This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/28C8CaCZcOmqWddx3J_hqESZPvk.roa
File:                     28C8CaCZcOmqWddx3J_hqESZPvk.roa (raw, json)
Hash identifier:          CzstGjlTccJzRS6cVIC8us/dQYU2AP0gu/VVi4wL3QY=
Subject key identifier:   DB:C0:BC:09:A0:99:70:E9:AA:59:D7:71:DC:9F:E1:A8:44:99:3E:F9
Certificate issuer:       /CN=0c7887582d83d3f087682af8780a324a353ce782
Certificate serial:       019BD5A558049D4E0CCABC821DFFAE8E44CB
Authority key identifier: 0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/28C8CaCZcOmqWddx3J_hqESZPvk.roa
Signing time:             Mon 19 Jan 2026 09:45:41 +0000
ROA not before:           Mon 19 Jan 2026 09:45:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        213.179.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:d5:a5:58:04:9d:4e:0c:ca:bc:82:1d:ff:ae:8e:44:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c7887582d83d3f087682af8780a324a353ce782
        Validity
            Not Before: Jan 19 09:45:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dbc0bc09a09970e9aa59d771dc9fe1a844993ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:eb:23:e5:88:e3:e4:89:a6:4a:d2:24:4e:33:
                    47:21:4f:7b:c6:89:ca:91:ed:2c:75:85:df:4c:bf:
                    bd:e0:cd:7c:27:5a:e5:af:ea:cf:c7:0f:32:2d:ef:
                    e4:71:49:9b:38:b3:17:94:1d:40:12:dc:b5:89:a7:
                    da:fe:de:c0:1c:8b:db:d0:25:69:c4:e9:3b:f5:6e:
                    57:b9:3c:1e:e8:f6:ef:92:4d:00:06:b3:d0:37:92:
                    87:a4:86:73:8e:4f:1e:ea:fd:b9:0e:af:ea:8b:30:
                    fb:55:69:1e:ea:8e:97:5f:5e:e3:3d:4c:0c:9a:63:
                    e0:6e:71:23:26:7f:99:d5:73:ac:42:ab:5c:cb:84:
                    2e:09:5c:2b:a8:fe:52:ea:88:d7:61:18:d7:ca:9d:
                    ca:34:61:49:dc:d6:4f:0d:f0:85:f7:b1:e9:2e:3e:
                    36:58:f0:55:33:d0:ce:82:a4:aa:a4:49:d1:a4:ce:
                    90:1e:11:b2:cb:d2:f2:f0:6e:28:03:a8:65:ec:90:
                    ae:8a:2f:c3:7c:98:36:e0:ea:b9:21:6b:d4:7f:8c:
                    b7:7c:d6:96:3e:4f:fc:a0:2d:b7:80:6e:35:12:30:
                    c6:6c:30:c3:e2:d3:f0:2e:24:4c:99:ba:f5:fe:20:
                    bf:05:78:80:4f:29:7e:27:36:52:a3:0f:76:46:cb:
                    a0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C0:BC:09:A0:99:70:E9:AA:59:D7:71:DC:9F:E1:A8:44:99:3E:F9
            X509v3 Authority Key Identifier:
                keyid:0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/28C8CaCZcOmqWddx3J_hqESZPvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.179.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:10:1b:1a:07:83:f7:4c:65:e8:63:1c:9f:d7:07:bf:2a:cf:
         d6:19:f2:14:11:a5:0e:05:e3:ac:b1:20:b8:41:4a:42:4a:9b:
         6e:df:57:ca:8b:44:43:c2:8b:1e:52:64:02:57:97:26:dc:9c:
         29:1e:82:05:9e:ef:23:0f:f2:81:7e:69:6b:d0:52:b5:c9:5b:
         60:35:50:15:a1:81:6c:8f:27:b1:de:80:5a:3c:51:1b:4d:2d:
         b6:93:91:97:5b:f3:bc:3f:21:65:6c:3d:46:14:b6:d9:3a:4c:
         46:d5:fd:73:f5:94:86:60:4f:a1:9b:58:56:7e:71:dc:2e:8e:
         3b:e3:36:44:28:7e:55:09:91:a9:5e:15:ac:cf:2d:f4:fa:91:
         73:7b:a3:67:d6:9e:cb:2d:ea:5b:df:68:58:99:72:e9:49:a9:
         0c:da:06:9a:8b:c2:9d:68:2c:c4:73:89:76:1b:3d:9b:09:f9:
         60:29:0f:e7:f8:54:bd:bd:77:4f:d7:7a:80:5a:32:26:bf:35:
         16:b6:66:78:c6:99:ee:ea:11:60:a3:b7:36:d0:31:60:4f:43:
         c7:83:d7:a0:fc:61:1a:92:ba:42:a8:c7:a4:7d:7d:d5:e4:9d:
         2e:0b:43:a8:56:a5:0a:72:c3:19:4e:21:21:bf:44:0f:c8:25:
         45:b7:4b:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvVpVgEnU4MyryCHf+ujkTLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNzg4NzU4MmQ4M2QzZjA4NzY4MmFmODc4MGEzMjRhMzUz
Y2U3ODIwHhcNMjYwMTE5MDk0NTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmMwYmMwOWEwOTk3MGU5YWE1OWQ3NzFkYzlmZTFhODQ0OTkzZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOsj5Yjj5ImmStIkTjNHIU97xonK
ke0sdYXfTL+94M18J1rlr+rPxw8yLe/kcUmbOLMXlB1AEty1iafa/t7AHIvb0CVp
xOk79W5XuTwe6Pbvkk0ABrPQN5KHpIZzjk8e6v25Dq/qizD7VWke6o6XX17jPUwM
mmPgbnEjJn+Z1XOsQqtcy4QuCVwrqP5S6ojXYRjXyp3KNGFJ3NZPDfCF97HpLj42
WPBVM9DOgqSqpEnRpM6QHhGyy9Ly8G4oA6hl7JCuii/DfJg24Oq5IWvUf4y3fNaW
Pk/8oC23gG41EjDGbDDD4tPwLiRMmbr1/iC/BXiATyl+JzZSow92RsugXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvAvAmgmXDpqlnXcdyf4ahEmT75MB8GA1UdIwQY
MBaAFAx4h1gtg9Pwh2gq+HgKMko1POeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGIt
YWQ0YTFkYTM5M2ExLzEvMjhDOENhQ1pjT21xV2RkeDNKX2hxRVNaUHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGItYWQ0YTFkYTM5M2Ex
LzEvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bNGMA0G
CSqGSIb3DQEBCwUAA4IBAQAAEBsaB4P3TGXoYxyf1we/Ks/WGfIUEaUOBeOssSC4
QUpCSptu31fKi0RDwoseUmQCV5cm3JwpHoIFnu8jD/KBfmlr0FK1yVtgNVAVoYFs
jyex3oBaPFEbTS22k5GXW/O8PyFlbD1GFLbZOkxG1f1z9ZSGYE+hm1hWfnHcLo47
4zZEKH5VCZGpXhWszy30+pFze6Nn1p7LLepb32hYmXLpSakM2gaai8KdaCzEc4l2
Gz2bCflgKQ/n+FS9vXdP13qAWjImvzUWtmZ4xpnu6hFgo7c20DFgT0PHg9eg/GEa
krpCqMekfX3V5J0uC0OoVqUKcsMZTiEhv0QPyCVFt0tE
-----END CERTIFICATE-----