This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/ca1667-de8f-45dc-9007-5afe0c42cf77/1/l_d_CxebXDc82wsd4U0BFVkGTh0.roa
File:                     l_d_CxebXDc82wsd4U0BFVkGTh0.roa (raw, json)
Hash identifier:          uFClusAny8IXHB2cwB2oabcg7BQ3SgYHOlNBk9mPDms=
Subject key identifier:   97:F7:7F:0B:17:9B:5C:37:3C:DB:0B:1D:E1:4D:01:15:59:06:4E:1D
Certificate issuer:       /CN=8794d564360a521db598aee6e6a2f8d66921b6c5
Certificate serial:       019B7C111FEC9A11525B715DF0DC49BB25E5
Authority key identifier: 87:94:D5:64:36:0A:52:1D:B5:98:AE:E6:E6:A2:F8:D6:69:21:B6:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h5TVZDYKUh21mK7m5qL41mkhtsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/ca1667-de8f-45dc-9007-5afe0c42cf77/1/l_d_CxebXDc82wsd4U0BFVkGTh0.roa
Signing time:             Fri 02 Jan 2026 00:17:35 +0000
ROA not before:           Fri 02 Jan 2026 00:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44947
IP address blocks:        213.177.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/ca1667-de8f-45dc-9007-5afe0c42cf77/1/h5TVZDYKUh21mK7m5qL41mkhtsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/ca1667-de8f-45dc-9007-5afe0c42cf77/1/h5TVZDYKUh21mK7m5qL41mkhtsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h5TVZDYKUh21mK7m5qL41mkhtsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:1f:ec:9a:11:52:5b:71:5d:f0:dc:49:bb:25:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8794d564360a521db598aee6e6a2f8d66921b6c5
        Validity
            Not Before: Jan  2 00:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97f77f0b179b5c373cdb0b1de14d011559064e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2e:80:a0:39:84:4d:ca:bc:03:76:b1:71:ab:
                    f1:88:49:6b:9d:e5:b6:60:0e:aa:cc:91:ae:0b:16:
                    02:a1:c7:a2:d2:a4:66:ae:7c:9b:6c:44:60:ff:2e:
                    e4:71:9c:c9:0a:17:d4:8f:46:2c:f8:d3:34:90:6b:
                    45:c5:da:26:eb:f3:ae:17:96:dc:8c:c0:f5:06:8f:
                    0d:d3:a0:c8:d3:fe:1c:c0:ea:fb:d5:66:83:3e:54:
                    41:9f:96:1e:fb:30:21:8a:bb:ad:24:97:fa:fb:5e:
                    7f:2b:cc:4e:8f:1f:3a:56:c9:34:58:e1:bf:aa:ce:
                    ad:99:bc:f3:82:4d:6d:bb:07:21:d9:d5:c6:2b:f0:
                    90:2c:b1:7b:63:40:85:50:a6:95:95:22:8b:9a:82:
                    30:6b:87:83:53:31:f0:e2:e3:9f:bb:72:a2:93:8a:
                    7c:70:da:1b:d3:a7:20:82:bd:1b:12:e9:44:e2:aa:
                    40:1c:a9:75:72:36:67:c5:8e:29:bf:77:85:09:2a:
                    17:68:35:cc:f4:00:7c:3c:48:66:09:ff:5b:2d:4e:
                    92:66:a1:34:c7:97:1b:94:4b:b1:46:8c:da:60:3f:
                    eb:d2:cb:82:b2:01:59:02:1e:b9:d8:8a:cd:1c:38:
                    09:87:33:8c:17:91:2f:26:75:db:47:ec:2c:c3:81:
                    ae:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F7:7F:0B:17:9B:5C:37:3C:DB:0B:1D:E1:4D:01:15:59:06:4E:1D
            X509v3 Authority Key Identifier:
                keyid:87:94:D5:64:36:0A:52:1D:B5:98:AE:E6:E6:A2:F8:D6:69:21:B6:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h5TVZDYKUh21mK7m5qL41mkhtsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ca1667-de8f-45dc-9007-5afe0c42cf77/1/l_d_CxebXDc82wsd4U0BFVkGTh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ca1667-de8f-45dc-9007-5afe0c42cf77/1/h5TVZDYKUh21mK7m5qL41mkhtsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.177.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:63:a0:94:32:6e:08:94:1d:d1:62:9c:1e:b3:8e:2b:71:21:
         5b:e1:80:7e:00:46:4f:9f:5d:09:41:0d:2c:bd:05:45:ba:1e:
         78:a4:5b:d0:45:45:22:0a:dd:37:ad:b5:d8:ae:ae:1c:4c:a8:
         f0:d5:fe:c0:fd:9b:7b:a7:8b:9f:9c:1d:b8:72:a0:32:f6:10:
         14:3c:12:11:b9:f6:2c:5d:7f:84:fd:b0:55:1c:81:d8:f7:c4:
         53:d6:52:88:48:44:a0:e6:fa:8b:ec:4a:65:17:86:da:07:cf:
         51:3f:79:fa:10:38:26:d6:88:de:14:79:7c:b3:28:b2:50:d3:
         db:f6:e7:78:6e:50:49:65:d6:3e:42:d9:b7:6c:29:45:cd:0b:
         be:0e:02:5e:7c:62:1e:4b:93:0d:8a:a8:fa:15:c3:28:9b:4e:
         98:95:b6:80:fe:7b:07:0f:f3:19:80:27:d3:8d:bc:c4:da:41:
         31:ce:38:22:66:86:53:eb:de:0b:77:06:1a:54:97:32:9f:da:
         a5:c3:13:9a:dd:26:b7:b7:34:8f:0b:8c:2e:79:2a:65:de:39:
         bc:2e:60:d6:47:4f:20:51:65:88:cc:db:b5:3b:00:f4:7e:7c:
         c5:4f:ce:e7:3e:08:a5:af:d2:2c:e1:e2:43:6c:17:e5:30:b8:
         be:3c:29:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ER/smhFSW3Fd8NxJuyXlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OTRkNTY0MzYwYTUyMWRiNTk4YWVlNmU2YTJmOGQ2Njky
MWI2YzUwHhcNMjYwMTAyMDAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2Y3N2YwYjE3OWI1YzM3M2NkYjBiMWRlMTRkMDExNTU5MDY0ZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy6AoDmETcq8A3axcavxiElrneW2
YA6qzJGuCxYCocei0qRmrnybbERg/y7kcZzJChfUj0Ys+NM0kGtFxdom6/OuF5bc
jMD1Bo8N06DI0/4cwOr71WaDPlRBn5Ye+zAhirutJJf6+15/K8xOjx86Vsk0WOG/
qs6tmbzzgk1tuwch2dXGK/CQLLF7Y0CFUKaVlSKLmoIwa4eDUzHw4uOfu3Kik4p8
cNob06cggr0bEulE4qpAHKl1cjZnxY4pv3eFCSoXaDXM9AB8PEhmCf9bLU6SZqE0
x5cblEuxRozaYD/r0suCsgFZAh652IrNHDgJhzOMF5EvJnXbR+wsw4GuNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJf3fwsXm1w3PNsLHeFNARVZBk4dMB8GA1UdIwQY
MBaAFIeU1WQ2ClIdtZiu5uai+NZpIbbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDVUVlpEWUtVaDIxbUs3bTVxTDQxbWtodHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jYTE2NjctZGU4Zi00NWRjLTkwMDct
NWFmZTBjNDJjZjc3LzEvbF9kX0N4ZWJYRGM4MndzZDRVMEJGVmtHVGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jYTE2NjctZGU4Zi00NWRjLTkwMDctNWFmZTBjNDJjZjc3
LzEvaDVUVlpEWUtVaDIxbUs3bTVxTDQxbWtodHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bGzMA0G
CSqGSIb3DQEBCwUAA4IBAQCwY6CUMm4IlB3RYpwes44rcSFb4YB+AEZPn10JQQ0s
vQVFuh54pFvQRUUiCt03rbXYrq4cTKjw1f7A/Zt7p4ufnB24cqAy9hAUPBIRufYs
XX+E/bBVHIHY98RT1lKISESg5vqL7EplF4baB89RP3n6EDgm1ojeFHl8syiyUNPb
9ud4blBJZdY+Qtm3bClFzQu+DgJefGIeS5MNiqj6FcMom06YlbaA/nsHD/MZgCfT
jbzE2kExzjgiZoZT694LdwYaVJcyn9qlwxOa3Sa3tzSPC4wueSpl3jm8LmDWR08g
UWWIzNu1OwD0fnzFT87nPgilr9Is4eJDbBflMLi+PClr
-----END CERTIFICATE-----