This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/7MqIqmbLOZCvYlEMG9u9KyE6Ytk.roa
File:                     7MqIqmbLOZCvYlEMG9u9KyE6Ytk.roa (raw, json)
Hash identifier:          zRxcr077zFRaZAIgIWm+iYU3FdaVL/l6dLqFNAGhIKM=
Subject key identifier:   EC:CA:88:AA:66:CB:39:90:AF:62:51:0C:1B:DB:BD:2B:21:3A:62:D9
Certificate issuer:       /CN=854bb7aa3908c998de3c42f7e1849538b0592617
Certificate serial:       019B7D5B13D54DA1BFE5B0F42933D7E26ED9
Authority key identifier: 85:4B:B7:AA:39:08:C9:98:DE:3C:42:F7:E1:84:95:38:B0:59:26:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUu3qjkIyZjePEL34YSVOLBZJhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/7MqIqmbLOZCvYlEMG9u9KyE6Ytk.roa
Signing time:             Fri 02 Jan 2026 06:17:59 +0000
ROA not before:           Fri 02 Jan 2026 06:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39522
IP address blocks:        193.36.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/hUu3qjkIyZjePEL34YSVOLBZJhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/hUu3qjkIyZjePEL34YSVOLBZJhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUu3qjkIyZjePEL34YSVOLBZJhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:13:d5:4d:a1:bf:e5:b0:f4:29:33:d7:e2:6e:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854bb7aa3908c998de3c42f7e1849538b0592617
        Validity
            Not Before: Jan  2 06:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ecca88aa66cb3990af62510c1bdbbd2b213a62d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f5:2b:b0:28:0a:f8:d8:2d:1e:0a:3e:27:73:
                    36:b8:a9:96:ba:42:58:ef:80:ab:b2:ad:82:f2:87:
                    58:cc:64:91:47:12:04:87:93:3e:4b:43:7f:91:bc:
                    61:32:86:d5:40:30:cb:cf:57:49:53:e8:4a:9c:91:
                    4d:57:3f:62:79:ab:5f:3d:a4:b3:0b:26:e2:d7:72:
                    eb:b4:5c:04:90:e0:4a:2d:87:52:f4:9f:e9:1b:84:
                    28:9f:9d:62:fe:cb:7b:fd:87:13:28:59:79:67:93:
                    47:82:5e:a1:4e:17:7a:3c:82:f0:f1:b7:a1:e4:d5:
                    ce:d1:6d:14:37:7c:27:07:ad:32:bd:43:aa:ed:82:
                    03:0d:7a:af:0f:e8:f4:82:59:a9:51:fc:d8:0c:00:
                    a5:8f:98:5d:33:41:a7:f3:5f:8f:2c:08:d3:3b:5e:
                    eb:b4:c8:57:6a:26:02:71:82:4f:88:dd:e7:a7:df:
                    0b:8f:76:48:34:9a:50:08:e3:ad:b5:a8:dd:05:b1:
                    f8:ea:a9:86:1c:44:7d:72:3d:6d:fd:82:15:09:aa:
                    92:68:f2:11:2f:e4:92:35:4e:d3:e6:89:4b:b3:70:
                    9f:e6:7f:2f:5c:d6:77:f9:11:cb:d0:7a:79:9f:89:
                    83:f2:47:89:24:77:1d:6a:03:67:36:b9:63:c8:d2:
                    9f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:CA:88:AA:66:CB:39:90:AF:62:51:0C:1B:DB:BD:2B:21:3A:62:D9
            X509v3 Authority Key Identifier:
                keyid:85:4B:B7:AA:39:08:C9:98:DE:3C:42:F7:E1:84:95:38:B0:59:26:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUu3qjkIyZjePEL34YSVOLBZJhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/7MqIqmbLOZCvYlEMG9u9KyE6Ytk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/hUu3qjkIyZjePEL34YSVOLBZJhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:34:3e:f5:e9:0b:b9:b4:3f:34:50:0c:54:ad:48:14:3c:f9:
         58:54:39:03:78:5e:d2:ff:02:34:b1:c0:6e:2c:43:e0:41:1b:
         e2:98:3a:5c:44:0c:2f:67:ca:cd:0b:43:00:84:79:29:92:0c:
         60:8c:0d:25:b8:ee:01:03:60:f4:92:27:72:86:3d:c1:13:7d:
         82:d3:40:06:78:e6:b8:d6:95:f0:30:3b:d7:f5:fd:3d:dd:e8:
         69:b9:5d:06:52:ca:06:48:90:01:fe:fe:49:6f:ad:31:84:7f:
         19:4c:ed:d0:37:10:97:e3:84:8d:a9:0a:e9:8d:3f:13:17:d1:
         6a:d0:bb:1b:3f:8d:4c:99:30:72:ae:81:ac:15:a4:ff:ca:3c:
         5b:cb:a4:d3:f4:09:06:63:84:e5:fd:6b:79:f2:1a:e3:9a:ac:
         f2:fb:04:b9:cb:30:41:68:60:5b:e9:1f:38:23:ad:5c:f9:19:
         93:5e:a5:b1:21:b4:78:91:9b:10:4d:15:5f:4d:63:09:02:81:
         b5:13:35:ab:ab:eb:6f:fb:96:f4:4b:03:d0:d4:c5:a0:76:93:
         45:47:23:9b:e8:d9:49:b6:2d:02:22:b6:0d:fb:17:ac:1d:d7:
         4e:73:2f:89:16:1a:83:99:37:8c:fb:1a:e3:a5:d5:80:c1:9f:
         85:9d:0f:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WxPVTaG/5bD0KTPX4m7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGJiN2FhMzkwOGM5OThkZTNjNDJmN2UxODQ5NTM4YjA1
OTI2MTcwHhcNMjYwMTAyMDYxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2NhODhhYTY2Y2IzOTkwYWY2MjUxMGMxYmRiYmQyYjIxM2E2MmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPUrsCgK+NgtHgo+J3M2uKmWukJY
74Crsq2C8odYzGSRRxIEh5M+S0N/kbxhMobVQDDLz1dJU+hKnJFNVz9ieatfPaSz
Cybi13LrtFwEkOBKLYdS9J/pG4Qon51i/st7/YcTKFl5Z5NHgl6hThd6PILw8beh
5NXO0W0UN3wnB60yvUOq7YIDDXqvD+j0glmpUfzYDAClj5hdM0Gn81+PLAjTO17r
tMhXaiYCcYJPiN3np98Lj3ZINJpQCOOttajdBbH46qmGHER9cj1t/YIVCaqSaPIR
L+SSNU7T5olLs3Cf5n8vXNZ3+RHL0Hp5n4mD8keJJHcdagNnNrljyNKffwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzKiKpmyzmQr2JRDBvbvSshOmLZMB8GA1UdIwQY
MBaAFIVLt6o5CMmY3jxC9+GElTiwWSYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFV1M3Fqa0l5WmplUEVMMzRZU1ZPTEJaSmhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NjU4MjYtZWI5My00NzBlLWI2N2Et
NjRlNTJiOWRkOGQxLzEvN01xSXFtYkxPWkN2WWxFTUc5dTlLeUU2WXRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NjU4MjYtZWI5My00NzBlLWI2N2EtNjRlNTJiOWRkOGQx
LzEvaFV1M3Fqa0l5WmplUEVMMzRZU1ZPTEJaSmhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSQhMA0G
CSqGSIb3DQEBCwUAA4IBAQCqND716Qu5tD80UAxUrUgUPPlYVDkDeF7S/wI0scBu
LEPgQRvimDpcRAwvZ8rNC0MAhHkpkgxgjA0luO4BA2D0kidyhj3BE32C00AGeOa4
1pXwMDvX9f093ehpuV0GUsoGSJAB/v5Jb60xhH8ZTO3QNxCX44SNqQrpjT8TF9Fq
0LsbP41MmTByroGsFaT/yjxby6TT9AkGY4Tl/Wt58hrjmqzy+wS5yzBBaGBb6R84
I61c+RmTXqWxIbR4kZsQTRVfTWMJAoG1EzWrq+tv+5b0SwPQ1MWgdpNFRyOb6NlJ
ti0CIrYN+xesHddOcy+JFhqDmTeM+xrjpdWAwZ+FnQ8j
-----END CERTIFICATE-----