This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/8wHxEf_a5DMx3kWRwcPhO-_myL4.roa
File:                     8wHxEf_a5DMx3kWRwcPhO-_myL4.roa (raw, json)
Hash identifier:          XYjCTB2g79uUsrRDpowCr+2FCDX4TzfS3kBVhizseq0=
Subject key identifier:   F3:01:F1:11:FF:DA:E4:33:31:DE:45:91:C1:C3:E1:3B:EF:E6:C8:BE
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       019B7AC7F135DDCB70181E2312BC966753E6
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/8wHxEf_a5DMx3kWRwcPhO-_myL4.roa
Signing time:             Thu 01 Jan 2026 18:18:02 +0000
ROA not before:           Thu 01 Jan 2026 18:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12871
IP address blocks:        145.78.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:f1:35:dd:cb:70:18:1e:23:12:bc:96:67:53:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 18:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f301f111ffdae43331de4591c1c3e13befe6c8be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8b:cc:43:61:14:d8:10:22:4f:b8:26:af:38:
                    f2:0f:cc:e0:5a:4f:09:7e:1c:a8:52:73:f6:31:3c:
                    b7:2e:2e:72:f0:2f:a3:93:73:f8:12:b2:71:a6:04:
                    40:ac:4e:dd:39:b7:e1:12:49:71:4a:60:88:31:2f:
                    2f:68:ad:e3:cc:d5:48:37:eb:be:89:68:d2:48:0e:
                    38:91:c7:75:c5:b3:38:07:f9:5a:b5:d6:a2:70:77:
                    a0:11:ec:25:a2:c1:37:5e:c6:5b:f5:89:17:b1:70:
                    a8:5e:f1:6e:36:62:3b:d2:dd:52:96:cc:5f:4c:4e:
                    12:a1:78:32:71:4f:ad:62:81:80:16:25:5d:15:d6:
                    a1:33:3d:53:a9:b4:8b:55:2f:5f:fa:56:87:7c:2f:
                    2b:81:c6:6c:a2:53:5c:e2:fe:e5:8d:91:6c:94:d4:
                    e4:e8:d5:03:c2:85:6e:2d:f5:9f:4e:25:1d:80:d1:
                    d4:cd:e1:14:5e:15:63:cb:61:b3:cc:dc:3f:8e:47:
                    b0:dc:b8:a9:b6:31:10:c6:13:9c:22:e9:48:f9:1f:
                    ea:4f:66:74:ac:6f:e4:c6:0e:d0:d7:e7:ab:73:ee:
                    6e:4f:b4:a2:a2:9d:a8:7a:54:f0:ff:ab:18:c3:1d:
                    2c:c9:fa:12:49:8b:92:60:7b:68:bb:cd:a9:82:a7:
                    80:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:01:F1:11:FF:DA:E4:33:31:DE:45:91:C1:C3:E1:3B:EF:E6:C8:BE
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/8wHxEf_a5DMx3kWRwcPhO-_myL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.78.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:03:b0:2e:2a:d7:7f:23:dd:06:a2:a2:4d:ad:2f:ae:47:22:
         5d:27:a1:7d:05:73:88:56:0f:5d:74:dd:e3:91:ad:b9:c8:8c:
         fe:4e:77:e4:72:dd:93:4e:74:dd:99:f7:bf:ff:15:d3:e1:44:
         cc:cd:51:98:ff:9a:7c:52:bd:3f:c9:7e:4f:23:69:be:54:26:
         14:bd:5b:9f:0a:92:5b:34:5a:fd:bc:1d:45:98:65:45:4a:8b:
         85:d1:3f:7e:ed:c3:3a:dd:f2:63:6e:da:8f:ad:e9:63:7a:b6:
         ae:7f:b2:8b:98:a1:af:1d:d4:a4:03:d0:a7:c2:94:9b:02:7c:
         7b:b0:25:4d:d8:ab:61:e6:e1:e0:42:7f:34:b6:c4:3e:95:50:
         cf:e9:ef:0a:c0:59:f2:e2:d7:01:86:cb:df:f2:97:bf:70:83:
         71:4a:ac:0f:48:5b:5c:2e:eb:58:a7:cb:b1:d0:10:f6:5b:cb:
         14:ca:66:0a:73:76:eb:80:6a:5a:14:e5:e0:f4:74:af:ba:77:
         9d:8f:1f:03:d6:27:9f:c6:b7:0b:70:c9:f6:79:f2:45:40:ee:
         e3:67:e6:9e:41:66:2a:46:75:95:d5:be:f5:95:8e:8b:c2:6d:
         65:f3:4d:cc:fe:e0:74:e2:d8:05:e4:b0:ca:0c:6c:c6:fa:6d:
         33:5e:e7:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x/E13ctwGB4jEryWZ1PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjYwMTAxMTgxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzAxZjExMWZmZGFlNDMzMzFkZTQ1OTFjMWMzZTEzYmVmZTZjOGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IvMQ2EU2BAiT7gmrzjyD8zgWk8J
fhyoUnP2MTy3Li5y8C+jk3P4ErJxpgRArE7dObfhEklxSmCIMS8vaK3jzNVIN+u+
iWjSSA44kcd1xbM4B/latdaicHegEewlosE3XsZb9YkXsXCoXvFuNmI70t1Slsxf
TE4SoXgycU+tYoGAFiVdFdahMz1TqbSLVS9f+laHfC8rgcZsolNc4v7ljZFslNTk
6NUDwoVuLfWfTiUdgNHUzeEUXhVjy2GzzNw/jkew3LiptjEQxhOcIulI+R/qT2Z0
rG/kxg7Q1+erc+5uT7Siop2oelTw/6sYwx0syfoSSYuSYHtou82pgqeA2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMB8RH/2uQzMd5FkcHD4Tvv5si+MB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvOHdIeEVmX2E1RE14M2tXUndjUGhPLV9teUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkU4dMA0G
CSqGSIb3DQEBCwUAA4IBAQBNA7AuKtd/I90GoqJNrS+uRyJdJ6F9BXOIVg9ddN3j
ka25yIz+Tnfkct2TTnTdmfe//xXT4UTMzVGY/5p8Ur0/yX5PI2m+VCYUvVufCpJb
NFr9vB1FmGVFSouF0T9+7cM63fJjbtqPreljerauf7KLmKGvHdSkA9CnwpSbAnx7
sCVN2Kth5uHgQn80tsQ+lVDP6e8KwFny4tcBhsvf8pe/cINxSqwPSFtcLutYp8ux
0BD2W8sUymYKc3brgGpaFOXg9HSvunedjx8D1iefxrcLcMn2efJFQO7jZ+aeQWYq
RnWV1b71lY6Lwm1l803M/uB04tgF5LDKDGzG+m0zXuci
-----END CERTIFICATE-----