This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/SDDpCfEvPP3Fzd7OmIbOls11ROY.roa
File:                     SDDpCfEvPP3Fzd7OmIbOls11ROY.roa (raw, json)
Hash identifier:          ZKfz6rEjEgr4JLEIhQ4IpeeIKddetOb6XRdvez+f4cg=
Subject key identifier:   48:30:E9:09:F1:2F:3C:FD:C5:CD:DE:CE:98:86:CE:96:CD:75:44:E6
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       019B7D5D1098C63E2B2AAD4C31FAB90CF3B8
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/SDDpCfEvPP3Fzd7OmIbOls11ROY.roa
Signing time:             Fri 02 Jan 2026 06:20:09 +0000
ROA not before:           Fri 02 Jan 2026 06:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211746
IP address blocks:        78.133.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:10:98:c6:3e:2b:2a:ad:4c:31:fa:b9:0c:f3:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  2 06:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4830e909f12f3cfdc5cddece9886ce96cd7544e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a7:7b:e7:62:b7:57:f4:8f:e8:d4:46:c1:34:
                    d5:e3:3c:14:e0:31:10:31:8e:b6:12:6c:4d:6e:61:
                    1c:83:5c:42:a1:07:dc:e0:86:58:39:89:39:94:40:
                    7d:eb:ef:17:cd:2e:0d:ef:91:0b:e1:7f:64:8f:49:
                    c4:91:3f:41:6f:5d:3a:f1:2a:51:11:27:09:2c:f3:
                    bc:15:5b:c8:f0:3c:ef:f0:9b:4a:4e:e1:d4:40:ab:
                    3f:66:46:27:87:51:2b:10:2c:7a:bf:1b:e9:31:45:
                    3e:51:dc:72:39:e7:26:e1:4b:63:33:4a:26:96:b7:
                    63:46:fe:4d:9e:d1:bf:e8:56:e8:e6:c1:0e:36:c4:
                    00:f4:4d:f4:ec:7f:f0:48:4a:28:5c:b2:95:54:28:
                    a1:42:7f:c3:b1:0f:02:76:dc:88:51:0d:4b:4f:ed:
                    1e:b8:45:f2:c5:28:af:57:84:60:dd:63:26:65:7b:
                    52:40:ec:0d:af:bf:49:47:a7:b9:77:8b:21:8c:f8:
                    18:47:4b:99:cc:b7:0e:52:94:3a:7a:28:35:79:69:
                    19:5f:3a:25:1c:e5:52:30:6d:13:95:90:4f:02:a0:
                    96:3c:8e:c5:25:c7:2c:9b:9e:b7:22:ed:1d:53:06:
                    6f:0e:41:83:15:49:de:b1:1b:3d:7c:5e:49:70:bf:
                    68:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:30:E9:09:F1:2F:3C:FD:C5:CD:DE:CE:98:86:CE:96:CD:75:44:E6
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/SDDpCfEvPP3Fzd7OmIbOls11ROY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.133.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:c7:62:56:49:1f:f0:43:54:7c:a0:87:2b:bb:6c:8b:82:c9:
         38:e1:04:72:af:28:ef:e8:3e:7c:95:9f:30:ce:b6:41:b0:48:
         26:d0:e5:6c:5d:57:b4:57:86:49:8b:23:42:1d:8f:a2:2b:40:
         ff:b5:a3:b5:b6:90:ed:d2:1e:13:7b:33:0c:49:97:60:0e:1f:
         47:1b:5e:f7:fc:8a:cc:6c:be:19:65:ea:af:b6:6c:3e:df:41:
         b8:8b:7a:8b:a5:6d:18:f8:0b:7c:63:f7:39:c8:9b:1c:46:8a:
         a2:57:a3:71:f9:c3:35:33:a5:f9:96:2b:5e:43:a6:48:0c:49:
         1d:75:79:94:38:a3:f9:a1:6d:7e:7d:d3:30:dd:17:21:4c:e2:
         68:43:af:5b:12:e2:7a:1c:23:50:1a:5b:c9:bd:3a:ac:6e:7f:
         69:e2:70:4f:d2:c6:b1:0b:f0:80:ba:2a:72:7f:3a:be:e9:47:
         78:6a:dd:58:90:7e:cc:4a:c9:34:4f:90:4d:fa:74:0b:b1:b1:
         cd:b0:32:9f:26:28:1c:1e:03:db:c4:cc:6e:b5:9d:35:9b:03:
         25:fb:45:7e:b5:53:ee:a2:97:b7:c6:a9:f1:a8:ec:3c:3b:58:
         fa:b7:6e:ba:8c:70:ec:66:cd:e7:9f:19:2c:2d:0a:45:b6:79:
         e0:8a:99:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XRCYxj4rKq1MMfq5DPO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjYwMTAyMDYyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODMwZTkwOWYxMmYzY2ZkYzVjZGRlY2U5ODg2Y2U5NmNkNzU0NGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKd752K3V/SP6NRGwTTV4zwU4DEQ
MY62EmxNbmEcg1xCoQfc4IZYOYk5lEB96+8XzS4N75EL4X9kj0nEkT9Bb1068SpR
EScJLPO8FVvI8Dzv8JtKTuHUQKs/ZkYnh1ErECx6vxvpMUU+UdxyOecm4UtjM0om
lrdjRv5NntG/6Fbo5sEONsQA9E307H/wSEooXLKVVCihQn/DsQ8CdtyIUQ1LT+0e
uEXyxSivV4Rg3WMmZXtSQOwNr79JR6e5d4shjPgYR0uZzLcOUpQ6eig1eWkZXzol
HOVSMG0TlZBPAqCWPI7FJccsm563Iu0dUwZvDkGDFUnesRs9fF5JcL9oVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgw6QnxLzz9xc3ezpiGzpbNdUTmMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvU0REcENmRXZQUDNGemQ3T21JYk9sczExUk9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToWmMA0G
CSqGSIb3DQEBCwUAA4IBAQCAx2JWSR/wQ1R8oIcru2yLgsk44QRyryjv6D58lZ8w
zrZBsEgm0OVsXVe0V4ZJiyNCHY+iK0D/taO1tpDt0h4TezMMSZdgDh9HG173/IrM
bL4ZZeqvtmw+30G4i3qLpW0Y+At8Y/c5yJscRoqiV6Nx+cM1M6X5liteQ6ZIDEkd
dXmUOKP5oW1+fdMw3RchTOJoQ69bEuJ6HCNQGlvJvTqsbn9p4nBP0saxC/CAuipy
fzq+6Ud4at1YkH7MSsk0T5BN+nQLsbHNsDKfJigcHgPbxMxutZ01mwMl+0V+tVPu
ope3xqnxqOw8O1j6t266jHDsZs3nnxksLQpFtnngipnB
-----END CERTIFICATE-----