This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/hwEYkWKezFU1S6DS8A0TF6JXUos.roa
File:                     hwEYkWKezFU1S6DS8A0TF6JXUos.roa (raw, json)
Hash identifier:          dJKRSf7F67Dm6ZGKlb7G6KP8NQfxdE863RZT2JIwE9k=
Subject key identifier:   87:01:18:91:62:9E:CC:55:35:4B:A0:D2:F0:0D:13:17:A2:57:52:8B
Certificate issuer:       /CN=c4b1b458abf797dedcc661e54a685f651834b5d1
Certificate serial:       019B7B35F8C3EB91FEDC64F14FA299DF31C5
Authority key identifier: C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/hwEYkWKezFU1S6DS8A0TF6JXUos.roa
Signing time:             Thu 01 Jan 2026 20:18:13 +0000
ROA not before:           Thu 01 Jan 2026 20:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196906
IP address blocks:        78.25.4.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f8:c3:eb:91:fe:dc:64:f1:4f:a2:99:df:31:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b1b458abf797dedcc661e54a685f651834b5d1
        Validity
            Not Before: Jan  1 20:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87011891629ecc55354ba0d2f00d1317a257528b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:eb:83:db:f1:14:92:06:de:03:93:9b:91:b1:
                    8f:b1:07:0f:59:6b:43:51:3a:6e:0b:ed:2b:2c:14:
                    d4:3e:fd:6d:6f:9f:65:35:8d:3d:7e:5d:b3:58:f9:
                    a6:36:ee:97:c6:d5:97:a9:0b:d3:95:6c:1c:8c:43:
                    7a:31:e2:fc:a7:02:37:eb:3b:e9:13:3a:9b:27:a2:
                    9f:ee:d3:d1:c5:94:c1:c4:80:6c:ef:6a:b7:81:68:
                    99:70:1b:38:fd:13:7d:10:b7:8f:4b:2e:c6:75:06:
                    7c:8f:ee:40:54:86:0e:8d:fd:b2:0a:e8:04:24:0d:
                    51:64:95:a5:e4:17:6a:8e:15:d4:d4:e5:1e:9b:b1:
                    2d:e2:7d:85:4f:22:88:6d:02:26:c9:98:ce:65:2a:
                    80:f8:a9:8e:7f:3f:2b:05:ce:78:3d:92:8f:fa:6f:
                    fd:95:2f:8d:0f:9a:07:0b:a3:d8:db:3d:f1:bc:8d:
                    e7:33:7b:cb:77:a6:91:b6:72:8b:85:a3:29:16:ca:
                    67:33:be:1b:7e:79:92:df:ae:4d:26:51:af:4a:86:
                    ea:4b:fa:74:7c:67:4e:24:1c:93:d9:fb:a5:33:da:
                    98:03:5f:37:df:e0:a2:0d:39:58:56:68:c3:2d:09:
                    8f:cd:48:27:98:17:62:72:ba:3b:d0:89:29:89:01:
                    fc:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:01:18:91:62:9E:CC:55:35:4B:A0:D2:F0:0D:13:17:A2:57:52:8B
            X509v3 Authority Key Identifier:
                keyid:C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/hwEYkWKezFU1S6DS8A0TF6JXUos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.25.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:77:f4:dc:50:1a:3e:ee:1f:f3:5d:0a:fc:0a:5e:df:1b:6b:
         59:31:f6:42:64:5f:17:93:84:6b:b9:08:85:97:c4:22:4d:ef:
         74:80:e5:f7:c8:73:b6:ee:4d:f3:f4:11:77:71:33:74:0c:ab:
         06:5b:d0:cb:0e:ef:13:a6:24:dd:47:08:08:79:46:55:cd:3b:
         75:45:2b:9b:16:bd:ac:e0:93:76:6c:32:01:c6:4f:66:33:e4:
         f5:b0:06:3e:c6:07:2e:77:52:fb:ce:aa:2f:98:aa:8c:76:fb:
         87:b1:a1:bb:d1:f6:49:e0:e2:87:2d:62:ca:24:e1:31:6e:4c:
         ee:84:4d:f9:7e:26:1a:91:94:0e:09:12:76:ed:41:8b:18:6a:
         15:52:62:98:c5:15:c4:cb:8c:de:fb:85:78:96:88:ae:84:1c:
         03:a2:d8:76:c1:2c:44:a5:91:26:34:68:9a:fe:e0:f7:80:5d:
         e0:0a:1d:ed:e0:41:89:64:3c:f5:bb:03:aa:03:57:2e:60:8c:
         d6:70:a3:53:bd:7c:04:a3:68:bd:8e:d1:70:ec:8e:12:d7:b3:
         82:29:28:77:58:98:3a:45:16:a3:2d:2e:c0:b2:ef:f1:a4:95:
         12:04:36:59:d1:db:5f:37:76:57:70:78:e2:03:31:0f:2c:bd:
         57:ce:e1:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfjD65H+3GTxT6KZ3zHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjFiNDU4YWJmNzk3ZGVkY2M2NjFlNTRhNjg1ZjY1MTgz
NGI1ZDEwHhcNMjYwMTAxMjAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzAxMTg5MTYyOWVjYzU1MzU0YmEwZDJmMDBkMTMxN2EyNTc1MjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+uD2/EUkgbeA5ObkbGPsQcPWWtD
UTpuC+0rLBTUPv1tb59lNY09fl2zWPmmNu6XxtWXqQvTlWwcjEN6MeL8pwI36zvp
EzqbJ6Kf7tPRxZTBxIBs72q3gWiZcBs4/RN9ELePSy7GdQZ8j+5AVIYOjf2yCugE
JA1RZJWl5BdqjhXU1OUem7Et4n2FTyKIbQImyZjOZSqA+KmOfz8rBc54PZKP+m/9
lS+ND5oHC6PY2z3xvI3nM3vLd6aRtnKLhaMpFspnM74bfnmS365NJlGvSobqS/p0
fGdOJByT2fulM9qYA1833+CiDTlYVmjDLQmPzUgnmBdicro70IkpiQH8NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcBGJFinsxVNUug0vANExeiV1KLMB8GA1UdIwQY
MBaAFMSxtFir95fe3MZh5UpoX2UYNLXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2Yt
ZWM1OGEzMTI1ZWU1LzEvaHdFWWtXS2V6RlUxUzZEUzhBMFRGNkpYVW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2YtZWM1OGEzMTI1ZWU1
LzEveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThkEMA0G
CSqGSIb3DQEBCwUAA4IBAQAPd/TcUBo+7h/zXQr8Cl7fG2tZMfZCZF8Xk4RruQiF
l8QiTe90gOX3yHO27k3z9BF3cTN0DKsGW9DLDu8TpiTdRwgIeUZVzTt1RSubFr2s
4JN2bDIBxk9mM+T1sAY+xgcud1L7zqovmKqMdvuHsaG70fZJ4OKHLWLKJOExbkzu
hE35fiYakZQOCRJ27UGLGGoVUmKYxRXEy4ze+4V4loiuhBwDoth2wSxEpZEmNGia
/uD3gF3gCh3t4EGJZDz1uwOqA1cuYIzWcKNTvXwEo2i9jtFw7I4S17OCKSh3WJg6
RRajLS7Asu/xpJUSBDZZ0dtfN3ZXcHjiAzEPLL1XzuHv
-----END CERTIFICATE-----