This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/nb0hXlBPQhPWTuMEqZzkSxkwpXI.roa
File:                     nb0hXlBPQhPWTuMEqZzkSxkwpXI.roa (raw, json)
Hash identifier:          55gzjqx5n4gyySLdEurC8vvFbXFEosab3sYhqOZ+WA8=
Subject key identifier:   9D:BD:21:5E:50:4F:42:13:D6:4E:E3:04:A9:9C:E4:4B:19:30:A5:72
Certificate issuer:       /CN=c4b1b458abf797dedcc661e54a685f651834b5d1
Certificate serial:       019B7B35F8716D2E9EE0FF7C91C4F407F39C
Authority key identifier: C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/nb0hXlBPQhPWTuMEqZzkSxkwpXI.roa
Signing time:             Thu 01 Jan 2026 20:18:13 +0000
ROA not before:           Thu 01 Jan 2026 20:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41685
IP address blocks:        78.25.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f8:71:6d:2e:9e:e0:ff:7c:91:c4:f4:07:f3:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b1b458abf797dedcc661e54a685f651834b5d1
        Validity
            Not Before: Jan  1 20:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dbd215e504f4213d64ee304a99ce44b1930a572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:be:64:64:59:7a:3d:56:c6:73:98:b3:a6:9b:
                    d4:6e:72:78:fb:71:42:45:14:67:0b:34:4a:1d:b9:
                    b9:59:8d:d3:96:bc:ff:b4:12:4d:59:d7:5a:20:53:
                    25:16:04:d4:35:db:a1:89:a6:65:17:c8:3e:f4:d8:
                    72:0d:b3:7a:45:1c:ec:7a:ff:0b:22:88:2a:e2:c4:
                    5d:7e:5c:3b:5d:1c:e0:26:43:26:3f:39:36:b6:fc:
                    9a:84:59:4e:a7:d4:fc:d5:ae:56:44:d9:ab:19:56:
                    f4:66:ad:19:06:81:7f:f0:e5:e6:91:f4:3b:be:e4:
                    f2:50:74:2e:be:da:81:6d:58:d7:77:18:55:d6:33:
                    b9:19:e3:b3:7e:06:ac:38:32:24:98:9d:5d:cc:52:
                    c0:09:74:a2:72:dc:ec:37:61:10:2c:0f:99:67:b2:
                    00:13:e6:18:20:2f:f2:2f:4e:2e:e0:c4:83:ca:2b:
                    54:13:d5:eb:d8:60:0d:2e:b0:57:a5:44:32:3d:8e:
                    3c:96:5f:b5:4b:ba:ac:51:de:b8:0a:c4:41:f3:e1:
                    5b:ed:09:0a:54:2e:1b:6c:ca:da:8f:be:0b:c8:6d:
                    4b:44:9f:1b:27:9c:6c:1f:c1:46:8c:64:f0:de:f5:
                    d6:ba:9c:72:52:46:4f:42:40:23:b0:cb:2e:2f:74:
                    d1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:BD:21:5E:50:4F:42:13:D6:4E:E3:04:A9:9C:E4:4B:19:30:A5:72
            X509v3 Authority Key Identifier:
                keyid:C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/nb0hXlBPQhPWTuMEqZzkSxkwpXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.25.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:ea:f6:76:ef:84:d1:8e:62:b6:2a:34:33:4f:60:aa:ec:d6:
         96:70:b2:ed:03:ab:46:c1:30:4a:93:5e:f6:1c:db:95:84:d4:
         46:f4:d0:b0:c6:6f:5a:31:bb:4a:94:63:d1:61:f9:24:5a:20:
         58:6c:6a:f9:90:48:c2:54:7d:4f:a6:d1:d4:62:4b:a3:5b:a7:
         2f:d3:c3:8d:d7:e1:ef:3e:89:46:78:66:a5:6b:95:5d:98:50:
         d2:b3:00:7c:b3:d0:45:4d:3c:1c:43:3e:da:ec:3c:29:76:3f:
         df:85:f3:14:04:2d:d1:b2:b4:4a:11:7b:5e:dd:57:ac:be:18:
         08:64:0f:97:27:26:df:9b:74:fd:20:26:78:76:64:00:da:b8:
         71:5b:1e:39:43:83:a2:64:10:50:6d:24:8a:bf:4e:8d:c8:c7:
         aa:06:33:1b:fe:c9:83:ee:f9:87:6e:38:52:75:ea:a2:50:d8:
         4e:68:44:a4:04:4c:3b:c1:82:99:e2:7a:aa:a7:81:35:66:be:
         b5:7b:72:81:cf:77:72:2a:b0:fc:f6:b0:1f:b7:c3:df:fb:be:
         41:a6:67:8c:76:c9:ba:d1:4c:bb:ae:ce:17:d7:c9:45:62:81:
         22:a2:5e:fe:2b:c1:fc:c2:b0:09:ad:41:dc:36:c5:6d:61:aa:
         5b:ca:c6:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfhxbS6e4P98kcT0B/OcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjFiNDU4YWJmNzk3ZGVkY2M2NjFlNTRhNjg1ZjY1MTgz
NGI1ZDEwHhcNMjYwMTAxMjAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGJkMjE1ZTUwNGY0MjEzZDY0ZWUzMDRhOTljZTQ0YjE5MzBhNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA475kZFl6PVbGc5izppvUbnJ4+3FC
RRRnCzRKHbm5WY3Tlrz/tBJNWddaIFMlFgTUNduhiaZlF8g+9NhyDbN6RRzsev8L
Iogq4sRdflw7XRzgJkMmPzk2tvyahFlOp9T81a5WRNmrGVb0Zq0ZBoF/8OXmkfQ7
vuTyUHQuvtqBbVjXdxhV1jO5GeOzfgasODIkmJ1dzFLACXSictzsN2EQLA+ZZ7IA
E+YYIC/yL04u4MSDyitUE9Xr2GANLrBXpUQyPY48ll+1S7qsUd64CsRB8+Fb7QkK
VC4bbMraj74LyG1LRJ8bJ5xsH8FGjGTw3vXWupxyUkZPQkAjsMsuL3TRqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ29IV5QT0IT1k7jBKmc5EsZMKVyMB8GA1UdIwQY
MBaAFMSxtFir95fe3MZh5UpoX2UYNLXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2Yt
ZWM1OGEzMTI1ZWU1LzEvbmIwaFhsQlBRaFBXVHVNRXFaemtTeGt3cFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2YtZWM1OGEzMTI1ZWU1
LzEveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThkBMA0G
CSqGSIb3DQEBCwUAA4IBAQAN6vZ274TRjmK2KjQzT2Cq7NaWcLLtA6tGwTBKk172
HNuVhNRG9NCwxm9aMbtKlGPRYfkkWiBYbGr5kEjCVH1PptHUYkujW6cv08ON1+Hv
PolGeGala5VdmFDSswB8s9BFTTwcQz7a7Dwpdj/fhfMUBC3RsrRKEXte3VesvhgI
ZA+XJybfm3T9ICZ4dmQA2rhxWx45Q4OiZBBQbSSKv06NyMeqBjMb/smD7vmHbjhS
deqiUNhOaESkBEw7wYKZ4nqqp4E1Zr61e3KBz3dyKrD89rAft8Pf+75BpmeMdsm6
0Uy7rs4X18lFYoEiol7+K8H8wrAJrUHcNsVtYapbysZ2
-----END CERTIFICATE-----