This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/S7VSB8bMnzHem9-PYRKs7CJpYpg.roa
File:                     S7VSB8bMnzHem9-PYRKs7CJpYpg.roa (raw, json)
Hash identifier:          Xkmt3ivNtM5U/VoznrjL63MFyqBi5WkWlVP9ktx+/Dc=
Subject key identifier:   4B:B5:52:07:C6:CC:9F:31:DE:9B:DF:8F:61:12:AC:EC:22:69:62:98
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019B7BA51DA4F889856976426F4BC78E7C6B
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/S7VSB8bMnzHem9-PYRKs7CJpYpg.roa
Signing time:             Thu 01 Jan 2026 22:19:37 +0000
ROA not before:           Thu 01 Jan 2026 22:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209679
IP address blocks:        92.255.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:1d:a4:f8:89:85:69:76:42:6f:4b:c7:8e:7c:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  1 22:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bb55207c6cc9f31de9bdf8f6112acec22696298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ce:63:57:f5:fc:83:97:97:f6:77:9c:9c:f2:
                    68:d3:98:45:1c:79:f0:a4:a9:66:f8:55:30:fe:01:
                    23:8f:60:49:a4:9c:a4:43:4f:a9:dd:29:33:28:0e:
                    8d:a8:72:7b:81:44:15:b9:34:34:11:54:6f:46:d3:
                    bd:eb:bc:7f:3a:44:df:08:9a:f2:a9:3a:24:fa:29:
                    fb:a8:a9:c5:e7:c9:0e:b2:6a:86:1e:ee:78:60:fd:
                    06:0f:88:3b:e0:cb:12:35:28:e6:05:c9:84:84:c6:
                    0a:78:5d:39:7f:4c:26:91:ef:09:1b:5c:0b:a3:15:
                    e8:6d:c4:58:f4:90:e9:bc:38:8e:9e:06:1c:3b:76:
                    70:4b:f3:10:49:91:2b:18:f4:6a:9f:11:b8:ff:54:
                    a7:c2:eb:3b:84:6e:1c:61:22:b7:43:51:17:c8:30:
                    f7:53:95:da:4d:fe:d5:19:50:1f:9f:ea:4e:f9:a3:
                    2c:41:0a:40:d7:09:a9:76:be:60:c1:60:a8:7a:a1:
                    f2:9d:6e:07:46:77:f6:42:8c:ae:b4:e6:4a:0c:57:
                    79:e1:e6:71:48:be:ae:fd:18:c8:03:b6:d6:80:79:
                    60:b7:af:64:4c:57:c6:fc:15:2f:11:80:6b:19:4c:
                    5a:fa:ad:f6:85:4c:c4:e1:f1:51:67:7e:4d:7a:70:
                    5c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B5:52:07:C6:CC:9F:31:DE:9B:DF:8F:61:12:AC:EC:22:69:62:98
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/S7VSB8bMnzHem9-PYRKs7CJpYpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.255.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:92:84:f8:08:ad:5f:e7:5a:dc:eb:ab:7a:0e:42:f1:90:31:
         c8:e0:89:56:cf:76:50:3e:83:ba:10:d2:67:ca:b6:0f:ab:d1:
         76:54:02:2e:68:86:a1:40:e7:4b:7b:a6:89:49:a4:3a:aa:56:
         b4:38:40:36:bd:7d:80:ea:f9:12:17:c3:56:0a:8b:b7:ea:04:
         4b:69:78:d2:21:d2:e7:68:60:51:be:1a:42:cc:db:68:8e:fe:
         86:cb:42:88:78:f9:cd:d9:98:df:f5:30:29:74:75:68:32:37:
         ed:24:e1:ca:e4:16:a6:86:6b:9b:25:34:4d:86:3d:5d:61:de:
         31:8c:fd:d3:e2:78:89:95:4e:12:be:f8:25:32:a2:61:9f:c3:
         81:d9:ee:2c:a9:1a:d9:3b:4b:0c:b7:1d:34:e2:1f:7e:26:ca:
         03:55:69:84:9c:75:8f:c7:4c:f7:38:4e:58:05:2f:0b:97:10:
         2f:6b:07:6b:58:d2:6b:10:ab:2f:80:ad:e5:05:39:08:f8:64:
         45:a1:c2:09:c7:85:7d:72:af:10:48:cf:09:cf:6b:f8:ff:24:
         58:a6:12:2f:b1:9e:33:6c:58:65:32:aa:34:d6:cf:c8:be:33:
         2f:69:c1:c9:e8:dc:85:0e:7d:0e:58:ce:1e:89:11:56:b7:c0:
         ee:57:33:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pR2k+ImFaXZCb0vHjnxrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjYwMTAxMjIxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmI1NTIwN2M2Y2M5ZjMxZGU5YmRmOGY2MTEyYWNlYzIyNjk2Mjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu85jV/X8g5eX9necnPJo05hFHHnw
pKlm+FUw/gEjj2BJpJykQ0+p3SkzKA6NqHJ7gUQVuTQ0EVRvRtO967x/OkTfCJry
qTok+in7qKnF58kOsmqGHu54YP0GD4g74MsSNSjmBcmEhMYKeF05f0wmke8JG1wL
oxXobcRY9JDpvDiOngYcO3ZwS/MQSZErGPRqnxG4/1Snwus7hG4cYSK3Q1EXyDD3
U5XaTf7VGVAfn+pO+aMsQQpA1wmpdr5gwWCoeqHynW4HRnf2QoyutOZKDFd54eZx
SL6u/RjIA7bWgHlgt69kTFfG/BUvEYBrGUxa+q32hUzE4fFRZ35NenBcWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEu1UgfGzJ8x3pvfj2ESrOwiaWKYMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvUzdWU0I4Yk1uekhlbTktUFlSS3M3Q0pwWXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXP83MA0G
CSqGSIb3DQEBCwUAA4IBAQBjkoT4CK1f51rc66t6DkLxkDHI4IlWz3ZQPoO6ENJn
yrYPq9F2VAIuaIahQOdLe6aJSaQ6qla0OEA2vX2A6vkSF8NWCou36gRLaXjSIdLn
aGBRvhpCzNtojv6Gy0KIePnN2Zjf9TApdHVoMjftJOHK5BamhmubJTRNhj1dYd4x
jP3T4niJlU4SvvglMqJhn8OB2e4sqRrZO0sMtx004h9+JsoDVWmEnHWPx0z3OE5Y
BS8LlxAvawdrWNJrEKsvgK3lBTkI+GRFocIJx4V9cq8QSM8Jz2v4/yRYphIvsZ4z
bFhlMqo01s/IvjMvacHJ6NyFDn0OWM4eiRFWt8DuVzOC
-----END CERTIFICATE-----