl5MnN0Vll5QU9LM2NGSFV6RnJ0VTN5cXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkQ4HMA0G
CSqGSIb3DQEBCwUAA4IBAQAsYZPJan/wv4/cY1THvJ/ToL+94I4iaClYF7POqIcy
HySJLBaEe1vcqTYFfT2w3r7+Vfd80p0gG5IhO3YfPvY9u2KMOWz2N8a4WIDc5et4
MQRNOQnqGFPfdaHgbTwyGFU16w3DXeTWu86FC0wDDLTLOEWs83dSDT3yg2g84ITh
zNfWWPGj97IFhDG/v3uOAIN0qPoIw+2TSHCgjeC9JPIUUdQQVHtdm8zKjB1i8DP7
gzAx2+tYWbws0SY4YuczZvvnHoKi+l6YK8/aXbcN4WkWfMBlXg/x8GjKW8BW4aJF
ht5juNbiEnhWekmrp+28LSgFULOTWwOOFug3wfRa/IA1
-----END CERTIFICATE-----