This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/ih3hulQ4xDqfZqFRYVhqpTzV37g.roa
File:                     ih3hulQ4xDqfZqFRYVhqpTzV37g.roa (raw, json)
Hash identifier:          8H21HI31YlREwiFm7U9rXscP7WA3zZdl224Y3//PsGA=
Subject key identifier:   8A:1D:E1:BA:54:38:C4:3A:9F:66:A1:51:61:58:6A:A5:3C:D5:DF:B8
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019B7EA6F485C11017E18C95F076E25A5BA3
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/ih3hulQ4xDqfZqFRYVhqpTzV37g.roa
Signing time:             Fri 02 Jan 2026 12:20:29 +0000
ROA not before:           Fri 02 Jan 2026 12:20:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207069
IP address blocks:        178.254.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:f4:85:c1:10:17:e1:8c:95:f0:76:e2:5a:5b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  2 12:20:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a1de1ba5438c43a9f66a15161586aa53cd5dfb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:33:58:e6:f4:d4:6a:96:2e:a3:01:b4:e2:df:
                    08:2e:82:1f:5c:c8:57:5e:39:75:58:f4:3d:9b:9d:
                    bc:dc:c4:c7:b0:02:4a:7e:30:28:49:10:98:c6:48:
                    21:de:b8:b0:87:b5:4a:45:5b:7b:7d:09:29:cd:a9:
                    b2:75:0d:39:8e:4e:8f:12:9b:fe:69:35:42:14:36:
                    1d:0d:09:b6:6a:f7:61:fa:52:04:fa:7b:af:31:5c:
                    f4:f9:8f:73:18:49:0c:c0:63:27:5a:03:5a:a5:30:
                    32:45:ff:70:e9:f2:3c:02:b7:88:af:a8:0a:20:a3:
                    d2:aa:e8:e4:4d:47:a5:55:66:31:0f:24:0f:72:99:
                    3b:0f:3d:6b:ea:b2:34:5d:9f:78:55:06:cb:98:a9:
                    7a:8e:e9:1e:6d:87:57:c0:a2:12:93:8a:b4:54:3e:
                    e1:98:97:c9:4a:77:b3:80:55:5e:bf:66:8c:5e:d4:
                    14:d3:e0:77:d2:33:a0:9a:8e:ca:36:d3:74:e7:d7:
                    7a:60:fd:30:2e:02:fa:db:f7:49:96:37:2c:36:0f:
                    8c:83:18:ee:7d:75:e3:f8:7c:3d:0e:63:35:0c:9d:
                    f7:59:1b:f6:71:0e:b8:0d:93:b5:49:74:e9:07:12:
                    96:55:70:26:f8:ce:e6:89:cc:83:1e:bd:e4:9e:be:
                    1e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1D:E1:BA:54:38:C4:3A:9F:66:A1:51:61:58:6A:A5:3C:D5:DF:B8
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/ih3hulQ4xDqfZqFRYVhqpTzV37g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:9d:05:bd:f7:8c:56:40:b2:e6:df:7b:94:52:17:96:de:19:
         23:60:e6:bc:72:cf:e2:12:8b:24:cd:ef:6c:d4:aa:58:1f:3a:
         54:12:39:ea:fc:97:60:51:63:88:c4:5b:4a:07:ce:cf:e1:9d:
         ca:64:7d:6a:47:42:51:83:87:bf:f3:ab:a1:be:05:6e:8b:2c:
         4d:d2:e9:a0:eb:0e:ea:9f:f2:77:b4:61:c6:0a:bb:71:2e:36:
         25:48:31:97:54:10:84:9e:36:9d:1a:87:8a:10:d8:47:6a:25:
         dc:da:a7:95:31:a6:57:9a:8a:b9:89:c3:97:bd:64:d2:d5:89:
         06:c4:ee:74:21:77:d8:58:60:d7:8f:9c:d3:77:20:aa:8d:25:
         de:f0:0d:5b:d0:a6:5f:a3:ea:60:de:72:02:1c:f5:b1:a9:07:
         9a:a3:da:c7:91:c2:a8:cb:b7:60:ab:bf:3f:01:97:6e:bb:69:
         8c:bc:66:79:65:3f:82:a0:51:09:00:1d:9d:c1:37:02:72:f1:
         3b:93:9b:4b:d3:7d:74:3b:dd:ec:4a:c8:b3:0d:64:c9:67:0f:
         b6:94:0f:58:57:a5:7f:64:0c:0d:6e:51:7a:ba:55:93:91:be:
         08:3f:24:e6:2d:56:21:5f:a5:7a:2c:27:de:df:41:a8:79:d7:
         af:1b:f8:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pvSFwRAX4YyV8HbiWlujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMTAyMTIyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTFkZTFiYTU0MzhjNDNhOWY2NmExNTE2MTU4NmFhNTNjZDVkZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojNY5vTUapYuowG04t8ILoIfXMhX
Xjl1WPQ9m5283MTHsAJKfjAoSRCYxkgh3riwh7VKRVt7fQkpzamydQ05jk6PEpv+
aTVCFDYdDQm2avdh+lIE+nuvMVz0+Y9zGEkMwGMnWgNapTAyRf9w6fI8AreIr6gK
IKPSqujkTUelVWYxDyQPcpk7Dz1r6rI0XZ94VQbLmKl6jukebYdXwKISk4q0VD7h
mJfJSnezgFVev2aMXtQU0+B30jOgmo7KNtN059d6YP0wLgL62/dJljcsNg+Mgxju
fXXj+Hw9DmM1DJ33WRv2cQ64DZO1SXTpBxKWVXAm+M7micyDHr3knr4eiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIod4bpUOMQ6n2ahUWFYaqU81d+4MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvaWgzaHVsUTR4RHFmWnFGUllWaHFwVHpWMzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv6wMA0G
CSqGSIb3DQEBCwUAA4IBAQBLnQW994xWQLLm33uUUheW3hkjYOa8cs/iEoskze9s
1KpYHzpUEjnq/JdgUWOIxFtKB87P4Z3KZH1qR0JRg4e/86uhvgVuiyxN0umg6w7q
n/J3tGHGCrtxLjYlSDGXVBCEnjadGoeKENhHaiXc2qeVMaZXmoq5icOXvWTS1YkG
xO50IXfYWGDXj5zTdyCqjSXe8A1b0KZfo+pg3nICHPWxqQeao9rHkcKoy7dgq78/
AZduu2mMvGZ5ZT+CoFEJAB2dwTcCcvE7k5tL0310O93sSsizDWTJZw+2lA9YV6V/
ZAwNblF6ulWTkb4IPyTmLVYhX6V6LCfe30GoedevG/hu
-----END CERTIFICATE-----