This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/K28yv_cgVjOds3NvVqEnwY9zXYI.roa
File:                     K28yv_cgVjOds3NvVqEnwY9zXYI.roa (raw, json)
Hash identifier:          Vy6tULxBgDCFg/627qnZHlU9gzXJUDizXEWccLPF+lI=
Subject key identifier:   2B:6F:32:BF:F7:20:56:33:9D:B3:73:6F:56:A1:27:C1:8F:73:5D:82
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019B7D5B230A8C41A957D6A9DB46DA5858DD
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/K28yv_cgVjOds3NvVqEnwY9zXYI.roa
Signing time:             Fri 02 Jan 2026 06:18:03 +0000
ROA not before:           Fri 02 Jan 2026 06:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207172
IP address blocks:        78.128.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:23:0a:8c:41:a9:57:d6:a9:db:46:da:58:58:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 06:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b6f32bff72056339db3736f56a127c18f735d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b9:bd:2b:ee:17:6b:b2:b9:38:92:5e:e2:ce:
                    7d:ea:6d:47:4b:b4:68:2c:8a:c6:ef:b2:b8:83:e7:
                    21:0e:d6:44:0c:02:4d:8c:5d:71:20:c2:28:de:4d:
                    38:11:d7:1b:e1:08:d0:64:75:e6:ba:33:1f:21:a0:
                    9c:10:b6:12:6c:88:08:2d:f9:81:cb:3b:d5:dd:0b:
                    33:dc:53:cf:26:6f:d2:b9:bb:75:57:93:de:86:87:
                    f4:61:2d:6c:7f:da:16:22:f3:7a:ed:92:a0:d6:55:
                    5e:6d:38:ea:57:86:3d:65:b6:4e:59:2e:6f:d8:b7:
                    73:84:21:87:c3:48:d2:18:2e:55:95:9b:53:95:69:
                    e5:60:ec:d9:11:09:8f:75:bf:3b:cc:8d:6c:ed:a0:
                    83:f3:95:31:02:e8:ad:0a:99:9d:8a:a6:e2:b0:4f:
                    7c:1a:b0:23:7a:c2:5a:76:d3:22:79:d1:cc:ae:d6:
                    98:a4:40:ac:ef:20:b8:92:ff:78:7e:ab:87:8a:0a:
                    52:07:61:c8:62:93:8b:bf:8d:e6:e4:0d:0f:18:64:
                    15:a0:e2:35:d5:22:a7:74:9c:f9:9e:31:ac:2b:0d:
                    55:35:6c:66:36:02:9e:17:cd:1b:c2:fc:9c:02:97:
                    c4:ce:94:62:eb:9a:0b:a9:3b:44:41:aa:a9:36:8d:
                    ef:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6F:32:BF:F7:20:56:33:9D:B3:73:6F:56:A1:27:C1:8F:73:5D:82
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/K28yv_cgVjOds3NvVqEnwY9zXYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:50:39:c6:6b:62:fc:5c:5f:66:ac:8d:31:2f:95:eb:b2:fe:
         aa:e6:16:6a:a0:d1:11:83:e9:d5:d0:af:a0:a2:90:68:6a:2b:
         40:ae:52:8b:3e:ff:8e:30:9f:13:f9:ef:bf:f3:6b:3b:6c:f8:
         cf:ea:60:cc:4c:75:ca:40:9a:cc:b2:0a:36:f0:e9:7f:ca:0b:
         dd:ae:3e:1b:37:9d:4e:fa:15:b9:ef:9d:4e:96:cf:87:18:d2:
         6e:a3:c2:71:1d:b7:aa:36:0a:43:7b:a2:13:da:7d:b8:bc:86:
         1e:63:fb:86:4b:2e:cc:d1:a1:f7:64:07:bd:e6:ba:82:6b:89:
         47:ec:fa:87:16:15:de:5c:92:6a:85:ad:bc:1c:b0:ac:52:08:
         63:17:35:6d:22:59:a9:5f:15:f0:db:dd:be:23:f8:72:e6:66:
         55:f6:0c:b9:e0:b3:15:36:6f:f0:f4:b3:87:6c:5c:80:dd:9e:
         92:c8:7a:f4:75:f6:29:97:bb:9b:b6:f7:41:26:e0:5d:11:19:
         0b:f4:ce:0b:05:25:db:af:7c:5a:61:21:5e:5c:5e:8d:ee:4c:
         c7:93:ac:23:14:41:f9:77:d6:e7:d9:a6:06:3d:bf:c0:9f:bc:
         62:00:5f:28:af:67:f5:6b:d4:e7:9e:4b:40:72:02:03:6e:43:
         5e:82:b1:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WyMKjEGpV9ap20baWFjdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMTAyMDYxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjZmMzJiZmY3MjA1NjMzOWRiMzczNmY1NmExMjdjMThmNzM1ZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrm9K+4Xa7K5OJJe4s596m1HS7Ro
LIrG77K4g+chDtZEDAJNjF1xIMIo3k04Edcb4QjQZHXmujMfIaCcELYSbIgILfmB
yzvV3Qsz3FPPJm/Subt1V5Pehof0YS1sf9oWIvN67ZKg1lVebTjqV4Y9ZbZOWS5v
2LdzhCGHw0jSGC5VlZtTlWnlYOzZEQmPdb87zI1s7aCD85UxAuitCpmdiqbisE98
GrAjesJadtMiedHMrtaYpECs7yC4kv94fquHigpSB2HIYpOLv43m5A0PGGQVoOI1
1SKndJz5njGsKw1VNWxmNgKeF80bwvycApfEzpRi65oLqTtEQaqpNo3vYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtvMr/3IFYznbNzb1ahJ8GPc12CMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvSzI4eXZfY2dWak9kczNOdlZxRW53WTl6WFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToBJMA0G
CSqGSIb3DQEBCwUAA4IBAQBnUDnGa2L8XF9mrI0xL5Xrsv6q5hZqoNERg+nV0K+g
opBoaitArlKLPv+OMJ8T+e+/82s7bPjP6mDMTHXKQJrMsgo28Ol/ygvdrj4bN51O
+hW5751Ols+HGNJuo8JxHbeqNgpDe6IT2n24vIYeY/uGSy7M0aH3ZAe95rqCa4lH
7PqHFhXeXJJqha28HLCsUghjFzVtIlmpXxXw292+I/hy5mZV9gy54LMVNm/w9LOH
bFyA3Z6SyHr0dfYpl7ubtvdBJuBdERkL9M4LBSXbr3xaYSFeXF6N7kzHk6wjFEH5
d9bn2aYGPb/An7xiAF8or2f1a9TnnktAcgIDbkNegrF1
-----END CERTIFICATE-----