This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/FgBhFfbpwOIh2yLDcYR6t3XYeXI.roa
File:                     FgBhFfbpwOIh2yLDcYR6t3XYeXI.roa (raw, json)
Hash identifier:          Xt2Do+PhLFCTF4jZSTOrbDv16PG0FRvMZ65nQcWYGuI=
Subject key identifier:   16:00:61:15:F6:E9:C0:E2:21:DB:22:C3:71:84:7A:B7:75:D8:79:72
Certificate issuer:       /CN=b91b91504983091506a1a944457a4558b94dab7f
Certificate serial:       019B7AC929ADF260C5957DAFF46C8DEA76F0
Authority key identifier: B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/FgBhFfbpwOIh2yLDcYR6t3XYeXI.roa
Signing time:             Thu 01 Jan 2026 18:19:22 +0000
ROA not before:           Thu 01 Jan 2026 18:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211504
IP address blocks:        178.175.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:29:ad:f2:60:c5:95:7d:af:f4:6c:8d:ea:76:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91b91504983091506a1a944457a4558b94dab7f
        Validity
            Not Before: Jan  1 18:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16006115f6e9c0e221db22c371847ab775d87972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e5:f7:4c:f8:a6:0d:a5:a7:36:7c:a0:40:b0:
                    49:3c:4b:4d:55:ba:83:a5:ac:5e:e3:53:b1:7e:c9:
                    17:04:b8:d4:c3:79:5b:8f:9c:c6:bc:39:6a:9a:7c:
                    59:ea:ea:ba:20:23:71:d8:a9:8f:5c:ab:9f:d2:3a:
                    35:2b:ea:49:1d:93:23:33:8b:6a:40:22:ef:c6:80:
                    8b:0e:d7:8a:0c:1f:25:2d:8b:c9:40:82:ba:ad:43:
                    aa:32:01:e7:ca:eb:a8:fe:f4:98:59:4a:6a:bf:ea:
                    aa:74:8b:54:91:6e:41:15:27:13:28:5c:1d:8e:72:
                    54:c3:86:82:22:b7:93:5f:5b:cb:41:ff:7e:e5:77:
                    56:36:10:33:7b:96:45:1c:73:b0:53:67:20:83:fc:
                    f1:15:1b:2c:ba:ad:83:48:c6:5a:ea:41:60:e5:a7:
                    6b:2d:b7:e6:90:ca:86:c6:d6:b5:fb:95:cf:a5:84:
                    d0:cf:86:45:0a:f3:15:f4:21:0b:ba:4d:a5:7a:31:
                    18:e0:88:04:93:b9:7b:44:ba:95:87:37:c5:71:9d:
                    3c:77:86:89:47:aa:e1:ad:58:80:72:1b:a6:ab:de:
                    52:c0:9e:fe:59:0e:50:44:a1:b0:37:2c:bb:63:d7:
                    20:ef:cf:8e:26:e2:0b:05:fe:3b:80:00:a9:53:ad:
                    74:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:00:61:15:F6:E9:C0:E2:21:DB:22:C3:71:84:7A:B7:75:D8:79:72
            X509v3 Authority Key Identifier:
                keyid:B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/FgBhFfbpwOIh2yLDcYR6t3XYeXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:5e:b4:ec:1a:9a:de:0a:c8:26:d9:97:c6:11:87:f4:27:4e:
         ea:7b:e5:48:51:57:04:db:53:4d:d3:d8:d1:15:78:a5:03:76:
         ac:75:6f:88:d3:90:11:24:b5:54:8d:e7:4d:07:52:c6:e8:9c:
         41:44:a7:26:63:90:43:5f:3f:40:c0:b2:8a:1f:61:1e:37:e4:
         3b:41:30:4e:40:2d:b1:55:84:92:e3:3c:1c:ab:d9:56:30:43:
         5e:38:41:4b:c9:53:21:4d:93:43:66:01:d3:3a:8a:a7:59:bd:
         45:0c:62:4b:36:4b:8c:6b:60:2e:02:d9:e3:86:31:35:d9:1a:
         3f:5c:80:26:6e:78:80:bc:28:d5:6c:e7:0a:d7:1a:76:85:b7:
         00:4f:fd:45:f2:76:4e:11:99:8d:e9:59:66:5d:78:a1:8a:66:
         7d:11:43:51:a7:cd:2f:35:6e:0a:da:e3:d6:3d:de:ef:a7:34:
         ab:d9:d5:ce:23:3e:ca:7a:80:95:18:52:6c:f1:ad:0f:62:7b:
         f7:21:52:bb:52:3a:ba:b2:77:0f:b8:fc:9a:04:90:e2:95:78:
         b2:82:8f:40:c8:bc:07:40:3c:c8:d6:b5:71:7f:7c:ac:b7:cc:
         73:e4:e5:56:4f:43:55:37:cf:de:40:f2:25:f4:94:fd:e1:cd:
         69:76:4e:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6ySmt8mDFlX2v9GyN6nbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWI5MTUwNDk4MzA5MTUwNmExYTk0NDQ1N2E0NTU4Yjk0
ZGFiN2YwHhcNMjYwMTAxMTgxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjAwNjExNWY2ZTljMGUyMjFkYjIyYzM3MTg0N2FiNzc1ZDg3OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uX3TPimDaWnNnygQLBJPEtNVbqD
paxe41OxfskXBLjUw3lbj5zGvDlqmnxZ6uq6ICNx2KmPXKuf0jo1K+pJHZMjM4tq
QCLvxoCLDteKDB8lLYvJQIK6rUOqMgHnyuuo/vSYWUpqv+qqdItUkW5BFScTKFwd
jnJUw4aCIreTX1vLQf9+5XdWNhAze5ZFHHOwU2cgg/zxFRssuq2DSMZa6kFg5adr
LbfmkMqGxta1+5XPpYTQz4ZFCvMV9CELuk2lejEY4IgEk7l7RLqVhzfFcZ08d4aJ
R6rhrViAchumq95SwJ7+WQ5QRKGwNyy7Y9cg78+OJuILBf47gACpU6106wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYAYRX26cDiIdsiw3GEerd12HlyMB8GA1UdIwQY
MBaAFLkbkVBJgwkVBqGpREV6RVi5Tat/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjct
OWRkNmU4OGZjYzhkLzEvRmdCaEZmYnB3T0loMnlMRGNZUjZ0M1hZZVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjctOWRkNmU4OGZjYzhk
LzEvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsq+nMA0G
CSqGSIb3DQEBCwUAA4IBAQAAXrTsGpreCsgm2ZfGEYf0J07qe+VIUVcE21NN09jR
FXilA3asdW+I05ARJLVUjedNB1LG6JxBRKcmY5BDXz9AwLKKH2EeN+Q7QTBOQC2x
VYSS4zwcq9lWMENeOEFLyVMhTZNDZgHTOoqnWb1FDGJLNkuMa2AuAtnjhjE12Ro/
XIAmbniAvCjVbOcK1xp2hbcAT/1F8nZOEZmN6VlmXXihimZ9EUNRp80vNW4K2uPW
Pd7vpzSr2dXOIz7KeoCVGFJs8a0PYnv3IVK7Ujq6sncPuPyaBJDilXiygo9AyLwH
QDzI1rVxf3yst8xz5OVWT0NVN8/eQPIl9JT94c1pdk5Q
-----END CERTIFICATE-----