This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/esK7vUUmoe40XTn02C1nePqnmu4.roa
File:                     esK7vUUmoe40XTn02C1nePqnmu4.roa (raw, json)
Hash identifier:          OEIBdY80QQKHjWxchlaPmmZgXh8xpcGsK6uCERu5/OA=
Subject key identifier:   7A:C2:BB:BD:45:26:A1:EE:34:5D:39:F4:D8:2D:67:78:FA:A7:9A:EE
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       019B791089C51D7A09211FC3E74A6AC93BEE
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/esK7vUUmoe40XTn02C1nePqnmu4.roa
Signing time:             Thu 01 Jan 2026 10:18:05 +0000
ROA not before:           Thu 01 Jan 2026 10:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209147
IP address blocks:        185.88.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:89:c5:1d:7a:09:21:1f:c3:e7:4a:6a:c9:3b:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  1 10:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ac2bbbd4526a1ee345d39f4d82d6778faa79aee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:58:74:c1:ec:d7:83:f1:d7:8d:3a:2d:71:25:
                    51:49:29:e4:17:12:e4:5f:92:d5:e8:44:ad:a3:9b:
                    fd:da:8b:a0:57:6b:33:70:57:1a:38:cb:be:4b:97:
                    7f:58:0b:76:77:e8:34:a8:47:d9:c5:46:12:30:e6:
                    08:35:27:8a:e6:0f:17:fd:e7:f1:4d:ca:7b:65:76:
                    95:ad:e0:a1:a2:de:dd:df:9b:ae:4e:cb:3b:0c:57:
                    2c:18:97:fe:d6:ac:ac:f5:1f:91:9c:f4:12:a0:49:
                    46:04:cd:5b:c9:d5:d7:be:ea:10:b4:7d:bf:3d:61:
                    3d:8f:b6:32:28:a5:9f:c6:33:90:7b:42:24:93:7a:
                    7d:b9:1f:23:06:d4:18:a9:fd:97:b0:d0:2c:e7:87:
                    64:72:0c:8a:bc:09:20:87:0e:a1:7c:0d:d0:90:fb:
                    f3:6d:13:09:61:a9:84:e4:06:66:5a:2e:5d:22:eb:
                    f7:61:64:bc:d0:f6:1f:c0:ee:c9:9a:f1:38:32:fa:
                    ce:76:c5:01:6c:a0:93:d2:3b:b1:ef:13:f0:be:0f:
                    8d:cb:ef:97:84:1d:98:20:5f:0a:0e:8b:10:17:37:
                    2e:68:cf:4f:d3:06:82:e6:db:32:2a:59:f4:da:43:
                    69:c1:1c:a9:8e:01:74:de:48:cd:58:53:db:45:97:
                    58:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C2:BB:BD:45:26:A1:EE:34:5D:39:F4:D8:2D:67:78:FA:A7:9A:EE
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/esK7vUUmoe40XTn02C1nePqnmu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:c8:36:98:20:79:8e:9b:90:25:5f:c3:6d:f8:74:f1:c3:91:
         6a:28:a8:56:ce:69:dd:8c:32:c4:dc:69:9b:4a:79:13:d3:2c:
         dc:f2:a2:31:1c:7a:5b:26:ba:a5:7f:cd:aa:c9:e7:13:e4:04:
         45:de:36:b6:17:31:e6:ab:61:92:dd:9f:44:c1:af:e8:b5:5c:
         35:03:4b:6c:03:c6:52:7e:f7:f8:9c:97:61:01:e2:f8:0c:46:
         5d:6b:ea:87:f6:f9:87:8e:dc:b2:80:ab:5e:61:6d:a7:b1:3d:
         7e:00:5f:6a:85:ee:8d:33:01:51:fa:12:03:b6:8f:61:06:9c:
         d6:4a:bc:7c:9d:46:25:7a:a8:c3:35:db:4e:dd:a4:de:c7:34:
         77:87:6c:29:aa:17:12:cb:13:40:0d:45:8d:ff:dc:f9:93:30:
         9f:11:ec:54:87:28:b9:d2:2b:d4:74:97:8b:08:75:81:df:8b:
         4d:27:6d:a2:49:c7:cd:cf:41:cc:ab:7b:bb:b3:a8:bb:8a:d0:
         b4:f4:34:ae:7f:72:de:81:52:b6:91:1b:6f:f2:ec:8f:50:1f:
         fd:0e:d4:c7:c4:16:85:91:7f:1c:24:66:d8:20:ae:f4:a1:69:
         10:bb:6b:e9:16:28:87:c3:d5:31:f7:e0:2d:2e:2e:62:4a:18:
         27:4f:78:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EInFHXoJIR/D50pqyTvuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjYwMTAxMTAxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWMyYmJiZDQ1MjZhMWVlMzQ1ZDM5ZjRkODJkNjc3OGZhYTc5YWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1h0wezXg/HXjTotcSVRSSnkFxLk
X5LV6ESto5v92ougV2szcFcaOMu+S5d/WAt2d+g0qEfZxUYSMOYINSeK5g8X/efx
Tcp7ZXaVreChot7d35uuTss7DFcsGJf+1qys9R+RnPQSoElGBM1bydXXvuoQtH2/
PWE9j7YyKKWfxjOQe0Ikk3p9uR8jBtQYqf2XsNAs54dkcgyKvAkghw6hfA3QkPvz
bRMJYamE5AZmWi5dIuv3YWS80PYfwO7JmvE4MvrOdsUBbKCT0jux7xPwvg+Ny++X
hB2YIF8KDosQFzcuaM9P0waC5tsyKln02kNpwRypjgF03kjNWFPbRZdYpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrCu71FJqHuNF059NgtZ3j6p5ruMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvZXNLN3ZVVW1vZTQwWFRuMDJDMW5lUHFubXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVgUMA0G
CSqGSIb3DQEBCwUAA4IBAQCOyDaYIHmOm5AlX8Nt+HTxw5FqKKhWzmndjDLE3Gmb
SnkT0yzc8qIxHHpbJrqlf82qyecT5ARF3ja2FzHmq2GS3Z9Ewa/otVw1A0tsA8ZS
fvf4nJdhAeL4DEZda+qH9vmHjtyygKteYW2nsT1+AF9qhe6NMwFR+hIDto9hBpzW
Srx8nUYleqjDNdtO3aTexzR3h2wpqhcSyxNADUWN/9z5kzCfEexUhyi50ivUdJeL
CHWB34tNJ22iScfNz0HMq3u7s6i7itC09DSuf3LegVK2kRtv8uyPUB/9DtTHxBaF
kX8cJGbYIK70oWkQu2vpFiiHw9Ux9+AtLi5iShgnT3jJ
-----END CERTIFICATE-----