This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/vHJI_V1koWk_BvwK1njfPWWkxqM.roa
File:                     vHJI_V1koWk_BvwK1njfPWWkxqM.roa (raw, json)
Hash identifier:          jwRcQRvR6Az+iXcPkGYLsjnX2xgKxhjx3qipCyzt+oA=
Subject key identifier:   BC:72:48:FD:5D:64:A1:69:3F:06:FC:0A:D6:78:DF:3D:65:A4:C6:A3
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019B7F160AFACC0A442DD66716B0A4F15287
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/vHJI_V1koWk_BvwK1njfPWWkxqM.roa
Signing time:             Fri 02 Jan 2026 14:21:49 +0000
ROA not before:           Fri 02 Jan 2026 14:21:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137517
IP address blocks:        178.239.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:16:0a:fa:cc:0a:44:2d:d6:67:16:b0:a4:f1:52:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jan  2 14:21:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc7248fd5d64a1693f06fc0ad678df3d65a4c6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:83:69:07:13:35:82:bc:a2:1d:03:65:81:df:
                    14:55:15:1b:60:0f:89:1d:10:e8:7f:f1:b0:9c:41:
                    6d:69:76:d7:e4:52:55:a4:2a:0d:f8:4a:99:55:7e:
                    b5:28:95:42:46:00:98:23:d3:52:eb:d2:b1:f9:e1:
                    28:2a:72:27:74:b6:9c:80:ee:d4:3c:95:b1:00:c0:
                    c9:a8:a4:81:39:6e:2e:8e:48:83:06:53:7f:f8:2c:
                    33:63:f9:83:2b:6f:5f:6c:13:39:87:a8:4d:ec:0d:
                    ad:fe:da:ae:e9:69:22:38:08:8e:39:bf:58:8b:e6:
                    38:40:1a:29:f5:38:7a:ae:1d:1e:35:9a:34:2a:1c:
                    d7:81:d6:d2:27:fa:ce:34:3e:00:4f:09:87:b0:0f:
                    3f:45:1a:f4:56:9b:11:f7:e5:b2:58:09:2b:e1:03:
                    01:d2:00:8a:ef:cc:1b:de:f6:b8:48:a4:31:78:22:
                    03:fa:63:32:4c:f3:13:75:c5:67:86:5e:2a:6b:16:
                    f3:de:8b:a1:88:45:f2:93:c6:fc:14:e0:a2:2b:3c:
                    55:83:3f:67:8c:18:b3:c7:69:43:c9:ff:08:f4:d6:
                    5b:d6:b4:f1:46:a7:8a:a0:65:c8:a2:a4:f5:54:da:
                    30:ff:e8:e9:42:c3:b9:0b:03:1d:ca:44:c1:8d:c9:
                    e9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:72:48:FD:5D:64:A1:69:3F:06:FC:0A:D6:78:DF:3D:65:A4:C6:A3
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/vHJI_V1koWk_BvwK1njfPWWkxqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:b5:fe:a1:b1:75:e1:7e:f1:d5:9b:f7:e4:00:aa:ea:5c:af:
         fa:c3:94:e5:86:f6:7b:10:83:3d:91:31:79:1a:84:95:09:39:
         a4:f7:6d:6f:73:3b:ac:5a:04:8e:74:bb:22:50:be:93:be:fd:
         dc:b5:d4:08:55:17:51:d7:dc:63:56:8e:01:ee:1f:72:49:84:
         56:28:ea:e0:fc:74:3b:7b:59:5b:f2:3e:b4:19:73:38:93:3d:
         a4:34:a7:ca:f4:95:c2:2b:c3:2a:25:e7:83:2e:d1:a0:d9:d5:
         9f:f6:1f:77:19:21:93:ea:fd:71:37:da:5d:bc:81:0d:de:54:
         8d:8d:8f:69:a9:b6:2c:6b:23:a3:85:24:37:2c:bc:54:05:80:
         59:c2:b7:b1:1e:a3:73:05:b8:2b:0d:ab:4a:9e:ec:b1:b9:58:
         d8:da:a3:63:11:35:fc:df:66:69:68:d6:b9:82:f9:08:61:00:
         9c:02:2a:38:28:6c:77:96:b6:f4:b0:c4:8b:36:5b:20:cf:6e:
         25:0f:c7:cd:57:5b:6e:d9:10:ad:4d:84:e8:15:fb:e6:4b:5b:
         96:5d:15:9f:af:16:4a:cc:77:83:66:3a:90:98:31:b4:64:a1:
         eb:a9:92:8f:65:3e:81:7b:5c:2b:48:63:f9:35:b7:f2:56:c6:
         9b:40:44:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Fgr6zApELdZnFrCk8VKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMTAyMTQyMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzcyNDhmZDVkNjRhMTY5M2YwNmZjMGFkNjc4ZGYzZDY1YTRjNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroNpBxM1gryiHQNlgd8UVRUbYA+J
HRDof/GwnEFtaXbX5FJVpCoN+EqZVX61KJVCRgCYI9NS69Kx+eEoKnIndLacgO7U
PJWxAMDJqKSBOW4ujkiDBlN/+CwzY/mDK29fbBM5h6hN7A2t/tqu6WkiOAiOOb9Y
i+Y4QBop9Th6rh0eNZo0KhzXgdbSJ/rOND4ATwmHsA8/RRr0VpsR9+WyWAkr4QMB
0gCK78wb3va4SKQxeCID+mMyTPMTdcVnhl4qaxbz3ouhiEXyk8b8FOCiKzxVgz9n
jBizx2lDyf8I9NZb1rTxRqeKoGXIoqT1VNow/+jpQsO5CwMdykTBjcnpnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxySP1dZKFpPwb8CtZ43z1lpMajMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvdkhKSV9WMWtvV2tfQnZ3SzFuamZQV1dreHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu92MA0G
CSqGSIb3DQEBCwUAA4IBAQB+tf6hsXXhfvHVm/fkAKrqXK/6w5TlhvZ7EIM9kTF5
GoSVCTmk921vczusWgSOdLsiUL6Tvv3ctdQIVRdR19xjVo4B7h9ySYRWKOrg/HQ7
e1lb8j60GXM4kz2kNKfK9JXCK8MqJeeDLtGg2dWf9h93GSGT6v1xN9pdvIEN3lSN
jY9pqbYsayOjhSQ3LLxUBYBZwrexHqNzBbgrDatKnuyxuVjY2qNjETX832ZpaNa5
gvkIYQCcAio4KGx3lrb0sMSLNlsgz24lD8fNV1tu2RCtTYToFfvmS1uWXRWfrxZK
zHeDZjqQmDG0ZKHrqZKPZT6Be1wrSGP5NbfyVsabQETt
-----END CERTIFICATE-----