This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/l20iodI7qHF5vK-NH6_rVPCVyQM.roa
File:                     l20iodI7qHF5vK-NH6_rVPCVyQM.roa (raw, json)
Hash identifier:          OGH43ltJUkqqtDPaQP0DDDhIoPXBMr7s0StXwhpwKJo=
Subject key identifier:   97:6D:22:A1:D2:3B:A8:71:79:BC:AF:8D:1F:AF:EB:54:F0:95:C9:03
Certificate issuer:       /CN=b91b91504983091506a1a944457a4558b94dab7f
Certificate serial:       019B7AC928153939D3DE946C86373089BDD0
Authority key identifier: B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/l20iodI7qHF5vK-NH6_rVPCVyQM.roa
Signing time:             Thu 01 Jan 2026 18:19:21 +0000
ROA not before:           Thu 01 Jan 2026 18:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202960
IP address blocks:        178.175.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:28:15:39:39:d3:de:94:6c:86:37:30:89:bd:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91b91504983091506a1a944457a4558b94dab7f
        Validity
            Not Before: Jan  1 18:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=976d22a1d23ba87179bcaf8d1fafeb54f095c903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e9:a7:16:b1:2b:d4:cb:e5:ba:66:08:6f:be:
                    93:45:89:db:6a:b7:ea:00:80:0d:32:c5:3b:11:5a:
                    40:f5:7e:63:77:f3:89:06:8c:90:81:87:b9:d7:cc:
                    b6:a7:e0:1d:af:4d:32:c9:55:65:24:9e:09:f5:84:
                    e7:43:b6:04:2e:a6:83:b8:c1:7b:b0:83:60:a5:44:
                    45:f6:34:de:2c:aa:72:da:97:f5:e0:c4:42:b6:c9:
                    9b:f8:b6:1e:80:94:e4:e7:62:ba:03:c1:33:e7:6a:
                    b5:e6:96:8b:19:d4:fa:b9:52:41:a9:0a:bb:75:81:
                    8c:ec:e9:a5:3b:05:97:05:d8:e0:0f:f4:3b:44:31:
                    ad:99:4a:b6:85:90:e6:a5:c2:40:52:77:91:22:a1:
                    f9:68:5e:7b:4f:6b:15:ef:90:c7:56:ee:c7:7d:25:
                    df:67:cb:ea:f9:14:44:7e:a4:bf:6d:25:51:90:db:
                    40:82:04:cb:da:e6:fa:76:ab:79:55:1d:29:99:87:
                    1c:64:ca:bf:81:2a:1c:27:1c:1e:8f:62:e8:91:71:
                    f1:95:31:9f:df:b2:32:82:b2:4d:e0:7a:30:9a:87:
                    11:21:2e:e5:0e:9e:4d:75:dc:aa:d2:65:87:d5:28:
                    8e:0e:bd:3d:12:bd:7b:5d:6e:93:ae:e9:33:3f:a2:
                    3f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6D:22:A1:D2:3B:A8:71:79:BC:AF:8D:1F:AF:EB:54:F0:95:C9:03
            X509v3 Authority Key Identifier:
                keyid:B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/l20iodI7qHF5vK-NH6_rVPCVyQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:c2:ca:98:b0:0d:86:42:e6:6c:f6:9e:89:b6:1f:2b:a8:0b:
         f9:21:ba:69:89:cf:7d:7f:55:ca:ee:fa:0d:e3:17:5d:e8:5f:
         80:de:ad:82:1c:16:dd:e8:f8:92:19:88:67:39:d5:0f:13:ee:
         b3:53:bd:d1:20:93:d4:40:68:73:00:d9:8f:2d:6e:a6:93:ae:
         75:e7:a6:4c:49:f8:49:da:b8:73:81:0c:96:da:bb:1c:e0:0d:
         09:7f:96:8b:e2:6b:75:89:27:b0:10:14:ca:b7:e0:5f:de:d2:
         5f:e3:6b:21:df:59:91:18:63:2c:4e:b6:34:bb:5e:16:ce:89:
         8f:6a:1d:18:fb:1b:79:96:f0:fb:0c:50:83:37:5e:a4:da:cb:
         8e:5d:81:14:86:43:cf:da:05:5e:42:a8:35:62:0b:6b:5c:55:
         c5:ff:d6:ce:4d:a8:4d:a5:c9:42:ce:83:46:51:6f:57:23:58:
         c2:0f:7d:03:30:55:af:dd:64:f8:05:c9:6b:37:ee:60:f9:f6:
         e0:0e:3d:2e:99:7f:7e:f6:06:00:ed:62:ce:9c:37:1f:95:a3:
         ae:b5:d2:c0:ab:ca:bf:d2:ef:cd:e9:ad:e6:ba:9e:34:ac:b1:
         52:68:bf:62:77:cc:35:7f:c5:2b:af:fe:dc:f2:86:a1:b3:5a:
         a9:77:c7:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6ySgVOTnT3pRshjcwib3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWI5MTUwNDk4MzA5MTUwNmExYTk0NDQ1N2E0NTU4Yjk0
ZGFiN2YwHhcNMjYwMTAxMTgxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZkMjJhMWQyM2JhODcxNzliY2FmOGQxZmFmZWI1NGYwOTVjOTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+mnFrEr1MvlumYIb76TRYnbarfq
AIANMsU7EVpA9X5jd/OJBoyQgYe518y2p+Adr00yyVVlJJ4J9YTnQ7YELqaDuMF7
sINgpURF9jTeLKpy2pf14MRCtsmb+LYegJTk52K6A8Ez52q15paLGdT6uVJBqQq7
dYGM7OmlOwWXBdjgD/Q7RDGtmUq2hZDmpcJAUneRIqH5aF57T2sV75DHVu7HfSXf
Z8vq+RREfqS/bSVRkNtAggTL2ub6dqt5VR0pmYccZMq/gSocJxwej2LokXHxlTGf
37IygrJN4HowmocRIS7lDp5Nddyq0mWH1SiODr09Er17XW6TrukzP6I/uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdtIqHSO6hxebyvjR+v61TwlckDMB8GA1UdIwQY
MBaAFLkbkVBJgwkVBqGpREV6RVi5Tat/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjct
OWRkNmU4OGZjYzhkLzEvbDIwaW9kSTdxSEY1dkstTkg2X3JWUENWeVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjctOWRkNmU4OGZjYzhk
LzEvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsq+YMA0G
CSqGSIb3DQEBCwUAA4IBAQC0wsqYsA2GQuZs9p6Jth8rqAv5Ibppic99f1XK7voN
4xdd6F+A3q2CHBbd6PiSGYhnOdUPE+6zU73RIJPUQGhzANmPLW6mk65156ZMSfhJ
2rhzgQyW2rsc4A0Jf5aL4mt1iSewEBTKt+Bf3tJf42sh31mRGGMsTrY0u14WzomP
ah0Y+xt5lvD7DFCDN16k2suOXYEUhkPP2gVeQqg1YgtrXFXF/9bOTahNpclCzoNG
UW9XI1jCD30DMFWv3WT4BclrN+5g+fbgDj0umX9+9gYA7WLOnDcflaOutdLAq8q/
0u/N6a3mup40rLFSaL9id8w1f8Urr/7c8oahs1qpd8fp
-----END CERTIFICATE-----