This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/eHc6pv_nsOEvOj1b6H0UUy3Hz5g.roa
File:                     eHc6pv_nsOEvOj1b6H0UUy3Hz5g.roa (raw, json)
Hash identifier:          0jFiwjosF+a+C3GZzSfiQX91cGdMln4C3x+2DMdzk0I=
Subject key identifier:   78:77:3A:A6:FF:E7:B0:E1:2F:3A:3D:5B:E8:7D:14:53:2D:C7:CF:98
Certificate issuer:       /CN=1d157824c638c718a07b535e0d824cb24afc070c
Certificate serial:       019B7C11AFA65E080DA0CB96DF73530A3AF4
Authority key identifier: 1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/eHc6pv_nsOEvOj1b6H0UUy3Hz5g.roa
Signing time:             Fri 02 Jan 2026 00:18:12 +0000
ROA not before:           Fri 02 Jan 2026 00:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211802
IP address blocks:        88.218.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:af:a6:5e:08:0d:a0:cb:96:df:73:53:0a:3a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d157824c638c718a07b535e0d824cb24afc070c
        Validity
            Not Before: Jan  2 00:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=78773aa6ffe7b0e12f3a3d5be87d14532dc7cf98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a4:4e:52:97:b1:87:e3:72:12:e5:61:a1:1b:
                    ee:62:bd:3b:54:d5:24:0c:a8:03:f1:07:8d:92:ec:
                    ac:ec:88:6d:6b:0b:10:db:d1:1c:5d:96:c1:08:d3:
                    01:2f:53:cd:cc:cd:d8:8d:c3:e6:02:fa:d7:5c:08:
                    1b:74:b1:28:cb:2b:57:65:a2:65:37:f2:03:e0:90:
                    6d:bb:9f:8e:e8:be:ff:62:24:aa:cf:a6:6b:45:7d:
                    ff:10:9f:e3:69:7c:71:c2:4c:3d:9c:75:b1:17:2e:
                    6c:e7:d0:08:12:71:81:de:9d:67:25:86:c9:e0:62:
                    72:5c:7f:2a:19:71:49:b1:38:15:f3:c5:97:b3:e0:
                    1f:fe:aa:19:0d:df:2f:fb:09:87:27:4f:15:33:c7:
                    0f:6e:3c:01:94:b8:5a:eb:f6:8d:ac:b3:e9:8b:ea:
                    40:43:3f:4e:9c:9b:57:e3:a1:b0:19:71:f9:b8:0e:
                    a2:ba:73:f4:05:2e:6e:42:fa:7a:a1:74:c3:a6:91:
                    12:48:64:fd:d7:e8:1e:12:ea:9e:b9:da:38:93:94:
                    a7:3c:a4:7a:9c:1d:78:3d:ee:d8:18:b7:ba:b4:a2:
                    e9:a8:98:63:66:65:f1:d3:1d:64:c1:61:8d:51:62:
                    60:d2:1a:05:75:67:cd:32:03:3e:7d:e0:a9:17:81:
                    0c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:77:3A:A6:FF:E7:B0:E1:2F:3A:3D:5B:E8:7D:14:53:2D:C7:CF:98
            X509v3 Authority Key Identifier:
                keyid:1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/eHc6pv_nsOEvOj1b6H0UUy3Hz5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:d7:5b:2e:41:da:c6:48:b4:a9:c5:dd:35:55:7f:8f:65:80:
         a6:08:ee:74:5d:65:35:1a:7b:89:a3:d8:2c:64:fd:d6:5c:b3:
         43:27:91:c1:6a:7e:78:f1:2a:a4:3b:4b:5d:37:a7:4c:70:84:
         11:29:1e:31:22:54:e6:28:5a:20:21:1a:13:57:a8:e4:c3:32:
         f2:b8:b3:e6:42:69:f5:e5:a1:b0:a3:ac:64:a5:e1:ea:75:88:
         29:22:eb:1a:c2:a2:b6:57:ae:23:2b:4b:dc:d0:4b:9f:2d:da:
         cc:e5:50:58:f9:22:0f:c9:0f:ab:54:7c:74:99:f9:da:a0:d3:
         84:51:b5:9c:7d:67:72:bb:a3:7c:23:05:2b:cf:18:92:41:60:
         4a:99:68:ba:7c:8b:f1:a8:fb:2a:b7:d0:bb:71:da:dc:4d:48:
         79:34:b9:8b:22:2b:aa:85:90:f5:45:5d:53:52:7d:60:49:de:
         b8:1e:f9:91:cf:35:6d:41:2c:aa:dc:45:99:63:43:ea:d7:a8:
         4d:0b:ac:69:09:43:69:13:e9:b1:7c:b0:ae:bb:a9:d6:38:bd:
         29:c2:b5:f0:97:f9:af:e1:3f:94:13:5e:9d:28:f2:68:ec:fe:
         1f:1f:e7:df:38:5e:f0:5b:f4:9c:4d:47:e3:0f:97:5b:8c:2c:
         55:a3:89:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ea+mXggNoMuW33NTCjr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTU3ODI0YzYzOGM3MThhMDdiNTM1ZTBkODI0Y2IyNGFm
YzA3MGMwHhcNMjYwMTAyMDAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODc3M2FhNmZmZTdiMGUxMmYzYTNkNWJlODdkMTQ1MzJkYzdjZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qROUpexh+NyEuVhoRvuYr07VNUk
DKgD8QeNkuys7IhtawsQ29EcXZbBCNMBL1PNzM3YjcPmAvrXXAgbdLEoyytXZaJl
N/ID4JBtu5+O6L7/YiSqz6ZrRX3/EJ/jaXxxwkw9nHWxFy5s59AIEnGB3p1nJYbJ
4GJyXH8qGXFJsTgV88WXs+Af/qoZDd8v+wmHJ08VM8cPbjwBlLha6/aNrLPpi+pA
Qz9OnJtX46GwGXH5uA6iunP0BS5uQvp6oXTDppESSGT91+geEuqeudo4k5SnPKR6
nB14Pe7YGLe6tKLpqJhjZmXx0x1kwWGNUWJg0hoFdWfNMgM+feCpF4EMHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHh3Oqb/57DhLzo9W+h9FFMtx8+YMB8GA1UdIwQY
MBaAFB0VeCTGOMcYoHtTXg2CTLJK/AcMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJWNEpNWTR4eGlnZTFOZURZSk1za3I4Qnd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lNmFjMDEtOGJmYi00ZWYzLWJmYTct
ZTU3NDQwMjYwYmUwLzEvZUhjNnB2X25zT0V2T2oxYjZIMFVVeTNIejVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lNmFjMDEtOGJmYi00ZWYzLWJmYTctZTU3NDQwMjYwYmUw
LzEvSFJWNEpNWTR4eGlnZTFOZURZSk1za3I4Qnd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNreMA0G
CSqGSIb3DQEBCwUAA4IBAQBR11suQdrGSLSpxd01VX+PZYCmCO50XWU1GnuJo9gs
ZP3WXLNDJ5HBan548SqkO0tdN6dMcIQRKR4xIlTmKFogIRoTV6jkwzLyuLPmQmn1
5aGwo6xkpeHqdYgpIusawqK2V64jK0vc0EufLdrM5VBY+SIPyQ+rVHx0mfnaoNOE
UbWcfWdyu6N8IwUrzxiSQWBKmWi6fIvxqPsqt9C7cdrcTUh5NLmLIiuqhZD1RV1T
Un1gSd64HvmRzzVtQSyq3EWZY0Pq16hNC6xpCUNpE+mxfLCuu6nWOL0pwrXwl/mv
4T+UE16dKPJo7P4fH+ffOF7wW/ScTUfjD5dbjCxVo4kR
-----END CERTIFICATE-----