This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/A8FQMW7_pJShj3pKjFQFZpYYroc.roa
File:                     A8FQMW7_pJShj3pKjFQFZpYYroc.roa (raw, json)
Hash identifier:          OPhgIyUnvcK9G6uaVUcWSc5r7urFF1UNgOW7ZVhgohY=
Subject key identifier:   03:C1:50:31:6E:FF:A4:94:A1:8F:7A:4A:8C:54:05:66:96:18:AE:87
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       019B7D5D0539D2430A1FFD841C48FF8799D9
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/A8FQMW7_pJShj3pKjFQFZpYYroc.roa
Signing time:             Fri 02 Jan 2026 06:20:06 +0000
ROA not before:           Fri 02 Jan 2026 06:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197848
IP address blocks:        78.133.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:05:39:d2:43:0a:1f:fd:84:1c:48:ff:87:99:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  2 06:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03c150316effa494a18f7a4a8c5405669618ae87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8c:7a:6b:33:cd:1a:58:f2:65:25:1a:62:2b:
                    1f:37:a4:25:8f:03:c6:74:2e:f3:0f:bb:b6:8b:a4:
                    ab:71:17:f0:3a:54:70:2e:22:bc:99:ab:5d:44:86:
                    2b:21:a0:1a:e1:ec:37:f0:c5:07:b0:06:4d:4f:cb:
                    5e:16:88:dc:3f:02:86:73:ca:42:c3:a7:9b:6c:c9:
                    8c:76:32:64:b4:e9:8e:60:cb:52:bb:37:5a:e2:b6:
                    c6:ea:7f:85:00:81:12:c9:75:55:d3:61:a5:ca:2c:
                    a1:a9:57:67:76:97:3b:3f:8c:a1:2b:bf:ad:87:b6:
                    27:cd:aa:93:88:01:af:f0:20:03:06:9a:d7:b7:36:
                    31:be:2b:1f:40:b2:48:d8:dd:6b:7e:d3:cd:9b:87:
                    43:af:d2:2f:f1:54:dc:7b:b8:54:3a:e9:83:31:87:
                    3b:43:eb:e9:13:cb:40:5e:88:35:b4:74:c6:3d:38:
                    8b:63:a2:7e:f3:5b:67:20:84:39:5a:82:94:cc:47:
                    51:7b:b3:3c:28:a6:82:64:a6:37:31:a9:21:10:b9:
                    bb:c7:7b:58:e2:a8:ce:f0:0d:96:b5:13:26:c3:dc:
                    c5:ff:59:ce:6d:bc:84:0d:c7:a0:bb:c6:21:cd:cf:
                    9f:82:84:d8:66:28:aa:41:61:8f:7d:3a:94:1e:94:
                    c4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C1:50:31:6E:FF:A4:94:A1:8F:7A:4A:8C:54:05:66:96:18:AE:87
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/A8FQMW7_pJShj3pKjFQFZpYYroc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.133.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:2e:00:d6:ca:3b:2d:d1:49:58:7b:a8:7b:2e:da:e0:6f:6c:
         bd:3a:d3:fe:11:65:15:d5:77:ac:c5:93:99:1b:91:0a:50:64:
         06:e8:f0:24:f6:98:86:ab:f1:0e:d8:9b:79:6d:7d:e7:93:98:
         2a:1a:ae:ee:66:ab:b5:4e:21:58:44:24:0a:c5:38:60:c6:35:
         7d:7c:2f:62:45:2c:55:b6:0c:20:74:d2:3a:85:ea:2d:b0:68:
         40:4f:c1:30:65:73:e9:0c:81:aa:f2:4f:a5:9b:b6:28:82:08:
         43:19:b3:3f:f6:fe:9c:55:42:b1:4a:31:43:2a:3f:17:0c:01:
         1f:d4:0a:6c:2f:38:3d:8c:62:5a:25:31:11:d5:df:6c:70:7b:
         a7:d2:9c:a9:9d:fe:2c:ea:28:5b:0e:e3:7a:5b:bc:8e:cb:be:
         1e:86:41:03:92:f3:ba:91:99:66:2f:6d:af:97:26:7f:b8:dc:
         59:df:87:51:cd:2d:e7:0b:c9:2d:22:0c:e7:90:ea:68:c0:c2:
         b3:d2:8c:1c:4f:4d:92:58:b4:e7:89:43:72:8f:e4:ef:22:67:
         a3:95:85:37:7e:6e:4e:be:95:e1:8c:43:f3:f2:ac:1f:9b:af:
         ab:bb:ba:31:9d:c8:c0:b6:c2:b8:b3:22:e6:8e:2b:f4:95:0c:
         24:21:e3:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQU50kMKH/2EHEj/h5nZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjYwMTAyMDYyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2MxNTAzMTZlZmZhNDk0YTE4ZjdhNGE4YzU0MDU2Njk2MThhZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIx6azPNGljyZSUaYisfN6QljwPG
dC7zD7u2i6SrcRfwOlRwLiK8matdRIYrIaAa4ew38MUHsAZNT8teFojcPwKGc8pC
w6ebbMmMdjJktOmOYMtSuzda4rbG6n+FAIESyXVV02GlyiyhqVdndpc7P4yhK7+t
h7YnzaqTiAGv8CADBprXtzYxvisfQLJI2N1rftPNm4dDr9Iv8VTce7hUOumDMYc7
Q+vpE8tAXog1tHTGPTiLY6J+81tnIIQ5WoKUzEdRe7M8KKaCZKY3MakhELm7x3tY
4qjO8A2WtRMmw9zF/1nObbyEDcegu8Yhzc+fgoTYZiiqQWGPfTqUHpTEHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPBUDFu/6SUoY96SoxUBWaWGK6HMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvQThGUU1XN19wSlNoajNwS2pGUUZacFlZcm9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCToXwMA0G
CSqGSIb3DQEBCwUAA4IBAQCVLgDWyjst0UlYe6h7Ltrgb2y9OtP+EWUV1XesxZOZ
G5EKUGQG6PAk9piGq/EO2Jt5bX3nk5gqGq7uZqu1TiFYRCQKxThgxjV9fC9iRSxV
tgwgdNI6heotsGhAT8EwZXPpDIGq8k+lm7YogghDGbM/9v6cVUKxSjFDKj8XDAEf
1ApsLzg9jGJaJTER1d9scHun0pypnf4s6ihbDuN6W7yOy74ehkEDkvO6kZlmL22v
lyZ/uNxZ34dRzS3nC8ktIgznkOpowMKz0owcT02SWLTniUNyj+TvImejlYU3fm5O
vpXhjEPz8qwfm6+ru7oxncjAtsK4syLmjiv0lQwkIeNk
-----END CERTIFICATE-----