This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/TO2pU0kiNSvNGcHgRhr3eESS4cM.roa
File:                     TO2pU0kiNSvNGcHgRhr3eESS4cM.roa (raw, json)
Hash identifier:          9IXSdgjhXk3t73jm+3n3Ko9we5u4hEsJ+0vaDFlB6Ls=
Subject key identifier:   4C:ED:A9:53:49:22:35:2B:CD:19:C1:E0:46:1A:F7:78:44:92:E1:C3
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019B7E37E89290C1AA7AD184EF36E685C6D3
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/TO2pU0kiNSvNGcHgRhr3eESS4cM.roa
Signing time:             Fri 02 Jan 2026 10:19:11 +0000
ROA not before:           Fri 02 Jan 2026 10:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59623
IP address blocks:        178.239.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:e8:92:90:c1:aa:7a:d1:84:ef:36:e6:85:c6:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 10:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ceda9534922352bcd19c1e0461af7784492e1c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:3c:51:fa:57:f6:d1:af:10:ed:10:69:71:46:
                    1d:07:f7:97:90:8a:a0:cb:14:03:63:dc:ec:38:f8:
                    90:5e:b5:db:52:cf:01:35:53:f3:de:27:82:c3:de:
                    7d:eb:5e:ba:97:9c:fd:da:d2:83:d2:0a:21:ba:c9:
                    14:53:2c:5e:ef:68:6d:e3:9e:b3:86:30:fd:84:b0:
                    16:14:3f:b0:6a:98:56:a9:df:f3:0f:02:9d:fd:2c:
                    29:0e:46:32:d6:a0:33:c1:1a:f9:ae:47:1e:5c:19:
                    71:a5:31:4e:78:8d:36:81:26:20:44:70:59:b2:19:
                    44:b2:fc:90:55:a7:33:db:d9:bf:1e:ca:86:c8:ea:
                    31:d9:f8:ce:fe:c6:b0:e7:f7:57:df:de:5a:3a:5c:
                    36:81:cb:b7:2f:f0:ea:05:76:a3:c2:16:1f:3e:5b:
                    d3:ac:4e:62:2e:0a:6e:6b:46:8a:51:2e:9e:db:61:
                    b9:d8:9e:14:bd:7c:92:f2:48:cf:23:e7:94:49:a7:
                    35:1d:76:fe:07:53:99:9f:0e:2a:fa:01:fa:55:bc:
                    e5:f2:98:1a:de:5a:a5:71:ab:dd:ca:55:83:44:93:
                    6c:7d:b3:f9:97:ba:d3:dc:e1:82:b2:08:76:e7:27:
                    24:92:c1:f2:d9:63:64:03:b8:03:a4:5f:40:67:93:
                    86:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:ED:A9:53:49:22:35:2B:CD:19:C1:E0:46:1A:F7:78:44:92:E1:C3
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/TO2pU0kiNSvNGcHgRhr3eESS4cM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:78:57:3e:7c:95:5e:8a:50:bf:23:91:96:b7:4a:2f:48:ea:
         e6:2a:45:66:7e:63:ab:91:5e:ec:71:b3:09:65:10:37:53:77:
         e1:a3:4e:1f:9e:01:c1:af:42:6e:b1:a9:38:8b:1f:20:58:19:
         44:f2:f4:44:ac:61:06:71:aa:5b:3e:70:e5:85:1b:d1:27:83:
         f5:01:06:1b:e4:e9:47:1a:95:54:df:d0:0e:8a:c8:5b:cf:56:
         20:74:2d:43:a0:24:23:a0:59:d0:80:6e:99:f3:89:af:59:4e:
         7b:00:0e:1b:0d:d4:2e:8c:03:a6:88:7b:f5:a3:f9:01:97:fa:
         83:e6:e2:5b:1d:b7:99:0d:6a:a4:1e:49:02:30:fb:91:27:00:
         fd:b0:37:7d:49:1b:90:0d:3f:81:cf:df:14:c7:bf:eb:75:ba:
         21:36:de:9b:d9:79:d2:52:28:75:b2:74:41:05:c6:5e:72:7e:
         61:64:05:e2:e6:8d:77:cd:5f:4b:88:9e:3c:92:44:75:41:22:
         bb:51:52:c0:89:a2:d9:65:08:f5:25:32:90:51:b0:c0:6c:84:
         a4:d5:c3:8a:7e:d7:2c:c9:d2:ab:a3:6b:84:42:12:77:36:f6:
         4a:20:34:62:d5:15:2f:d0:63:61:fc:ec:98:da:8a:40:d6:05:
         e5:1b:80:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N+iSkMGqetGE7zbmhcbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwMTAyMTAxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2VkYTk1MzQ5MjIzNTJiY2QxOWMxZTA0NjFhZjc3ODQ0OTJlMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzxR+lf20a8Q7RBpcUYdB/eXkIqg
yxQDY9zsOPiQXrXbUs8BNVPz3ieCw9596166l5z92tKD0gohuskUUyxe72ht456z
hjD9hLAWFD+waphWqd/zDwKd/SwpDkYy1qAzwRr5rkceXBlxpTFOeI02gSYgRHBZ
shlEsvyQVacz29m/HsqGyOox2fjO/saw5/dX395aOlw2gcu3L/DqBXajwhYfPlvT
rE5iLgpua0aKUS6e22G52J4UvXyS8kjPI+eUSac1HXb+B1OZnw4q+gH6Vbzl8pga
3lqlcavdylWDRJNsfbP5l7rT3OGCsgh25yckksHy2WNkA7gDpF9AZ5OGgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEztqVNJIjUrzRnB4EYa93hEkuHDMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvVE8ycFUwa2lOU3ZOR2NIZ1JocjNlRVNTNGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+TMA0G
CSqGSIb3DQEBCwUAA4IBAQALeFc+fJVeilC/I5GWt0ovSOrmKkVmfmOrkV7scbMJ
ZRA3U3fho04fngHBr0Jusak4ix8gWBlE8vRErGEGcapbPnDlhRvRJ4P1AQYb5OlH
GpVU39AOishbz1YgdC1DoCQjoFnQgG6Z84mvWU57AA4bDdQujAOmiHv1o/kBl/qD
5uJbHbeZDWqkHkkCMPuRJwD9sDd9SRuQDT+Bz98Ux7/rdbohNt6b2XnSUih1snRB
BcZecn5hZAXi5o13zV9LiJ48kkR1QSK7UVLAiaLZZQj1JTKQUbDAbISk1cOKftcs
ydKro2uEQhJ3NvZKIDRi1RUv0GNh/OyY2opA1gXlG4Cc
-----END CERTIFICATE-----