This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/p7g_aaQmBE2hgzfhh5WqOTceI5U.roa
File:                     p7g_aaQmBE2hgzfhh5WqOTceI5U.roa (raw, json)
Hash identifier:          FYh3NTK+1RET5BPwik+flQQE4RcQ8wfa6nwX6WDuW+M=
Subject key identifier:   A7:B8:3F:69:A4:26:04:4D:A1:83:37:E1:87:95:AA:39:37:1E:23:95
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019BDAE470EE2AB979564FB018D8509C8504
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/p7g_aaQmBE2hgzfhh5WqOTceI5U.roa
Signing time:             Tue 20 Jan 2026 10:12:42 +0000
ROA not before:           Tue 20 Jan 2026 10:12:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209675
IP address blocks:        151.243.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:44:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:da:e4:70:ee:2a:b9:79:56:4f:b0:18:d8:50:9c:85:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 20 10:12:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7b83f69a426044da18337e18795aa39371e2395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:72:d5:44:20:5a:27:6f:38:c9:43:fe:f2:
                    61:77:5c:1a:72:6f:40:3b:62:2a:20:c4:5f:01:fb:
                    ad:be:bd:a4:ff:f0:a3:2c:d4:4f:9f:2a:94:d2:f3:
                    4f:47:71:4c:ef:f6:ef:9c:22:37:29:9f:d9:fb:7d:
                    70:ae:b5:da:a2:f5:20:c1:7a:a7:1b:88:d6:80:96:
                    2f:e2:99:37:32:c6:45:62:11:0e:aa:97:7b:7c:a4:
                    4a:4f:28:9e:52:74:4c:46:c7:18:71:ae:e1:cc:68:
                    2b:0b:79:01:2e:92:5b:81:41:0d:13:ee:ae:76:c0:
                    aa:b8:2f:1a:ac:80:6c:30:f3:3d:20:8e:a2:84:58:
                    59:2f:3b:cd:68:05:e5:a0:74:dc:91:c0:a8:0f:f7:
                    9d:41:26:64:d4:8b:80:c9:5f:87:f2:b6:c0:60:50:
                    29:61:d4:df:2d:cc:20:34:97:cf:c4:f6:8a:d4:bd:
                    72:00:40:ff:d7:e8:2f:3d:1b:85:5a:a3:33:ac:6c:
                    5a:c4:bc:bd:65:2a:3c:61:1d:0b:29:21:97:1f:5d:
                    d2:d1:b8:ec:ea:69:64:93:70:3b:0c:5b:f7:8b:b8:
                    d0:46:b5:45:95:a1:c5:c4:c8:7f:30:4a:6c:51:d0:
                    f9:a7:98:6c:32:06:c4:54:c4:33:7e:9d:12:43:f3:
                    e8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B8:3F:69:A4:26:04:4D:A1:83:37:E1:87:95:AA:39:37:1E:23:95
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/p7g_aaQmBE2hgzfhh5WqOTceI5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:27:97:b2:cb:f2:d3:da:9b:6d:a4:c2:25:75:a2:71:22:66:
         d3:4c:38:8d:c1:ad:5d:dd:ff:10:0c:cf:19:da:24:16:20:c1:
         d2:29:8a:9a:18:65:a8:77:f1:26:96:da:39:e1:84:6c:21:2a:
         35:a5:cb:20:3d:bc:65:e9:64:25:6a:a8:24:2e:51:6d:2f:ee:
         93:2d:67:0e:c6:bd:a9:97:23:9f:7a:57:33:6e:f5:95:db:1e:
         bc:0b:3e:ae:35:4d:0b:77:7a:b7:3a:51:c8:aa:d4:96:f3:c5:
         53:cd:34:b0:8a:14:81:cd:77:5c:66:60:b5:03:ac:a6:d3:3f:
         14:12:36:50:30:89:ba:eb:46:e0:49:e5:c7:70:47:c2:8e:f9:
         c0:88:3f:18:db:a6:f2:f0:83:c6:e6:3b:b6:98:5c:19:96:d3:
         59:64:df:08:92:2c:53:a6:88:f7:c4:03:ed:a4:7e:bb:86:0d:
         f7:ef:20:ed:77:ab:59:67:13:7e:b1:65:e5:03:6a:7c:ba:60:
         3a:3c:e0:07:94:42:a0:0f:d8:8e:66:1e:73:8f:85:f9:2b:c0:
         7a:c0:4c:fa:37:28:77:22:57:ca:23:f0:93:e5:ed:13:f7:f9:
         fb:0c:64:0f:b6:d9:2e:5a:1f:43:b4:b3:a0:56:29:83:64:48:
         86:6a:03:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZva5HDuKrl5Vk+wGNhQnIUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTIwMTAxMjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2I4M2Y2OWE0MjYwNDRkYTE4MzM3ZTE4Nzk1YWEzOTM3MWUyMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfJy1UQgWidvOMlD/vJhd1wacm9A
O2IqIMRfAfutvr2k//CjLNRPnyqU0vNPR3FM7/bvnCI3KZ/Z+31wrrXaovUgwXqn
G4jWgJYv4pk3MsZFYhEOqpd7fKRKTyieUnRMRscYca7hzGgrC3kBLpJbgUENE+6u
dsCquC8arIBsMPM9II6ihFhZLzvNaAXloHTckcCoD/edQSZk1IuAyV+H8rbAYFAp
YdTfLcwgNJfPxPaK1L1yAED/1+gvPRuFWqMzrGxaxLy9ZSo8YR0LKSGXH13S0bjs
6mlkk3A7DFv3i7jQRrVFlaHFxMh/MEpsUdD5p5hsMgbEVMQzfp0SQ/Po9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKe4P2mkJgRNoYM34YeVqjk3HiOVMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcDdnX2FhUW1CRTJoZ3pmaGg1V3FPVGNlSTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/PxMA0G
CSqGSIb3DQEBCwUAA4IBAQAdJ5eyy/LT2pttpMIldaJxImbTTDiNwa1d3f8QDM8Z
2iQWIMHSKYqaGGWod/Emlto54YRsISo1pcsgPbxl6WQlaqgkLlFtL+6TLWcOxr2p
lyOfelczbvWV2x68Cz6uNU0Ld3q3OlHIqtSW88VTzTSwihSBzXdcZmC1A6ym0z8U
EjZQMIm660bgSeXHcEfCjvnAiD8Y26by8IPG5ju2mFwZltNZZN8IkixTpoj3xAPt
pH67hg337yDtd6tZZxN+sWXlA2p8umA6POAHlEKgD9iOZh5zj4X5K8B6wEz6Nyh3
IlfKI/CT5e0T9/n7DGQPttkuWh9DtLOgVimDZEiGagOC
-----END CERTIFICATE-----