This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/RFhuYca-2BLsOJC5FUUtODyIGvY.roa
File:                     RFhuYca-2BLsOJC5FUUtODyIGvY.roa (raw, json)
Hash identifier:          Nh3ytgbeyYtpQhtOC/Je738DPP1mjkXaReNG/81eLrI=
Subject key identifier:   44:58:6E:61:C6:BE:D8:12:EC:38:90:B9:15:45:2D:38:3C:88:1A:F6
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019B797EDB96C65E3877AFBCB73314FD7810
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/RFhuYca-2BLsOJC5FUUtODyIGvY.roa
Signing time:             Thu 01 Jan 2026 12:18:35 +0000
ROA not before:           Thu 01 Jan 2026 12:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210024
IP address blocks:        92.247.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:db:96:c6:5e:38:77:af:bc:b7:33:14:fd:78:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 12:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44586e61c6bed812ec3890b915452d383c881af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a7:7a:88:43:cd:7a:af:9e:62:f0:97:c6:37:
                    a2:62:fe:ac:d3:0f:22:ee:28:d4:e7:86:df:e9:63:
                    d6:58:39:79:90:f0:bb:58:52:36:90:f6:f0:cb:69:
                    dd:be:2c:41:4a:6c:1e:f7:96:e8:1b:cf:a3:df:3f:
                    eb:44:7a:3e:34:1e:8f:fe:bf:2e:6a:cb:8c:43:83:
                    be:bc:5f:80:23:9b:34:9c:ec:39:e6:24:cd:53:2c:
                    a0:d0:0b:57:04:62:23:3c:e6:5c:ff:99:ab:b7:00:
                    4d:99:fd:83:ab:d4:ab:ae:a5:c8:6c:32:46:b2:3a:
                    ac:02:1d:c9:4e:68:3d:a0:dd:0a:67:3d:f2:7a:85:
                    64:92:03:04:a1:1e:49:db:db:48:3b:d0:4d:33:2f:
                    ba:bb:6f:0a:cb:14:7c:e3:34:cf:4f:89:f2:ef:b4:
                    21:b7:07:6d:5a:84:28:68:47:84:bc:39:34:ae:9b:
                    87:11:77:3b:26:9d:e9:73:d8:4e:c9:ef:06:3a:b1:
                    cf:51:08:0b:74:c5:7f:62:96:dd:6f:ce:37:57:6d:
                    b8:84:f6:69:69:3e:20:c1:05:39:04:d3:43:53:7e:
                    03:31:bd:48:74:a4:cc:5d:88:33:be:d2:dc:5f:c5:
                    72:13:50:a2:55:f3:cd:1e:68:bc:db:06:28:52:ad:
                    80:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:58:6E:61:C6:BE:D8:12:EC:38:90:B9:15:45:2D:38:3C:88:1A:F6
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/RFhuYca-2BLsOJC5FUUtODyIGvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.247.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:83:2e:37:3b:29:fd:83:a2:1b:73:58:d3:73:6b:06:ab:13:
         e2:0f:84:0c:e4:d7:bb:56:66:f9:38:b7:6d:6e:f1:e0:aa:71:
         d5:00:02:56:ab:d9:34:ee:3c:76:e5:0a:39:22:23:d3:ab:ac:
         2e:45:b5:b4:7c:ee:a2:58:3a:85:30:9d:2e:eb:bb:25:9b:72:
         66:a8:a6:ef:1b:ee:ae:e0:03:f3:a1:5d:25:f0:ba:a8:47:9d:
         d3:27:3c:20:4b:11:db:9a:d3:7e:02:5f:a2:19:f8:f9:9f:53:
         f2:7b:fa:02:0b:0f:67:da:d5:75:df:f6:a7:c3:f6:c2:69:eb:
         7d:d1:ec:44:3c:66:47:d1:60:e4:38:0c:a1:b9:31:ac:94:78:
         32:79:24:de:4a:22:01:66:bd:04:84:7c:48:2a:0b:b5:64:fe:
         ae:dc:54:97:c3:62:4a:c6:0a:eb:ea:55:0c:dd:0b:e4:21:40:
         fe:c6:96:25:81:3c:35:fb:e1:3c:37:6f:75:f9:8d:b8:a5:86:
         ff:dd:a0:cc:4c:da:e3:3f:c0:66:c8:a0:89:f3:bb:f2:06:47:
         d1:8c:10:d0:cf:7d:18:75:b9:d1:95:af:83:89:59:86:fa:4b:
         42:1b:fe:42:8c:90:d5:70:70:d6:53:59:10:fa:6c:cd:3c:09:
         ac:f5:1f:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ftuWxl44d6+8tzMU/XgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMTAxMTIxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDU4NmU2MWM2YmVkODEyZWMzODkwYjkxNTQ1MmQzODNjODgxYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyad6iEPNeq+eYvCXxjeiYv6s0w8i
7ijU54bf6WPWWDl5kPC7WFI2kPbwy2ndvixBSmwe95boG8+j3z/rRHo+NB6P/r8u
asuMQ4O+vF+AI5s0nOw55iTNUyyg0AtXBGIjPOZc/5mrtwBNmf2Dq9SrrqXIbDJG
sjqsAh3JTmg9oN0KZz3yeoVkkgMEoR5J29tIO9BNMy+6u28KyxR84zTPT4ny77Qh
twdtWoQoaEeEvDk0rpuHEXc7Jp3pc9hOye8GOrHPUQgLdMV/Ypbdb843V224hPZp
aT4gwQU5BNNDU34DMb1IdKTMXYgzvtLcX8VyE1CiVfPNHmi82wYoUq2AWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERYbmHGvtgS7DiQuRVFLTg8iBr2MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvUkZodVljYS0yQkxzT0pDNUZVVXRPRHlJR3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXPdOMA0G
CSqGSIb3DQEBCwUAA4IBAQBmgy43Oyn9g6Ibc1jTc2sGqxPiD4QM5Ne7Vmb5OLdt
bvHgqnHVAAJWq9k07jx25Qo5IiPTq6wuRbW0fO6iWDqFMJ0u67slm3JmqKbvG+6u
4APzoV0l8LqoR53TJzwgSxHbmtN+Al+iGfj5n1Pye/oCCw9n2tV13/anw/bCaet9
0exEPGZH0WDkOAyhuTGslHgyeSTeSiIBZr0EhHxIKgu1ZP6u3FSXw2JKxgrr6lUM
3QvkIUD+xpYlgTw1++E8N291+Y24pYb/3aDMTNrjP8BmyKCJ87vyBkfRjBDQz30Y
dbnRla+DiVmG+ktCG/5CjJDVcHDWU1kQ+mzNPAms9R/0
-----END CERTIFICATE-----