This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/gMnpon_uc7TECYdi4Xq3ritA6cU.roa
File:                     gMnpon_uc7TECYdi4Xq3ritA6cU.roa (raw, json)
Hash identifier:          fN1L60lovMAodGst/DFbarnO5Vi1Y/aA7uPpRTHCdHw=
Subject key identifier:   80:C9:E9:A2:7F:EE:73:B4:C4:09:87:62:E1:7A:B7:AE:2B:40:E9:C5
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019B7D5B185ED52DE1EDEBC5ACA899914CF4
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/gMnpon_uc7TECYdi4Xq3ritA6cU.roa
Signing time:             Fri 02 Jan 2026 06:18:00 +0000
ROA not before:           Fri 02 Jan 2026 06:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200459
IP address blocks:        78.142.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:18:5e:d5:2d:e1:ed:eb:c5:ac:a8:99:91:4c:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 06:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80c9e9a27fee73b4c4098762e17ab7ae2b40e9c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7f:af:05:9b:da:4c:99:73:e7:2a:a0:a4:8f:
                    d8:4a:90:25:e3:dd:72:59:34:6d:41:11:86:16:56:
                    18:50:79:81:09:0e:ea:82:d6:24:b0:e1:d4:06:79:
                    bf:27:56:ba:bc:1d:e2:45:6e:0e:56:30:cb:75:a8:
                    a8:59:af:63:e9:20:d4:fa:5c:b1:41:93:ef:fd:04:
                    cd:0c:e5:81:80:d2:16:b5:43:90:4b:e7:5b:47:6a:
                    cc:de:9a:c7:fc:b3:a1:7b:76:7f:6d:2d:d3:b6:16:
                    95:51:20:21:79:a9:84:2a:36:d4:ff:26:6d:3c:9d:
                    42:ee:56:cb:65:d6:17:84:ef:30:5b:6f:7e:f7:f4:
                    7e:0e:a1:61:ca:fa:5e:2d:64:20:34:66:7a:11:d6:
                    39:3d:c6:f6:c4:a6:74:fd:9b:c8:20:4c:7c:2d:45:
                    38:dc:45:85:a6:66:d3:dd:f2:16:24:45:d6:fa:27:
                    cf:0f:7e:a6:0f:fd:dc:5b:44:97:77:b9:ff:c4:b4:
                    b7:85:08:c9:46:03:1a:4b:99:a1:a7:a3:a6:c6:fa:
                    8f:87:03:01:aa:aa:3f:31:02:5a:c4:d8:c6:5d:5b:
                    3a:4c:10:4c:d2:2c:ef:59:43:c0:30:46:e6:18:f0:
                    6d:d6:4b:4a:18:d4:a2:3a:f6:9c:50:4f:fd:f3:d6:
                    38:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C9:E9:A2:7F:EE:73:B4:C4:09:87:62:E1:7A:B7:AE:2B:40:E9:C5
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/gMnpon_uc7TECYdi4Xq3ritA6cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:26:a9:77:09:49:00:f4:bc:e1:6b:0d:f1:c2:01:05:28:7f:
         9b:73:19:21:68:37:de:9d:48:66:0b:c1:46:1a:87:eb:7c:60:
         5d:9d:89:19:19:aa:73:52:15:9c:38:15:32:45:83:b0:5a:ef:
         21:35:29:c2:d0:48:c9:e6:02:3f:9b:09:a5:08:a8:b4:8f:e4:
         78:7e:ac:bb:56:6a:be:21:78:9f:3a:8f:78:42:54:9c:52:ab:
         09:b3:02:c4:90:1c:01:67:5c:ce:34:59:99:84:6e:a6:bb:ae:
         8e:bc:12:da:a2:83:a0:b9:39:02:13:c5:b6:bb:26:04:e7:62:
         69:80:a3:74:15:ff:df:53:cb:50:eb:1f:6c:43:0c:be:a1:8a:
         33:85:fb:f1:3d:36:36:c0:c4:ec:90:8c:69:dc:fe:87:49:67:
         8d:de:93:d1:89:72:23:57:f3:b2:87:05:30:19:d0:e5:43:d4:
         4b:4e:3a:80:c3:0f:f1:61:c2:7d:81:7f:c6:fc:d0:4b:21:6c:
         e5:d3:2e:04:bf:8e:54:24:a9:e7:07:ea:78:fe:e7:32:6b:ad:
         2e:d6:0b:a3:3e:91:69:9e:4e:7f:e5:c1:fb:73:4f:e4:b3:ec:
         bd:ba:95:1a:57:24:72:36:8e:57:42:e2:47:d0:5b:9f:31:6f:
         fd:af:37:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wxhe1S3h7evFrKiZkUz0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMTAyMDYxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGM5ZTlhMjdmZWU3M2I0YzQwOTg3NjJlMTdhYjdhZTJiNDBlOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX+vBZvaTJlz5yqgpI/YSpAl491y
WTRtQRGGFlYYUHmBCQ7qgtYksOHUBnm/J1a6vB3iRW4OVjDLdaioWa9j6SDU+lyx
QZPv/QTNDOWBgNIWtUOQS+dbR2rM3prH/LOhe3Z/bS3TthaVUSAheamEKjbU/yZt
PJ1C7lbLZdYXhO8wW29+9/R+DqFhyvpeLWQgNGZ6EdY5Pcb2xKZ0/ZvIIEx8LUU4
3EWFpmbT3fIWJEXW+ifPD36mD/3cW0SXd7n/xLS3hQjJRgMaS5mhp6OmxvqPhwMB
qqo/MQJaxNjGXVs6TBBM0izvWUPAMEbmGPBt1ktKGNSiOvacUE/989Y4bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDJ6aJ/7nO0xAmHYuF6t64rQOnFMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvZ01ucG9uX3VjN1RFQ1lkaTRYcTNyaXRBNmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo4CMA0G
CSqGSIb3DQEBCwUAA4IBAQAOJql3CUkA9Lzhaw3xwgEFKH+bcxkhaDfenUhmC8FG
GofrfGBdnYkZGapzUhWcOBUyRYOwWu8hNSnC0EjJ5gI/mwmlCKi0j+R4fqy7Vmq+
IXifOo94QlScUqsJswLEkBwBZ1zONFmZhG6mu66OvBLaooOguTkCE8W2uyYE52Jp
gKN0Ff/fU8tQ6x9sQwy+oYozhfvxPTY2wMTskIxp3P6HSWeN3pPRiXIjV/OyhwUw
GdDlQ9RLTjqAww/xYcJ9gX/G/NBLIWzl0y4Ev45UJKnnB+p4/ucya60u1gujPpFp
nk5/5cH7c0/ks+y9upUaVyRyNo5XQuJH0FufMW/9rzd1
-----END CERTIFICATE-----