This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/iVQy5SoSM4zkBUfQGE_Ln3tM0tE.roa
File:                     iVQy5SoSM4zkBUfQGE_Ln3tM0tE.roa (raw, json)
Hash identifier:          u0/p39IWrD8QpSLa+CIZwp7Qq2RGh/gjiOP2gVYoORQ=
Subject key identifier:   89:54:32:E5:2A:12:33:8C:E4:05:47:D0:18:4F:CB:9F:7B:4C:D2:D1
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019BC5E18E28D8160D536350D4D8A1516BA9
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/iVQy5SoSM4zkBUfQGE_Ln3tM0tE.roa
Signing time:             Fri 16 Jan 2026 08:17:32 +0000
ROA not before:           Fri 16 Jan 2026 08:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213751
IP address blocks:        78.40.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 03:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c5:e1:8e:28:d8:16:0d:53:63:50:d4:d8:a1:51:6b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan 16 08:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=895432e52a12338ce40547d0184fcb9f7b4cd2d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:81:ec:99:35:0c:94:f8:d1:af:0e:6a:8a:3d:
                    54:dc:88:5f:a7:51:12:ef:87:25:4b:36:94:35:ef:
                    0b:9e:9b:1a:b1:b7:97:4e:fe:94:66:00:45:5f:3e:
                    64:a9:a7:3c:30:7c:4a:46:e5:b2:44:eb:8b:dc:4c:
                    2f:19:91:99:08:1f:31:d3:0d:b7:de:81:aa:6f:83:
                    8d:4c:51:fe:83:46:5e:d0:a8:69:c0:f3:ad:d2:09:
                    23:31:17:ba:22:52:0a:5a:02:09:18:0d:7f:2a:96:
                    78:b2:dd:4b:b2:90:ba:aa:6d:44:aa:2b:cc:d6:06:
                    ec:17:6b:4e:26:66:ad:ad:d5:c8:78:88:e4:99:a8:
                    36:24:04:70:b0:30:4d:24:7c:20:f6:47:20:07:5e:
                    b9:fd:81:e8:a7:ee:65:e4:6c:55:1e:7c:92:85:28:
                    10:51:c2:4a:f2:b0:da:f7:3b:d6:38:1f:68:9b:24:
                    53:49:45:0f:0b:1f:cb:bf:bb:0c:d8:9b:83:10:ed:
                    c9:40:bf:e6:9a:c1:06:98:bc:f9:e1:32:88:cf:9c:
                    ff:3b:ac:b9:6c:da:f8:98:17:1b:8d:77:3f:91:7a:
                    ff:f6:53:65:6b:1d:21:cf:b7:6d:0e:fa:f4:2a:73:
                    ab:30:34:e3:5b:12:af:d1:f8:0c:71:aa:8d:f1:b7:
                    6b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:54:32:E5:2A:12:33:8C:E4:05:47:D0:18:4F:CB:9F:7B:4C:D2:D1
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/iVQy5SoSM4zkBUfQGE_Ln3tM0tE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:33:01:94:54:86:48:29:81:81:ac:d5:0c:47:a1:3c:f6:91:
         35:4e:b0:06:3f:4d:19:6f:e1:47:d8:4e:9d:b1:f4:c0:51:75:
         56:50:9e:01:8f:19:54:39:e0:0d:44:3b:b4:84:16:0d:73:8b:
         a4:db:5c:de:c5:55:4d:c0:1c:76:8b:e9:6f:19:ac:c1:90:f7:
         52:3c:a8:00:dd:91:f5:b7:2a:79:14:5c:7b:5e:1c:3e:5b:04:
         cf:60:a7:af:ed:f2:52:f8:75:14:79:4d:f8:7e:5a:36:0a:aa:
         b3:d2:a1:2c:7e:ba:fd:5f:73:d0:1a:0f:79:77:3c:3d:e1:21:
         d3:eb:5f:99:b1:97:5e:74:d5:d3:f7:c0:a0:51:4c:37:3e:f1:
         85:bb:bd:a1:a2:0f:ec:08:60:1d:78:ad:5f:54:ce:4e:4b:3f:
         85:b3:20:a0:42:9e:a9:e1:2d:b2:ce:e8:04:6d:4d:cc:e4:97:
         1e:22:d3:4b:48:1f:32:2a:09:4b:f4:79:a1:9a:ae:92:28:c0:
         d9:a1:26:ca:a6:30:9d:4b:e0:e6:50:d0:f3:cc:c6:80:40:e0:
         e3:63:08:36:22:dd:fb:90:94:04:4e:db:4b:42:ba:71:56:ef:
         76:94:18:ae:dc:cf:49:87:32:35:ff:e5:e3:ad:12:a8:9c:4a:
         0d:96:77:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvF4Y4o2BYNU2NQ1NihUWupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwMTE2MDgxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTU0MzJlNTJhMTIzMzhjZTQwNTQ3ZDAxODRmY2I5ZjdiNGNkMmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoHsmTUMlPjRrw5qij1U3Ihfp1ES
74clSzaUNe8LnpsasbeXTv6UZgBFXz5kqac8MHxKRuWyROuL3EwvGZGZCB8x0w23
3oGqb4ONTFH+g0Ze0KhpwPOt0gkjMRe6IlIKWgIJGA1/KpZ4st1LspC6qm1EqivM
1gbsF2tOJmatrdXIeIjkmag2JARwsDBNJHwg9kcgB165/YHop+5l5GxVHnyShSgQ
UcJK8rDa9zvWOB9omyRTSUUPCx/Lv7sM2JuDEO3JQL/mmsEGmLz54TKIz5z/O6y5
bNr4mBcbjXc/kXr/9lNlax0hz7dtDvr0KnOrMDTjWxKv0fgMcaqN8bdrbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlUMuUqEjOM5AVH0BhPy597TNLRMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvaVZReTVTb1NNNHprQlVmUUdFX0xuM3RNMHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATijTMA0G
CSqGSIb3DQEBCwUAA4IBAQBmMwGUVIZIKYGBrNUMR6E89pE1TrAGP00Zb+FH2E6d
sfTAUXVWUJ4BjxlUOeANRDu0hBYNc4uk21zexVVNwBx2i+lvGazBkPdSPKgA3ZH1
typ5FFx7Xhw+WwTPYKev7fJS+HUUeU34flo2Cqqz0qEsfrr9X3PQGg95dzw94SHT
61+ZsZdedNXT98CgUUw3PvGFu72hog/sCGAdeK1fVM5OSz+FsyCgQp6p4S2yzugE
bU3M5JceItNLSB8yKglL9Hmhmq6SKMDZoSbKpjCdS+DmUNDzzMaAQODjYwg2It37
kJQETttLQrpxVu92lBiu3M9JhzI1/+XjrRKonEoNlnfk
-----END CERTIFICATE-----