This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/TXWio7T0yQ8fPQNndu5iMXKIPyk.roa
File:                     TXWio7T0yQ8fPQNndu5iMXKIPyk.roa (raw, json)
Hash identifier:          Ptazack76ll8xJWikp2M96Ej4NUgmKdtpGkA8A7sIE0=
Subject key identifier:   4D:75:A2:A3:B4:F4:C9:0F:1F:3D:03:67:76:EE:62:31:72:88:3F:29
Certificate issuer:       /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial:       019B7DC9801729B5119436E8F6D14DA71AA7
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/TXWio7T0yQ8fPQNndu5iMXKIPyk.roa
Signing time:             Fri 02 Jan 2026 08:18:36 +0000
ROA not before:           Fri 02 Jan 2026 08:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        178.171.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:80:17:29:b5:11:94:36:e8:f6:d1:4d:a7:1a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
        Validity
            Not Before: Jan  2 08:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d75a2a3b4f4c90f1f3d036776ee623172883f29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fe:37:ad:a9:f5:eb:19:59:1b:e2:57:80:45:
                    45:0e:bf:de:9a:2c:f6:13:be:e6:70:cf:fc:58:13:
                    23:ad:e2:aa:1f:a7:3b:7a:06:fb:c7:c9:54:d9:e5:
                    21:16:34:7d:31:db:da:20:a9:ac:a4:fe:9e:e0:9d:
                    78:16:7e:2b:19:17:0d:c7:31:cf:3d:8b:26:d8:f7:
                    67:1d:a1:6d:78:78:72:05:07:02:b8:4c:16:02:d5:
                    f6:a2:97:b5:06:8a:47:f2:75:25:86:ca:33:e4:81:
                    b7:82:53:e7:20:1f:03:5a:1d:fc:e7:d7:5e:38:6d:
                    fe:6f:22:9b:72:16:ea:db:07:a6:3e:ff:54:ee:60:
                    7f:97:7c:01:69:4d:f4:50:5f:33:04:fa:88:54:84:
                    d7:23:cf:a7:cb:be:5f:57:19:8a:04:87:97:89:1b:
                    f2:be:b7:ee:54:ba:df:d8:a2:95:7a:cd:c1:b7:d7:
                    50:6d:2f:7a:b5:72:c3:21:e5:99:26:15:07:5f:b2:
                    73:5a:67:59:a7:a0:da:94:c6:d3:8e:c8:d4:44:04:
                    ba:79:40:c0:26:54:ae:fa:75:d2:8a:45:38:86:86:
                    5c:62:71:c1:fc:5d:6f:4a:00:75:6d:70:f8:73:6e:
                    9d:77:f3:6c:a5:e7:f9:e6:7a:66:0c:7c:a4:f2:0a:
                    72:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:75:A2:A3:B4:F4:C9:0F:1F:3D:03:67:76:EE:62:31:72:88:3F:29
            X509v3 Authority Key Identifier:
                keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/TXWio7T0yQ8fPQNndu5iMXKIPyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.171.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:e6:1f:97:6f:31:75:eb:4b:e1:1e:ab:4d:55:9b:81:14:9b:
         48:43:f6:4a:e1:ab:ef:2b:f8:08:12:c5:8a:24:3a:7e:97:4d:
         c9:0f:94:be:f1:64:84:bf:85:25:2b:97:e4:ff:d7:15:81:0b:
         c0:55:f9:63:33:87:e7:9e:5a:76:22:8b:94:28:d4:f9:94:35:
         2d:3e:69:f6:c6:84:0e:0a:af:a3:bb:f9:62:90:3a:cd:b7:7a:
         d2:09:36:9b:cd:18:ae:b1:28:46:e6:d3:7b:c6:8a:63:35:e6:
         82:58:6a:d8:02:c9:fb:9d:de:9d:b8:57:b9:7c:df:92:99:41:
         c3:47:84:f8:4c:c8:49:21:e0:f0:84:b7:a3:c4:3a:d4:78:84:
         7f:f9:66:a6:6a:1a:b1:dd:6c:71:2a:b3:55:81:6d:65:ca:74:
         35:dc:dc:33:8e:ff:de:a5:e1:7d:cf:94:1e:77:38:4c:78:14:
         69:76:68:59:c4:06:a0:a0:e7:a5:55:59:d5:ba:8d:87:7b:c0:
         27:3a:1f:29:0b:60:90:66:55:81:e0:e9:65:31:97:a6:f2:1e:
         07:58:70:9f:d9:7b:38:a4:46:6b:6f:77:e0:38:86:78:1f:a9:
         f4:2a:01:ab:5c:ba:76:ba:61:e5:d0:07:1f:01:fa:8e:1c:35:
         5a:6e:bb:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yYAXKbURlDbo9tFNpxqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjYwMTAyMDgxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc1YTJhM2I0ZjRjOTBmMWYzZDAzNjc3NmVlNjIzMTcyODgzZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP43ran16xlZG+JXgEVFDr/emiz2
E77mcM/8WBMjreKqH6c7egb7x8lU2eUhFjR9MdvaIKmspP6e4J14Fn4rGRcNxzHP
PYsm2PdnHaFteHhyBQcCuEwWAtX2ope1BopH8nUlhsoz5IG3glPnIB8DWh3859de
OG3+byKbchbq2wemPv9U7mB/l3wBaU30UF8zBPqIVITXI8+ny75fVxmKBIeXiRvy
vrfuVLrf2KKVes3Bt9dQbS96tXLDIeWZJhUHX7JzWmdZp6DalMbTjsjURAS6eUDA
JlSu+nXSikU4hoZcYnHB/F1vSgB1bXD4c26dd/Nspef55npmDHyk8gpyawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE11oqO09MkPHz0DZ3buYjFyiD8pMB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvVFhXaW83VDB5UThmUFFObmR1NWlNWEtJUHlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEtYmE3NzFmZmQyNjlj
LzEvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqt6MA0G
CSqGSIb3DQEBCwUAA4IBAQAP5h+XbzF160vhHqtNVZuBFJtIQ/ZK4avvK/gIEsWK
JDp+l03JD5S+8WSEv4UlK5fk/9cVgQvAVfljM4fnnlp2IouUKNT5lDUtPmn2xoQO
Cq+ju/likDrNt3rSCTabzRiusShG5tN7xopjNeaCWGrYAsn7nd6duFe5fN+SmUHD
R4T4TMhJIeDwhLejxDrUeIR/+Wamahqx3WxxKrNVgW1lynQ13Nwzjv/epeF9z5Qe
dzhMeBRpdmhZxAagoOelVVnVuo2He8AnOh8pC2CQZlWB4OllMZem8h4HWHCf2Xs4
pEZrb3fgOIZ4H6n0KgGrXLp2umHl0AcfAfqOHDVabruM
-----END CERTIFICATE-----