This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/dD-MtW5JsRqnwnPnsUdfrwtlNnA.roa
File:                     dD-MtW5JsRqnwnPnsUdfrwtlNnA.roa (raw, json)
Hash identifier:          f5aryPZhXFuWDKnN7XxLJHE/dKw+FhpE2ZvHKqk3JC4=
Subject key identifier:   74:3F:8C:B5:6E:49:B1:1A:A7:C2:73:E7:B1:47:5F:AF:0B:65:36:70
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82D8CDA05C98541F1F9839867D4B76
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/dD-MtW5JsRqnwnPnsUdfrwtlNnA.roa
Signing time:             Fri 02 Jan 2026 16:20:40 +0000
ROA not before:           Fri 02 Jan 2026 16:20:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211936
IP address blocks:        78.108.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:d8:cd:a0:5c:98:54:1f:1f:98:39:86:7d:4b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=743f8cb56e49b11aa7c273e7b1475faf0b653670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9c:0e:29:45:46:96:43:fb:59:d3:ba:52:aa:
                    6b:db:63:cd:e8:03:59:d1:58:67:a3:89:9d:58:f7:
                    05:4f:9d:8e:77:70:57:51:34:47:d7:31:7e:cc:23:
                    4f:d9:7e:15:e0:3c:22:89:49:7b:10:ce:c6:a7:49:
                    9b:d1:f8:b1:ca:52:11:76:68:64:d0:c2:26:f8:98:
                    a4:0d:79:43:e4:ae:7c:4a:8d:87:c9:ce:d1:2f:a3:
                    e9:fe:33:58:2d:61:e1:bc:de:c5:ab:5d:4f:72:e6:
                    99:b4:fc:08:54:8f:4a:a8:90:6c:64:a5:2b:f8:c7:
                    d0:03:97:5c:64:7e:b7:2e:cf:9a:d6:95:33:00:48:
                    49:c9:73:e4:8f:f2:7c:88:a6:99:a2:d9:bf:75:75:
                    09:25:ef:75:06:32:17:5e:c6:1a:37:d3:a6:4f:2a:
                    6e:ea:8a:92:3b:f0:f8:b9:89:e7:6c:fe:f6:11:29:
                    fb:14:84:24:e1:86:e1:d6:cb:9d:94:ce:fd:2e:43:
                    95:e8:3e:95:0b:91:ef:bd:b3:38:10:3c:58:af:21:
                    0f:b7:96:37:7a:89:ad:30:7f:fc:0e:e0:38:ff:5b:
                    9d:cb:4a:0f:ff:85:04:a3:20:3d:80:6d:cb:79:d2:
                    77:3e:88:36:75:86:b1:d4:a9:79:d8:11:8a:50:58:
                    6b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:3F:8C:B5:6E:49:B1:1A:A7:C2:73:E7:B1:47:5F:AF:0B:65:36:70
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/dD-MtW5JsRqnwnPnsUdfrwtlNnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:bc:18:aa:91:2e:80:5a:61:a8:d2:b4:6d:61:95:21:b0:f8:
         14:9c:20:79:fd:45:c0:0d:a3:24:22:fd:d5:3e:f4:45:3e:4a:
         af:35:7a:51:b0:40:01:cb:ad:b8:58:c9:8c:80:8f:a3:16:5a:
         d4:e8:1d:b2:bb:a0:9b:74:2a:4b:15:07:ba:8c:43:92:36:ee:
         cb:3c:9d:f1:95:70:77:70:4b:2f:52:5e:bc:16:76:f3:b5:d1:
         cb:bb:88:e9:2b:82:ff:55:4f:54:7a:42:03:f7:c7:2c:dc:ab:
         f4:19:ad:06:62:e0:65:ba:a8:14:62:ee:ba:da:52:2d:9e:72:
         c1:47:6d:1a:f1:49:2e:4e:b8:c1:11:60:f0:18:79:ff:3c:3c:
         88:a0:76:f2:a3:fc:3d:e6:49:10:66:70:75:f5:1c:87:50:84:
         51:47:f2:73:43:7c:4c:c2:d1:44:14:70:2b:11:9b:bb:47:d0:
         1f:54:71:6b:9a:f7:78:1f:ae:e5:cb:de:68:fc:16:64:24:40:
         85:5c:83:bf:c8:4e:88:35:b1:a1:bf:35:fe:6e:33:f4:ab:a6:
         d4:a3:8a:3c:7d:61:1b:9b:07:a3:fc:71:c1:85:08:4b:4b:48:
         df:85:65:83:3a:11:4b:88:e2:0a:43:3a:0b:fe:c8:80:e6:f2:
         da:61:fc:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gtjNoFyYVB8fmDmGfUt2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDNmOGNiNTZlNDliMTFhYTdjMjczZTdiMTQ3NWZhZjBiNjUzNjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJwOKUVGlkP7WdO6Uqpr22PN6ANZ
0Vhno4mdWPcFT52Od3BXUTRH1zF+zCNP2X4V4DwiiUl7EM7Gp0mb0fixylIRdmhk
0MIm+JikDXlD5K58So2Hyc7RL6Pp/jNYLWHhvN7Fq11PcuaZtPwIVI9KqJBsZKUr
+MfQA5dcZH63Ls+a1pUzAEhJyXPkj/J8iKaZotm/dXUJJe91BjIXXsYaN9OmTypu
6oqSO/D4uYnnbP72ESn7FIQk4Ybh1sudlM79LkOV6D6VC5HvvbM4EDxYryEPt5Y3
eomtMH/8DuA4/1udy0oP/4UEoyA9gG3LedJ3Pog2dYax1Kl52BGKUFhr1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQ/jLVuSbEap8Jz57FHX68LZTZwMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZEQtTXRXNUpzUnFud25QbnNVZGZyd3RsTm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmzbMA0G
CSqGSIb3DQEBCwUAA4IBAQAIvBiqkS6AWmGo0rRtYZUhsPgUnCB5/UXADaMkIv3V
PvRFPkqvNXpRsEABy624WMmMgI+jFlrU6B2yu6CbdCpLFQe6jEOSNu7LPJ3xlXB3
cEsvUl68FnbztdHLu4jpK4L/VU9UekID98cs3Kv0Ga0GYuBluqgUYu662lItnnLB
R20a8UkuTrjBEWDwGHn/PDyIoHbyo/w95kkQZnB19RyHUIRRR/JzQ3xMwtFEFHAr
EZu7R9AfVHFrmvd4H67ly95o/BZkJECFXIO/yE6INbGhvzX+bjP0q6bUo4o8fWEb
mwej/HHBhQhLS0jfhWWDOhFLiOIKQzoL/siA5vLaYfzG
-----END CERTIFICATE-----