This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/d81b59-c05a-48fe-b5b1-158927337689/1/7WMHMRqYOCVJJOdVZn2toCGJ2Gg.roa
File:                     7WMHMRqYOCVJJOdVZn2toCGJ2Gg.roa (raw, json)
Hash identifier:          u4kYKOpJoWTw0MlXSHwcNaxRXss2R6FxZn1Z49E09Go=
Subject key identifier:   ED:63:07:31:1A:98:38:25:49:24:E7:55:66:7D:AD:A0:21:89:D8:68
Certificate issuer:       /CN=45617d2e086358dda7bdb0dc466ca1c86ed4feca
Certificate serial:       019B7DCA228DD93C4F1D70030AE176923324
Authority key identifier: 45:61:7D:2E:08:63:58:DD:A7:BD:B0:DC:46:6C:A1:C8:6E:D4:FE:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWF9LghjWN2nvbDcRmyhyG7U_so.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/d81b59-c05a-48fe-b5b1-158927337689/1/7WMHMRqYOCVJJOdVZn2toCGJ2Gg.roa
Signing time:             Fri 02 Jan 2026 08:19:17 +0000
ROA not before:           Fri 02 Jan 2026 08:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209050
IP address blocks:        195.2.220.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/d81b59-c05a-48fe-b5b1-158927337689/1/RWF9LghjWN2nvbDcRmyhyG7U_so.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/d81b59-c05a-48fe-b5b1-158927337689/1/RWF9LghjWN2nvbDcRmyhyG7U_so.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWF9LghjWN2nvbDcRmyhyG7U_so.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:22:8d:d9:3c:4f:1d:70:03:0a:e1:76:92:33:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45617d2e086358dda7bdb0dc466ca1c86ed4feca
        Validity
            Not Before: Jan  2 08:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed6307311a9838254924e755667dada02189d868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a6:53:df:85:05:24:1b:82:f9:a6:4b:d9:7d:
                    6a:5b:ea:61:11:2e:9d:6b:e5:7f:b9:7d:79:c1:af:
                    e6:3c:3e:d8:63:ad:9a:0a:38:68:59:2c:02:33:fb:
                    48:1c:01:ec:f6:b2:4a:89:03:8b:6c:86:3f:87:ad:
                    8c:68:55:49:27:b9:29:1b:fb:be:e0:e7:c9:ac:08:
                    22:31:3c:a9:af:e4:28:10:a5:f5:e8:39:21:9c:b8:
                    a2:04:c7:4d:89:f8:ce:7a:27:66:c6:c4:e7:1a:5e:
                    d5:9c:8e:13:66:db:5f:10:58:34:c9:e4:8c:f2:f3:
                    74:6c:3d:e0:06:6b:0e:90:12:7e:f3:c2:50:de:cf:
                    12:59:f4:47:53:93:1b:36:db:c1:48:5e:7c:ec:3f:
                    1d:8d:7f:08:e2:f5:73:b4:46:48:bd:4b:8b:e9:c0:
                    5a:ef:d7:6a:9a:83:6b:48:bd:ac:46:fa:7f:d4:8b:
                    62:41:94:35:65:e6:c5:a2:2a:21:e2:48:77:b4:17:
                    08:c4:c0:82:a4:31:70:8e:c7:73:dc:ca:f0:5a:5b:
                    c5:da:69:63:3e:3b:1b:5d:87:a8:e7:0e:a1:43:72:
                    45:d5:95:33:16:15:fe:92:45:7b:70:df:7a:31:90:
                    6a:a7:16:07:bf:08:6a:25:51:f1:a1:7b:b9:df:4a:
                    51:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:63:07:31:1A:98:38:25:49:24:E7:55:66:7D:AD:A0:21:89:D8:68
            X509v3 Authority Key Identifier:
                keyid:45:61:7D:2E:08:63:58:DD:A7:BD:B0:DC:46:6C:A1:C8:6E:D4:FE:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWF9LghjWN2nvbDcRmyhyG7U_so.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/d81b59-c05a-48fe-b5b1-158927337689/1/7WMHMRqYOCVJJOdVZn2toCGJ2Gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/d81b59-c05a-48fe-b5b1-158927337689/1/RWF9LghjWN2nvbDcRmyhyG7U_so.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.2.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:01:11:3a:2b:d4:6e:43:0d:83:db:4e:0b:1d:11:be:6f:f8:
         15:3f:b8:66:4e:ab:be:d9:08:76:63:0b:29:81:96:73:9d:68:
         cb:67:c9:a2:65:c6:c7:ec:cf:c5:ab:5e:0d:b0:cc:70:79:aa:
         00:1b:4e:ac:49:9b:8b:47:31:b5:08:a4:24:83:35:b6:4e:12:
         2e:9d:e5:3d:1d:15:06:a0:f9:78:f3:c6:ce:6c:87:df:2b:2a:
         a7:38:9f:8f:26:5a:5a:71:0a:8e:49:2d:94:a8:71:e9:40:9a:
         d5:16:cf:36:61:5f:12:8d:cf:59:bd:91:59:9a:58:a0:7b:e3:
         9d:61:65:ab:b1:44:59:61:9c:cd:2c:3c:b1:c4:20:df:73:42:
         30:8f:26:05:44:82:13:cf:24:ec:07:14:5d:b2:63:52:d2:12:
         18:33:a4:9d:bc:13:bf:57:df:12:7e:97:25:ad:7f:ca:8c:4f:
         69:ca:fa:92:46:51:bf:25:85:c2:32:cb:b0:4f:3f:01:a8:92:
         d5:1e:f2:34:56:66:cb:e0:a6:c2:80:e6:4f:38:c2:3c:e1:5f:
         30:f6:3e:c4:7e:bf:df:fc:28:97:67:d2:98:ba:af:29:bf:d3:
         01:a3:e6:65:7e:ec:2b:6d:7a:2c:61:ae:48:fc:b6:a7:38:f0:
         ed:aa:15:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yiKN2TxPHXADCuF2kjMkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjE3ZDJlMDg2MzU4ZGRhN2JkYjBkYzQ2NmNhMWM4NmVk
NGZlY2EwHhcNMjYwMTAyMDgxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDYzMDczMTFhOTgzODI1NDkyNGU3NTU2NjdkYWRhMDIxODlkODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6ZT34UFJBuC+aZL2X1qW+phES6d
a+V/uX15wa/mPD7YY62aCjhoWSwCM/tIHAHs9rJKiQOLbIY/h62MaFVJJ7kpG/u+
4OfJrAgiMTypr+QoEKX16DkhnLiiBMdNifjOeidmxsTnGl7VnI4TZttfEFg0yeSM
8vN0bD3gBmsOkBJ+88JQ3s8SWfRHU5MbNtvBSF587D8djX8I4vVztEZIvUuL6cBa
79dqmoNrSL2sRvp/1ItiQZQ1ZebFoioh4kh3tBcIxMCCpDFwjsdz3MrwWlvF2mlj
PjsbXYeo5w6hQ3JF1ZUzFhX+kkV7cN96MZBqpxYHvwhqJVHxoXu530pRMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1jBzEamDglSSTnVWZ9raAhidhoMB8GA1UdIwQY
MBaAFEVhfS4IY1jdp72w3EZsochu1P7KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldGOUxnaGpXTjJudmJEY1JteWh5RzdVX3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9kODFiNTktYzA1YS00OGZlLWI1YjEt
MTU4OTI3MzM3Njg5LzEvN1dNSE1ScVlPQ1ZKSk9kVlpuMnRvQ0dKMkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9kODFiNTktYzA1YS00OGZlLWI1YjEtMTU4OTI3MzM3Njg5
LzEvUldGOUxnaGpXTjJudmJEY1JteWh5RzdVX3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwwLcMA0G
CSqGSIb3DQEBCwUAA4IBAQBGARE6K9RuQw2D204LHRG+b/gVP7hmTqu+2Qh2Ywsp
gZZznWjLZ8miZcbH7M/Fq14NsMxweaoAG06sSZuLRzG1CKQkgzW2ThIuneU9HRUG
oPl488bObIffKyqnOJ+PJlpacQqOSS2UqHHpQJrVFs82YV8Sjc9ZvZFZmlige+Od
YWWrsURZYZzNLDyxxCDfc0IwjyYFRIITzyTsBxRdsmNS0hIYM6SdvBO/V98Sfpcl
rX/KjE9pyvqSRlG/JYXCMsuwTz8BqJLVHvI0VmbL4KbCgOZPOMI84V8w9j7Efr/f
/CiXZ9KYuq8pv9MBo+ZlfuwrbXosYa5I/LanOPDtqhVh
-----END CERTIFICATE-----