This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/_1Ck2zOMmaEKy6jWTA2To4WXHOc.roa
File:                     _1Ck2zOMmaEKy6jWTA2To4WXHOc.roa (raw, json)
Hash identifier:          PosaMGaTcyPhx+0qx4rcwdvlDm/JVQKWlg+9OoGTG24=
Subject key identifier:   FF:50:A4:DB:33:8C:99:A1:0A:CB:A8:D6:4C:0D:93:A3:85:97:1C:E7
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       019B7E3887B94A20CEC0547BF2461827FAF2
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/_1Ck2zOMmaEKy6jWTA2To4WXHOc.roa
Signing time:             Fri 02 Jan 2026 10:19:52 +0000
ROA not before:           Fri 02 Jan 2026 10:19:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48900
IP address blocks:        78.130.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:87:b9:4a:20:ce:c0:54:7b:f2:46:18:27:fa:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  2 10:19:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff50a4db338c99a10acba8d64c0d93a385971ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ca:e4:54:66:86:f7:cb:bc:bb:f3:e7:e2:ca:
                    d9:a9:48:cc:cf:e3:3e:25:25:b3:0e:4f:bb:93:61:
                    e2:49:be:c7:8f:19:bf:d9:18:d5:a7:e0:01:91:2d:
                    ad:c3:b2:13:b2:82:18:63:a2:1b:e5:5b:94:20:0e:
                    d1:43:13:2b:cb:9c:7e:48:81:c7:62:7f:4f:6d:ac:
                    c1:ab:56:9c:7b:7d:06:b5:ab:82:87:86:28:2e:08:
                    0b:ea:99:ff:f1:f9:1f:1b:f1:4a:7c:03:a0:cb:bd:
                    2e:17:36:0b:3e:ab:c9:4b:43:8b:6a:6a:9e:a5:d2:
                    34:92:41:03:fe:d0:79:05:d0:98:b3:e7:48:c1:98:
                    7c:92:64:61:6a:15:c9:ab:60:67:64:aa:cf:9a:15:
                    1e:ba:3d:7b:cf:a6:5e:5f:ca:72:71:b4:bb:37:c7:
                    79:a0:13:36:1e:39:74:1a:0b:2b:a7:e7:29:4b:ee:
                    78:7e:28:a9:19:c0:67:54:04:7d:e0:15:e3:f1:b1:
                    e1:8c:e0:b5:d8:e2:9b:e1:54:e9:b3:a2:34:9b:e3:
                    fb:19:cc:a1:45:33:3d:7d:b1:0f:8e:e1:51:e3:48:
                    0b:bb:0d:1c:24:01:c5:68:cd:89:09:24:70:57:8f:
                    b1:43:da:da:56:72:44:94:d1:b3:89:c4:28:75:f1:
                    be:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:50:A4:DB:33:8C:99:A1:0A:CB:A8:D6:4C:0D:93:A3:85:97:1C:E7
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/_1Ck2zOMmaEKy6jWTA2To4WXHOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.130.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:f4:65:8a:ff:bd:c6:34:7d:6f:8f:ea:ff:b8:b4:5a:3e:71:
         f3:1f:4e:e2:ff:ba:8d:98:e0:e1:ff:a1:ca:c3:bd:47:0d:d6:
         b7:b0:ff:0e:8a:ab:ea:39:f6:07:30:13:40:24:81:57:7f:d6:
         a9:54:40:ae:3d:d6:f1:75:ee:01:7a:cd:86:45:09:8d:67:5d:
         0b:be:5f:bf:dc:7d:c7:88:2a:b5:a0:87:6f:5d:47:e4:75:17:
         70:9a:27:da:78:b4:a0:5f:ba:c9:45:00:8f:e0:21:2a:a1:c9:
         8b:9d:98:c4:24:6e:7e:56:bc:41:fd:51:e3:c6:f8:13:3f:6a:
         28:56:61:bd:91:1e:c2:00:16:d9:c7:31:1e:45:73:91:64:09:
         29:f5:18:49:91:b1:6e:87:82:17:08:ba:ed:67:f0:e9:9b:fd:
         e1:e3:93:ad:93:63:9a:0e:6a:f8:c1:f6:22:9c:9b:0a:c1:0b:
         08:e9:4b:f4:b7:22:d6:a6:2c:53:fc:fe:b2:a1:c3:99:4e:55:
         74:20:a6:0a:9b:4e:1a:e6:ab:e9:2f:81:2d:5c:ba:97:64:7f:
         0d:97:ae:9e:3c:eb:b6:3e:25:f5:56:4c:31:d8:af:ca:ce:9e:
         6f:ff:34:82:95:f6:e0:3b:fc:39:1f:00:0a:51:19:50:0c:e3:
         2d:9c:fe:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OIe5SiDOwFR78kYYJ/ryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjYwMTAyMTAxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjUwYTRkYjMzOGM5OWExMGFjYmE4ZDY0YzBkOTNhMzg1OTcxY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38rkVGaG98u8u/Pn4srZqUjMz+M+
JSWzDk+7k2HiSb7Hjxm/2RjVp+ABkS2tw7ITsoIYY6Ib5VuUIA7RQxMry5x+SIHH
Yn9PbazBq1ace30GtauCh4YoLggL6pn/8fkfG/FKfAOgy70uFzYLPqvJS0OLamqe
pdI0kkED/tB5BdCYs+dIwZh8kmRhahXJq2BnZKrPmhUeuj17z6ZeX8pycbS7N8d5
oBM2Hjl0Ggsrp+cpS+54fiipGcBnVAR94BXj8bHhjOC12OKb4VTps6I0m+P7Gcyh
RTM9fbEPjuFR40gLuw0cJAHFaM2JCSRwV4+xQ9raVnJElNGzicQodfG+zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9QpNszjJmhCsuo1kwNk6OFlxznMB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvXzFDazJ6T01tYUVLeTZqV1RBMlRvNFdYSE9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToKAMA0G
CSqGSIb3DQEBCwUAA4IBAQBR9GWK/73GNH1vj+r/uLRaPnHzH07i/7qNmODh/6HK
w71HDda3sP8OiqvqOfYHMBNAJIFXf9apVECuPdbxde4Bes2GRQmNZ10Lvl+/3H3H
iCq1oIdvXUfkdRdwmifaeLSgX7rJRQCP4CEqocmLnZjEJG5+VrxB/VHjxvgTP2oo
VmG9kR7CABbZxzEeRXORZAkp9RhJkbFuh4IXCLrtZ/Dpm/3h45Otk2OaDmr4wfYi
nJsKwQsI6Uv0tyLWpixT/P6yocOZTlV0IKYKm04a5qvpL4EtXLqXZH8Nl66ePOu2
PiX1Vkwx2K/Kzp5v/zSClfbgO/w5HwAKURlQDOMtnP75
-----END CERTIFICATE-----