This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/P7wv0TBgiECiEBUf1EgkMnv47Po.roa
File:                     P7wv0TBgiECiEBUf1EgkMnv47Po.roa (raw, json)
Hash identifier:          rqQESPX4LWrWYgKl1zOfXltaaGJ18DHxc3dAwU1KR9k=
Subject key identifier:   3F:BC:2F:D1:30:60:88:40:A2:10:15:1F:D4:48:24:32:7B:F8:EC:FA
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       019B7CEDBDC6824C5230FA4191A0B5776F5E
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/P7wv0TBgiECiEBUf1EgkMnv47Po.roa
Signing time:             Fri 02 Jan 2026 04:18:33 +0000
ROA not before:           Fri 02 Jan 2026 04:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42041
IP address blocks:        31.128.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:bd:c6:82:4c:52:30:fa:41:91:a0:b5:77:6f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  2 04:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fbc2fd130608840a210151fd44824327bf8ecfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:df:0b:da:78:ba:4d:b8:d8:d5:5f:e8:6b:10:
                    b0:47:84:08:1c:85:4b:c1:7f:61:51:76:f0:34:88:
                    51:9d:42:40:05:3d:b0:4d:84:7b:6c:2d:16:e9:ed:
                    46:eb:9f:a1:e3:9c:08:ec:ac:04:0b:d0:6f:0a:c5:
                    ee:81:d9:b2:03:bb:c9:0a:6a:b0:03:ca:d4:5b:c5:
                    c0:81:69:b5:93:2d:9f:63:de:87:f8:0d:3b:f5:1d:
                    94:68:4c:bb:1e:60:49:58:07:56:94:a4:75:00:91:
                    18:84:8a:dc:07:d6:a4:58:c6:47:62:18:e1:e1:e7:
                    c0:54:ca:81:8d:da:a9:94:60:06:9f:9d:75:e7:a3:
                    3c:d8:53:f2:5e:e5:7e:a3:83:87:2f:3e:24:94:58:
                    b0:86:cc:c5:16:5c:66:46:ac:7c:b0:9f:ae:03:9a:
                    21:a8:88:33:58:fd:14:cd:0b:04:7c:dd:30:3d:31:
                    51:25:38:af:3b:b9:d4:20:6c:5b:73:8f:69:97:c8:
                    e2:8f:9c:64:41:6d:89:ca:79:6f:19:0a:f4:64:26:
                    4b:75:db:97:49:8a:48:3a:de:2c:4a:a5:d4:2c:8b:
                    d8:c4:26:aa:50:a1:c8:59:5c:70:ee:fa:10:cd:53:
                    cd:15:12:bb:9c:f4:9b:b7:18:9f:bc:7a:05:43:1b:
                    7f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:BC:2F:D1:30:60:88:40:A2:10:15:1F:D4:48:24:32:7B:F8:EC:FA
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/P7wv0TBgiECiEBUf1EgkMnv47Po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:c7:5c:40:4c:af:2f:12:98:7d:31:f2:44:2a:15:ca:b5:f1:
         f3:b2:15:fc:d7:83:cc:8a:5c:60:b8:50:14:3b:f8:e5:3c:9f:
         32:ec:0a:64:d4:64:e0:b6:4b:65:73:61:4b:be:86:ec:50:65:
         1d:10:3b:7a:23:57:10:a9:2b:dd:02:1f:a6:7b:b1:db:6e:3e:
         fd:a5:10:7e:13:9c:0a:61:ad:02:3d:b7:13:5d:83:87:a7:42:
         ed:a5:ba:35:3e:82:1b:fd:a8:27:f7:a7:78:12:9d:54:13:b9:
         ca:b5:0b:fd:c9:94:a3:31:ec:71:2f:04:85:1c:0e:03:54:41:
         bf:62:30:a3:92:c5:92:43:d3:ba:7e:15:37:f9:73:d6:25:b0:
         99:7a:28:0b:ab:b6:95:53:02:67:62:b2:06:6e:2b:98:82:60:
         dd:1b:50:a0:ee:c3:d2:c1:2d:a5:c0:c1:4b:9e:4b:14:95:6d:
         88:3d:50:2c:a3:74:fc:15:e5:a1:59:2d:6e:e7:60:05:de:1d:
         c9:45:9a:59:33:a6:b3:32:86:90:9a:64:ec:b8:b6:08:54:d5:
         17:eb:c2:5b:12:62:44:9b:fa:40:96:ae:48:41:16:9c:b8:dd:
         f1:9f:34:98:57:f2:f1:5b:05:40:31:11:00:e7:b5:8b:c8:55:
         f5:33:8b:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87b3GgkxSMPpBkaC1d29eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjYwMTAyMDQxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJjMmZkMTMwNjA4ODQwYTIxMDE1MWZkNDQ4MjQzMjdiZjhlY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3d8L2ni6TbjY1V/oaxCwR4QIHIVL
wX9hUXbwNIhRnUJABT2wTYR7bC0W6e1G65+h45wI7KwEC9BvCsXugdmyA7vJCmqw
A8rUW8XAgWm1ky2fY96H+A079R2UaEy7HmBJWAdWlKR1AJEYhIrcB9akWMZHYhjh
4efAVMqBjdqplGAGn51156M82FPyXuV+o4OHLz4klFiwhszFFlxmRqx8sJ+uA5oh
qIgzWP0UzQsEfN0wPTFRJTivO7nUIGxbc49pl8jij5xkQW2JynlvGQr0ZCZLdduX
SYpIOt4sSqXULIvYxCaqUKHIWVxw7voQzVPNFRK7nPSbtxifvHoFQxt/GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+8L9EwYIhAohAVH9RIJDJ7+Oz6MB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvUDd3djBUQmdpRUNpRUJVZjFFZ2tNbnY0N1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4BAMA0G
CSqGSIb3DQEBCwUAA4IBAQB8x1xATK8vEph9MfJEKhXKtfHzshX814PMilxguFAU
O/jlPJ8y7Apk1GTgtktlc2FLvobsUGUdEDt6I1cQqSvdAh+me7Hbbj79pRB+E5wK
Ya0CPbcTXYOHp0Ltpbo1PoIb/agn96d4Ep1UE7nKtQv9yZSjMexxLwSFHA4DVEG/
YjCjksWSQ9O6fhU3+XPWJbCZeigLq7aVUwJnYrIGbiuYgmDdG1Cg7sPSwS2lwMFL
nksUlW2IPVAso3T8FeWhWS1u52AF3h3JRZpZM6azMoaQmmTsuLYIVNUX68JbEmJE
m/pAlq5IQRacuN3xnzSYV/LxWwVAMREA57WLyFX1M4tq
-----END CERTIFICATE-----