This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/cBwp2ouu-kTQUV0AP3SgjoKtpKE.roa
File:                     cBwp2ouu-kTQUV0AP3SgjoKtpKE.roa (raw, json)
Hash identifier:          2mn/5LNm9rX3SfstPhosdI3pLFHA9jE4gvH4r7JdHQg=
Subject key identifier:   70:1C:29:DA:8B:AE:FA:44:D0:51:5D:00:3F:74:A0:8E:82:AD:A4:A1
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       019B7B369CFC85E64C9AE2F6952EF098B763
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/cBwp2ouu-kTQUV0AP3SgjoKtpKE.roa
Signing time:             Thu 01 Jan 2026 20:18:55 +0000
ROA not before:           Thu 01 Jan 2026 20:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62057
IP address blocks:        78.153.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:9c:fc:85:e6:4c:9a:e2:f6:95:2e:f0:98:b7:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 20:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=701c29da8baefa44d0515d003f74a08e82ada4a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8b:bf:75:b5:1f:9e:10:c2:a5:c5:e9:f1:07:
                    96:b1:4b:b4:8b:c5:1f:76:19:ef:9d:f5:0e:82:d2:
                    b8:c7:f3:c4:47:c5:92:61:1a:52:16:f3:19:7d:42:
                    89:59:a7:65:79:66:5e:2e:57:d9:57:19:5e:26:7e:
                    ee:64:57:94:e7:19:3d:8a:79:ea:2a:fd:9a:84:5f:
                    f7:e1:8b:a1:c9:f4:58:26:13:71:56:b8:c6:d3:82:
                    19:9e:7b:87:02:38:5a:5a:28:c1:ee:9a:d9:d8:e1:
                    6b:6c:90:8b:9e:11:3e:36:89:77:58:d1:b0:a5:59:
                    46:15:4a:5c:92:42:36:87:1f:e8:b2:12:c5:74:8a:
                    99:22:9a:ca:eb:9c:7a:c5:d6:bc:5b:2e:59:69:88:
                    79:0e:6b:16:e7:da:07:f8:52:2b:1d:98:53:4f:eb:
                    0f:f9:44:7b:6c:46:34:03:b4:52:f7:45:94:7a:43:
                    54:9a:89:a7:5c:fd:44:4b:6b:cb:40:99:9e:48:b3:
                    38:24:d4:69:ae:a1:ff:d8:7e:b6:ba:61:b4:f0:1a:
                    8d:be:96:63:82:7b:6d:37:7e:b8:ac:bf:06:1d:35:
                    15:3a:5c:54:f4:23:49:08:c8:39:9c:33:32:cc:f2:
                    91:24:2f:42:21:63:2d:35:32:3f:6d:37:89:47:af:
                    46:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:1C:29:DA:8B:AE:FA:44:D0:51:5D:00:3F:74:A0:8E:82:AD:A4:A1
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/cBwp2ouu-kTQUV0AP3SgjoKtpKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:dc:b7:66:9d:73:8c:e5:2c:66:ff:5c:ff:3b:d6:8e:ea:bd:
         0b:a5:18:d3:8a:69:ff:67:ed:86:e2:90:72:4a:3f:39:8a:6f:
         7b:86:d2:38:5b:47:be:54:66:0a:3c:6f:d3:a4:64:77:f6:1b:
         30:1c:5d:80:75:79:df:a0:23:db:ad:9a:00:e2:68:e8:87:16:
         82:68:2a:65:49:90:81:e6:95:1b:87:bb:29:ca:d5:a2:db:9b:
         68:55:f0:35:42:57:e3:6b:59:d1:8c:59:23:df:b0:2a:2e:ff:
         63:f0:d4:8c:11:bf:e6:83:14:9a:47:7b:92:3b:ee:89:cf:c3:
         a1:b1:08:60:ec:cc:d4:61:dc:76:93:c6:b1:a9:3d:15:87:09:
         f6:20:84:00:84:34:22:2f:8a:bc:29:ac:8f:92:41:45:1f:ee:
         a5:03:c5:5f:68:70:1d:1b:b8:2d:45:01:7e:8d:ca:23:c4:2d:
         51:a4:b0:09:69:61:38:20:4f:f0:be:74:4a:ce:b0:34:ee:7e:
         b8:51:69:03:58:0d:fa:a3:64:a8:90:b4:4d:84:88:0e:5d:fe:
         5c:59:a3:6a:72:8d:3d:6e:63:92:95:4d:d3:ed:1a:8f:d1:92:
         39:cb:28:3c:8a:08:26:34:a5:ff:c6:f8:bb:80:7b:de:ac:a0:
         b8:a8:70:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Npz8heZMmuL2lS7wmLdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjYwMTAxMjAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFjMjlkYThiYWVmYTQ0ZDA1MTVkMDAzZjc0YTA4ZTgyYWRhNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYu/dbUfnhDCpcXp8QeWsUu0i8Uf
dhnvnfUOgtK4x/PER8WSYRpSFvMZfUKJWadleWZeLlfZVxleJn7uZFeU5xk9innq
Kv2ahF/34YuhyfRYJhNxVrjG04IZnnuHAjhaWijB7prZ2OFrbJCLnhE+Nol3WNGw
pVlGFUpckkI2hx/oshLFdIqZIprK65x6xda8Wy5ZaYh5DmsW59oH+FIrHZhTT+sP
+UR7bEY0A7RS90WUekNUmomnXP1ES2vLQJmeSLM4JNRprqH/2H62umG08BqNvpZj
gnttN364rL8GHTUVOlxU9CNJCMg5nDMyzPKRJC9CIWMtNTI/bTeJR69GOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAcKdqLrvpE0FFdAD90oI6CraShMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvY0J3cDJvdXUta1RRVVYwQVAzU2dqb0t0cEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATpn3MA0G
CSqGSIb3DQEBCwUAA4IBAQB33LdmnXOM5Sxm/1z/O9aO6r0LpRjTimn/Z+2G4pBy
Sj85im97htI4W0e+VGYKPG/TpGR39hswHF2AdXnfoCPbrZoA4mjohxaCaCplSZCB
5pUbh7spytWi25toVfA1Qlfja1nRjFkj37AqLv9j8NSMEb/mgxSaR3uSO+6Jz8Oh
sQhg7MzUYdx2k8axqT0Vhwn2IIQAhDQiL4q8KayPkkFFH+6lA8VfaHAdG7gtRQF+
jcojxC1RpLAJaWE4IE/wvnRKzrA07n64UWkDWA36o2SokLRNhIgOXf5cWaNqco09
bmOSlU3T7RqP0ZI5yyg8iggmNKX/xvi7gHverKC4qHDQ
-----END CERTIFICATE-----