This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/Ib0Ol3nFOYIDYH3957HPZoQwY64.roa
File:                     Ib0Ol3nFOYIDYH3957HPZoQwY64.roa (raw, json)
Hash identifier:          NuhOlS+BLbt/74LFrOD5mSh8QUGvts9CSbc+WHsVsPE=
Subject key identifier:   21:BD:0E:97:79:C5:39:82:03:60:7D:FD:E7:B1:CF:66:84:30:63:AE
Certificate issuer:       /CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
Certificate serial:       019B7C7F5CA5194258D77761D190DCAA38D0
Authority key identifier: 54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/Ib0Ol3nFOYIDYH3957HPZoQwY64.roa
Signing time:             Fri 02 Jan 2026 02:17:59 +0000
ROA not before:           Fri 02 Jan 2026 02:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57773
IP address blocks:        147.78.228.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:5c:a5:19:42:58:d7:77:61:d1:90:dc:aa:38:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
        Validity
            Not Before: Jan  2 02:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21bd0e9779c5398203607dfde7b1cf66843063ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f5:9b:99:80:46:34:e9:14:4f:28:d0:cf:d4:
                    aa:d6:3a:f7:45:5e:99:59:f4:d4:ea:b2:8e:0d:13:
                    06:0f:43:10:84:f9:49:67:75:fe:db:0f:50:0b:d8:
                    fd:f4:b9:54:4b:18:cb:72:ef:0e:46:80:f2:20:0d:
                    52:60:44:ab:e4:94:bd:96:8c:ae:3d:e5:22:fb:a7:
                    e7:4c:04:75:95:5e:2e:35:d3:a3:ed:c3:18:3b:e0:
                    b8:5e:f3:e0:ee:bc:22:77:91:b7:d1:c6:58:dc:d1:
                    8e:59:2b:ec:7a:08:c5:03:d4:85:b3:fa:77:33:9d:
                    e6:8b:ec:0e:d3:2b:d5:36:b9:b0:8a:dd:a7:fd:50:
                    ed:f4:18:8d:8c:06:95:e5:c7:b7:8e:fc:45:bd:b2:
                    7d:87:88:e4:62:62:0d:7c:76:c6:05:65:a7:a3:2e:
                    92:be:ec:75:a9:03:0b:79:ba:b4:f7:e6:c8:d3:24:
                    f9:d9:ee:34:98:7a:45:65:58:32:41:46:11:65:a6:
                    16:bd:19:85:18:b8:0f:66:e8:3f:27:75:7a:a5:3b:
                    c7:78:64:aa:19:2e:31:38:51:99:e2:8a:6a:5f:af:
                    9a:03:d9:40:8b:be:3b:ed:18:a0:54:67:97:64:73:
                    38:09:2e:57:4a:96:d0:95:5a:a2:17:cc:6f:e8:dc:
                    cb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BD:0E:97:79:C5:39:82:03:60:7D:FD:E7:B1:CF:66:84:30:63:AE
            X509v3 Authority Key Identifier:
                keyid:54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/Ib0Ol3nFOYIDYH3957HPZoQwY64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:8e:80:73:a2:de:7b:70:ac:c0:4d:bc:4e:8b:3c:b9:5b:72:
         e9:e2:65:d6:a0:fc:f0:e9:8c:7d:0b:b6:83:c9:ab:3e:8c:57:
         59:61:97:72:da:43:c7:99:c9:52:b8:58:20:5e:0b:0e:41:17:
         0d:94:ba:e3:a8:2b:79:47:cf:6d:6e:22:df:9c:2e:7d:3a:1a:
         1f:7a:ff:06:81:8c:93:05:8a:68:1c:76:4a:c1:7f:8f:99:85:
         41:62:cf:b8:d8:83:76:e8:62:3e:67:8e:d2:04:72:e1:02:f9:
         9c:f1:56:81:14:81:c2:40:97:ec:76:e8:4e:b9:ca:f8:49:23:
         52:f6:fa:18:9f:ef:3e:ea:07:a7:f4:90:f2:6a:c1:e5:21:a6:
         52:3e:14:36:21:2d:79:6e:fe:2f:e1:fe:7e:fd:bc:88:7d:3d:
         c2:eb:64:cb:ca:73:59:6f:17:46:46:81:1e:8e:a5:bc:a2:58:
         3f:7c:b6:2f:37:43:02:4a:2b:61:c2:06:99:a3:a8:39:50:a7:
         6b:83:f3:85:ad:0d:a0:88:2a:16:2c:44:52:d8:9d:58:55:de:
         e2:eb:3f:93:7f:9a:09:c6:57:bb:bd:5b:d0:d7:12:ab:c5:f5:
         49:c9:ff:73:17:38:ca:19:0c:b0:a9:ed:1b:c5:7b:c4:be:11:
         86:a9:45:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f1ylGUJY13dh0ZDcqjjQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjI0ZDg5NWJmOWMwYTVmZDAwMGE0NWEzNDc1MTBiMmEw
ODdmYjgwHhcNMjYwMTAyMDIxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWJkMGU5Nzc5YzUzOTgyMDM2MDdkZmRlN2IxY2Y2Njg0MzA2M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/WbmYBGNOkUTyjQz9Sq1jr3RV6Z
WfTU6rKODRMGD0MQhPlJZ3X+2w9QC9j99LlUSxjLcu8ORoDyIA1SYESr5JS9loyu
PeUi+6fnTAR1lV4uNdOj7cMYO+C4XvPg7rwid5G30cZY3NGOWSvsegjFA9SFs/p3
M53mi+wO0yvVNrmwit2n/VDt9BiNjAaV5ce3jvxFvbJ9h4jkYmINfHbGBWWnoy6S
vux1qQMLebq09+bI0yT52e40mHpFZVgyQUYRZaYWvRmFGLgPZug/J3V6pTvHeGSq
GS4xOFGZ4opqX6+aA9lAi7477RigVGeXZHM4CS5XSpbQlVqiF8xv6NzLswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCG9Dpd5xTmCA2B9/eexz2aEMGOuMB8GA1UdIwQY
MBaAFFSyTYlb+cCl/QAKRaNHUQsqCH+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAt
ZmNiOWJkMDViMWFiLzEvSWIwT2wzbkZPWUlEWUgzOTU3SFBab1F3WTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAtZmNiOWJkMDViMWFi
LzEvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk07kMA0G
CSqGSIb3DQEBCwUAA4IBAQB3joBzot57cKzATbxOizy5W3Lp4mXWoPzw6Yx9C7aD
yas+jFdZYZdy2kPHmclSuFggXgsOQRcNlLrjqCt5R89tbiLfnC59Ohofev8GgYyT
BYpoHHZKwX+PmYVBYs+42IN26GI+Z47SBHLhAvmc8VaBFIHCQJfsduhOucr4SSNS
9voYn+8+6gen9JDyasHlIaZSPhQ2IS15bv4v4f5+/byIfT3C62TLynNZbxdGRoEe
jqW8olg/fLYvN0MCSithwgaZo6g5UKdrg/OFrQ2giCoWLERS2J1YVd7i6z+Tf5oJ
xle7vVvQ1xKrxfVJyf9zFzjKGQywqe0bxXvEvhGGqUWP
-----END CERTIFICATE-----