This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sP8B78WvrO-I9FMOKnP4eLOTxh8.roa
File:                     sP8B78WvrO-I9FMOKnP4eLOTxh8.roa (raw, json)
Hash identifier:          j0/QkDqzGm9cKi69XdtrTTNVhk9moQxAiYICzefknS8=
Subject key identifier:   B0:FF:01:EF:C5:AF:AC:EF:88:F4:53:0E:2A:73:F8:78:B3:93:C6:1F
Certificate issuer:       /CN=b1267a51acb66f2991bea5243fe388068971a1f1
Certificate serial:       019B7C130DC38EAFC7257F198E2B4BE80F04
Authority key identifier: B1:26:7A:51:AC:B6:6F:29:91:BE:A5:24:3F:E3:88:06:89:71:A1:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sSZ6Uay2bymRvqUkP-OIBolxofE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sP8B78WvrO-I9FMOKnP4eLOTxh8.roa
Signing time:             Fri 02 Jan 2026 00:19:42 +0000
ROA not before:           Fri 02 Jan 2026 00:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47542
IP address blocks:        128.140.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sSZ6Uay2bymRvqUkP-OIBolxofE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sSZ6Uay2bymRvqUkP-OIBolxofE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sSZ6Uay2bymRvqUkP-OIBolxofE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 09:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:0d:c3:8e:af:c7:25:7f:19:8e:2b:4b:e8:0f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1267a51acb66f2991bea5243fe388068971a1f1
        Validity
            Not Before: Jan  2 00:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0ff01efc5afacef88f4530e2a73f878b393c61f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:95:b1:f6:37:41:4d:ea:c9:6f:2e:7c:14:dc:
                    f2:ac:3b:3d:50:4b:ea:b7:26:e4:0e:14:4f:d4:14:
                    7b:36:25:62:12:cc:32:23:8f:aa:ee:40:2f:02:0f:
                    1f:f7:e4:45:be:37:7a:7c:a6:93:f7:a1:9b:10:67:
                    4c:f8:ed:cf:50:69:1e:26:d1:2d:48:11:16:5d:c9:
                    0d:b9:f5:0a:8d:1c:a2:77:0b:ff:07:8a:a3:43:b2:
                    cd:e5:ca:03:56:b1:54:1c:42:e9:26:10:2c:ae:7e:
                    6e:f2:42:1b:bc:a4:db:ee:23:61:ab:87:3c:2e:9f:
                    09:49:b8:f5:39:10:75:0e:23:ab:55:96:5c:e8:9f:
                    a5:94:6f:74:80:1a:9b:2a:e4:9f:50:42:a8:40:f5:
                    21:cd:6b:e6:96:bc:5b:64:73:96:4e:a0:85:db:c4:
                    85:df:43:af:cd:d0:9f:80:49:3d:30:9f:9b:ce:ce:
                    2b:cd:87:84:a9:30:f7:8e:df:5a:77:e7:48:73:22:
                    22:6b:b7:95:9f:2a:2c:78:a7:48:b8:86:16:90:58:
                    3c:7e:b5:39:ce:87:e1:ba:f4:ab:ba:7c:d1:4a:1b:
                    bd:7f:7a:b8:87:8b:c2:18:ff:40:ec:d1:96:31:11:
                    f1:e6:da:23:44:a5:23:a5:38:b4:a2:f2:ce:7c:2c:
                    2e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:FF:01:EF:C5:AF:AC:EF:88:F4:53:0E:2A:73:F8:78:B3:93:C6:1F
            X509v3 Authority Key Identifier:
                keyid:B1:26:7A:51:AC:B6:6F:29:91:BE:A5:24:3F:E3:88:06:89:71:A1:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sSZ6Uay2bymRvqUkP-OIBolxofE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sP8B78WvrO-I9FMOKnP4eLOTxh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sSZ6Uay2bymRvqUkP-OIBolxofE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.140.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:0a:71:12:f5:6b:9f:e2:88:c7:a2:c1:d4:96:4e:85:90:32:
         8a:59:3c:ec:e6:d6:a5:26:51:da:c3:8d:75:e8:ad:24:1e:e8:
         ca:16:0d:0b:f5:86:d8:ef:92:43:9d:79:4f:07:34:2e:8c:af:
         48:20:e9:2e:8a:fc:57:7b:9c:da:31:e0:99:4c:24:91:ea:40:
         59:b3:ad:a8:0a:24:4a:a3:4c:ac:21:82:e3:6d:f9:81:31:d9:
         cb:04:3b:1c:ea:04:aa:d2:81:a3:ac:59:38:e1:c9:99:6d:2d:
         63:67:b0:03:f3:88:7a:b1:da:60:9a:6c:48:4e:1a:43:77:5c:
         14:bb:e6:f1:99:bf:dc:34:77:fb:e2:c7:7c:7e:52:9a:2f:78:
         b6:f4:3d:b3:8a:4c:3c:79:61:2b:ee:d0:ef:f0:6f:47:63:e6:
         d7:1d:73:74:6e:24:6e:e7:16:24:19:c2:ac:62:9a:02:85:82:
         a1:6d:81:94:a6:a1:0e:56:e0:a3:36:1d:fb:63:c6:e2:f9:a0:
         b5:66:58:dc:4b:0a:4c:75:6d:49:2e:49:bf:ca:82:8c:a2:9b:
         eb:be:29:ca:6a:32:3a:26:d2:8a:5b:30:14:59:6d:16:41:c2:
         05:87:6b:e7:4d:f3:bd:dd:50:90:a4:0b:dc:4d:a9:dd:3b:e6:
         e5:62:7a:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ew3Djq/HJX8ZjitL6A8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMjY3YTUxYWNiNjZmMjk5MWJlYTUyNDNmZTM4ODA2ODk3
MWExZjEwHhcNMjYwMTAyMDAxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGZmMDFlZmM1YWZhY2VmODhmNDUzMGUyYTczZjg3OGIzOTNjNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJWx9jdBTerJby58FNzyrDs9UEvq
tybkDhRP1BR7NiViEswyI4+q7kAvAg8f9+RFvjd6fKaT96GbEGdM+O3PUGkeJtEt
SBEWXckNufUKjRyidwv/B4qjQ7LN5coDVrFUHELpJhAsrn5u8kIbvKTb7iNhq4c8
Lp8JSbj1ORB1DiOrVZZc6J+llG90gBqbKuSfUEKoQPUhzWvmlrxbZHOWTqCF28SF
30OvzdCfgEk9MJ+bzs4rzYeEqTD3jt9ad+dIcyIia7eVnyoseKdIuIYWkFg8frU5
zofhuvSrunzRShu9f3q4h4vCGP9A7NGWMRHx5tojRKUjpTi0ovLOfCwuFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLD/Ae/Fr6zviPRTDipz+Hizk8YfMB8GA1UdIwQY
MBaAFLEmelGstm8pkb6lJD/jiAaJcaHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1NaNlVheTJieW1SdnFVa1AtT0lCb2x4b2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNzRjYTItM2RlNi00YjY5LWEwMDAt
OTRkMWI4OWY4Y2IyLzEvc1A4Qjc4V3ZyTy1JOUZNT0tuUDRlTE9UeGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNzRjYTItM2RlNi00YjY5LWEwMDAtOTRkMWI4OWY4Y2Iy
LzEvc1NaNlVheTJieW1SdnFVa1AtT0lCb2x4b2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgIytMA0G
CSqGSIb3DQEBCwUAA4IBAQB/CnES9Wuf4ojHosHUlk6FkDKKWTzs5talJlHaw411
6K0kHujKFg0L9YbY75JDnXlPBzQujK9IIOkuivxXe5zaMeCZTCSR6kBZs62oCiRK
o0ysIYLjbfmBMdnLBDsc6gSq0oGjrFk44cmZbS1jZ7AD84h6sdpgmmxIThpDd1wU
u+bxmb/cNHf74sd8flKaL3i29D2zikw8eWEr7tDv8G9HY+bXHXN0biRu5xYkGcKs
YpoChYKhbYGUpqEOVuCjNh37Y8bi+aC1ZljcSwpMdW1JLkm/yoKMopvrvinKajI6
JtKKWzAUWW0WQcIFh2vnTfO93VCQpAvcTandO+blYnpK
-----END CERTIFICATE-----