This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7BMmfsney6GTFeyQfn1k2EQS9XE.roa
File:                     7BMmfsney6GTFeyQfn1k2EQS9XE.roa (raw, json)
Hash identifier:          8sg6k6B3ByIJSsebqD0O1jlTm82sD5RE05pWc7xvc5Q=
Subject key identifier:   EC:13:26:7E:C9:DE:CB:A1:93:15:EC:90:7E:7D:64:D8:44:12:F5:71
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AE17DA4276443DE5E30B4BA1F0EA0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7BMmfsney6GTFeyQfn1k2EQS9XE.roa
Signing time:             Thu 01 Jan 2026 16:18:54 +0000
ROA not before:           Thu 01 Jan 2026 16:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215523
IP address blocks:        217.145.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e1:7d:a4:27:64:43:de:5e:30:b4:ba:1f:0e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec13267ec9decba19315ec907e7d64d84412f571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:23:43:4e:48:ef:13:d4:d6:c0:ad:95:91:c7:
                    7b:5a:56:19:e4:3a:94:56:a5:33:52:0c:e2:ab:5b:
                    e8:7d:ab:6f:4c:e3:7b:5c:7d:e2:1b:e1:93:6c:f8:
                    04:89:ae:26:b4:7d:19:1a:90:8a:1f:59:ba:a7:e4:
                    91:d9:dd:32:06:92:3f:b4:a4:95:d7:3b:0d:6f:f9:
                    ed:74:f8:78:16:db:a4:73:95:c3:39:97:b1:c5:0c:
                    45:8b:99:ed:2a:6e:9e:cf:d5:3e:f7:99:4f:04:06:
                    70:67:87:61:c4:13:b0:a5:0d:33:1f:9f:d2:fe:a7:
                    88:f8:8a:b5:19:8e:3c:e3:0f:8b:3d:9d:56:5f:84:
                    fe:32:a1:07:a7:ff:d7:9c:2e:b5:22:0d:4d:10:dc:
                    96:2f:19:eb:19:b6:c6:83:2a:de:dd:71:bf:ba:c4:
                    0b:e1:84:f7:fc:70:0a:dd:a1:6c:11:af:ec:5e:39:
                    ca:ac:aa:5a:46:2e:af:59:77:bc:d7:77:af:f5:ff:
                    f5:09:ce:37:74:d8:48:99:e7:ea:15:b8:28:c3:89:
                    0a:97:84:4e:0d:33:30:36:5c:50:24:7e:96:0c:48:
                    37:21:46:a7:1a:26:b4:75:7b:07:b6:9d:0a:88:62:
                    16:6c:4d:56:f7:11:eb:ed:28:f4:3b:72:24:c8:00:
                    b2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:13:26:7E:C9:DE:CB:A1:93:15:EC:90:7E:7D:64:D8:44:12:F5:71
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7BMmfsney6GTFeyQfn1k2EQS9XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:e2:30:74:22:f0:c9:13:a7:78:13:e9:64:74:01:a4:ae:96:
         79:d8:f2:71:75:44:8f:6a:e9:12:58:4c:bb:23:26:42:e8:9b:
         94:89:3f:a7:f8:42:26:7f:51:73:38:5f:fa:8d:23:35:24:84:
         86:90:56:63:22:b2:e4:d5:56:81:f3:1e:ea:97:8d:2b:46:b5:
         ac:94:8b:80:b7:6b:fa:85:8e:8e:58:8d:f8:68:61:dc:f1:61:
         a2:84:5a:01:08:92:f7:83:75:d6:4c:ea:6e:32:d2:ba:40:16:
         2d:d1:9a:63:35:9b:ec:7d:a5:f7:bc:cc:7b:b8:38:e6:f8:09:
         13:ef:d7:14:34:5c:1c:52:64:5a:4b:09:cd:f5:6f:89:46:1a:
         4c:d8:4f:12:d5:69:8a:f7:a5:01:c9:fc:b0:95:58:e0:55:40:
         e2:ba:57:b5:14:ec:fd:22:aa:6d:29:e4:3a:4e:97:3f:20:23:
         31:52:04:a0:ff:80:54:b6:bc:01:5c:0a:8a:77:91:64:c9:07:
         3e:7b:f6:d2:02:01:92:6e:8e:f6:78:16:0e:d6:ea:ec:d1:e9:
         cf:08:bf:c7:34:7c:ca:08:44:98:ca:66:77:99:6f:b4:6f:4d:
         8a:5d:ae:c3:34:75:11:aa:42:99:dc:e4:8c:56:9f:1d:7a:56:
         0d:16:76:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WuF9pCdkQ95eMLS6Hw6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzEzMjY3ZWM5ZGVjYmExOTMxNWVjOTA3ZTdkNjRkODQ0MTJmNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiNDTkjvE9TWwK2Vkcd7WlYZ5DqU
VqUzUgziq1vofatvTON7XH3iG+GTbPgEia4mtH0ZGpCKH1m6p+SR2d0yBpI/tKSV
1zsNb/ntdPh4Ftukc5XDOZexxQxFi5ntKm6ez9U+95lPBAZwZ4dhxBOwpQ0zH5/S
/qeI+Iq1GY484w+LPZ1WX4T+MqEHp//XnC61Ig1NENyWLxnrGbbGgyre3XG/usQL
4YT3/HAK3aFsEa/sXjnKrKpaRi6vWXe813ev9f/1Cc43dNhImefqFbgow4kKl4RO
DTMwNlxQJH6WDEg3IUanGia0dXsHtp0KiGIWbE1W9xHr7Sj0O3IkyACyywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwTJn7J3suhkxXskH59ZNhEEvVxMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN0JNbWZzbmV5NkdURmV5UWZuMWsyRVFTOVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFMMA0G
CSqGSIb3DQEBCwUAA4IBAQAG4jB0IvDJE6d4E+lkdAGkrpZ52PJxdUSPaukSWEy7
IyZC6JuUiT+n+EImf1FzOF/6jSM1JISGkFZjIrLk1VaB8x7ql40rRrWslIuAt2v6
hY6OWI34aGHc8WGihFoBCJL3g3XWTOpuMtK6QBYt0ZpjNZvsfaX3vMx7uDjm+AkT
79cUNFwcUmRaSwnN9W+JRhpM2E8S1WmK96UByfywlVjgVUDiule1FOz9IqptKeQ6
Tpc/ICMxUgSg/4BUtrwBXAqKd5FkyQc+e/bSAgGSbo72eBYO1urs0enPCL/HNHzK
CESYymZ3mW+0b02KXa7DNHURqkKZ3OSMVp8delYNFnZs
-----END CERTIFICATE-----