This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/lyKU2cRz1rwVy67EiMdpJEVU-uw.roa
File:                     lyKU2cRz1rwVy67EiMdpJEVU-uw.roa (raw, json)
Hash identifier:          MyEdGCpP2vsnLyoMOlKjt9pc63D/h3XJBUfmhnb515g=
Subject key identifier:   97:22:94:D9:C4:73:D6:BC:15:CB:AE:C4:88:C7:69:24:45:54:FA:EC
Certificate issuer:       /CN=f7aa039b886b226578bdb6a42781bf59044bb138
Certificate serial:       019B7E380E7E6D9F7280075B80A3BBCE959D
Authority key identifier: F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/lyKU2cRz1rwVy67EiMdpJEVU-uw.roa
Signing time:             Fri 02 Jan 2026 10:19:21 +0000
ROA not before:           Fri 02 Jan 2026 10:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35000
IP address blocks:        185.7.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:0e:7e:6d:9f:72:80:07:5b:80:a3:bb:ce:95:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7aa039b886b226578bdb6a42781bf59044bb138
        Validity
            Not Before: Jan  2 10:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=972294d9c473d6bc15cbaec488c769244554faec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bc:33:ee:96:51:e5:d7:84:db:01:1a:c9:68:
                    7f:b0:f9:dd:8d:b5:ab:d8:8c:76:c6:50:41:e6:78:
                    35:07:dd:a5:83:0a:0a:93:80:c8:9d:25:a1:39:cc:
                    3b:ad:26:37:f6:d6:f7:f9:29:80:03:58:aa:d2:f1:
                    b1:ed:9b:29:56:d2:71:47:fc:9e:cb:99:1e:d1:e4:
                    09:dd:c5:bb:8e:a3:a2:f0:fb:a5:2b:a7:4d:b6:ef:
                    c9:b7:76:ee:28:77:a1:34:16:5f:01:10:fb:f3:8d:
                    97:2c:e9:62:d4:d0:17:f8:e1:5b:f1:21:d1:38:14:
                    e8:ad:f6:6a:bf:3b:15:9e:4f:6b:ed:e5:0e:73:01:
                    12:6f:1a:c5:82:80:3e:d6:0a:b0:02:d0:85:54:63:
                    11:d3:2e:ab:2e:33:66:d9:69:97:94:61:7d:79:13:
                    6a:14:8e:59:87:43:28:29:e3:d0:57:2c:a0:59:42:
                    ad:c6:c9:ce:84:24:b6:f7:40:9d:a7:01:31:a5:9a:
                    17:bb:e9:75:06:94:50:38:23:29:63:43:b6:7f:85:
                    3a:a0:26:08:2d:aa:65:3c:77:ea:56:e4:1f:66:cf:
                    f6:6e:a3:da:8f:4f:36:fe:1c:ae:b9:c7:bc:c2:51:
                    98:a0:62:b6:a1:3d:e2:52:f4:f8:76:bb:d5:7c:ec:
                    08:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:22:94:D9:C4:73:D6:BC:15:CB:AE:C4:88:C7:69:24:45:54:FA:EC
            X509v3 Authority Key Identifier:
                keyid:F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/lyKU2cRz1rwVy67EiMdpJEVU-uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:bf:32:fa:aa:94:ea:0a:8f:c8:f8:7f:9a:51:a6:21:fd:f7:
         99:92:70:7f:9d:d6:06:e9:d7:e6:a2:a2:73:6c:6c:50:b5:0c:
         2e:21:bf:61:6d:b0:3d:74:ca:ac:37:3c:0c:6b:0a:56:4e:dd:
         8f:66:6e:93:46:af:b4:3c:7e:68:10:33:64:48:04:aa:44:cd:
         12:11:bc:11:40:4c:f3:23:a3:89:ed:3a:ec:4a:aa:0c:65:4a:
         63:5e:bb:ab:81:69:77:13:72:cf:35:d3:a8:88:f0:b8:ed:37:
         ba:2d:cf:2e:ff:0d:98:bf:7c:72:78:11:68:71:e4:f1:5c:a4:
         43:1e:80:82:ff:41:9d:c8:23:85:85:56:59:05:e3:fc:8b:08:
         2f:f0:50:8b:00:b4:ed:5b:0c:ca:30:a2:37:48:45:e4:ba:2e:
         dd:9f:92:38:4e:35:ea:e8:98:36:78:7e:06:22:19:4a:ea:0b:
         3e:c8:32:2e:b6:7a:39:0c:c5:75:d8:4a:52:d3:f5:62:be:97:
         55:36:1a:83:65:26:ae:59:75:9e:71:21:04:6d:7f:1a:2e:dd:
         b0:65:4d:6e:3f:9a:c2:8b:c7:34:86:03:b2:7d:cc:59:c7:7a:
         73:6c:4c:1e:61:eb:b4:35:11:b5:2c:6a:24:ba:84:df:61:0b:
         e9:5f:37:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OA5+bZ9ygAdbgKO7zpWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YWEwMzliODg2YjIyNjU3OGJkYjZhNDI3ODFiZjU5MDQ0
YmIxMzgwHhcNMjYwMTAyMTAxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzIyOTRkOWM0NzNkNmJjMTVjYmFlYzQ4OGM3NjkyNDQ1NTRmYWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbwz7pZR5deE2wEayWh/sPndjbWr
2Ix2xlBB5ng1B92lgwoKk4DInSWhOcw7rSY39tb3+SmAA1iq0vGx7ZspVtJxR/ye
y5ke0eQJ3cW7jqOi8PulK6dNtu/Jt3buKHehNBZfARD7842XLOli1NAX+OFb8SHR
OBTorfZqvzsVnk9r7eUOcwESbxrFgoA+1gqwAtCFVGMR0y6rLjNm2WmXlGF9eRNq
FI5Zh0MoKePQVyygWUKtxsnOhCS290CdpwExpZoXu+l1BpRQOCMpY0O2f4U6oCYI
LaplPHfqVuQfZs/2bqPaj082/hyuuce8wlGYoGK2oT3iUvT4drvVfOwIeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcilNnEc9a8FcuuxIjHaSRFVPrsMB8GA1UdIwQY
MBaAFPeqA5uIayJleL22pCeBv1kES7E4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWIt
NmY2MjFkNzM2YWZmLzEvbHlLVTJjUnoxcndWeTY3RWlNZHBKRVZVLXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWItNmY2MjFkNzM2YWZm
LzEvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQeTMA0G
CSqGSIb3DQEBCwUAA4IBAQCCvzL6qpTqCo/I+H+aUaYh/feZknB/ndYG6dfmoqJz
bGxQtQwuIb9hbbA9dMqsNzwMawpWTt2PZm6TRq+0PH5oEDNkSASqRM0SEbwRQEzz
I6OJ7TrsSqoMZUpjXrurgWl3E3LPNdOoiPC47Te6Lc8u/w2Yv3xyeBFoceTxXKRD
HoCC/0GdyCOFhVZZBeP8iwgv8FCLALTtWwzKMKI3SEXkui7dn5I4TjXq6Jg2eH4G
IhlK6gs+yDIutno5DMV12EpS0/VivpdVNhqDZSauWXWecSEEbX8aLt2wZU1uP5rC
i8c0hgOyfcxZx3pzbEweYeu0NRG1LGokuoTfYQvpXzeB
-----END CERTIFICATE-----