This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/shFmXFepoVkoPuQaH7iwNirZ3XU.roa
File:                     shFmXFepoVkoPuQaH7iwNirZ3XU.roa (raw, json)
Hash identifier:          jDkMxVrrv2BYtLq4CSplaeMuVqAXK6DpU5S2779dHHY=
Subject key identifier:   B2:11:66:5C:57:A9:A1:59:28:3E:E4:1A:1F:B8:B0:36:2A:D9:DD:75
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019B7D5D276BC96D56E1A18EA0BC0BEAA4B6
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/shFmXFepoVkoPuQaH7iwNirZ3XU.roa
Signing time:             Fri 02 Jan 2026 06:20:15 +0000
ROA not before:           Fri 02 Jan 2026 06:20:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215279
IP address blocks:        78.40.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:27:6b:c9:6d:56:e1:a1:8e:a0:bc:0b:ea:a4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  2 06:20:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b211665c57a9a159283ee41a1fb8b0362ad9dd75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:93:a7:34:6a:9f:ec:e5:6c:32:6f:72:58:62:
                    9c:14:03:e4:27:96:d9:09:32:45:d2:f8:d0:c8:e1:
                    8e:4c:2a:06:47:43:8e:f3:12:79:0e:a2:c0:56:10:
                    a5:bb:0f:79:b8:6f:5e:c8:77:05:fc:60:45:99:67:
                    93:d7:a9:25:47:08:0f:06:ff:59:c4:19:9b:86:2f:
                    9c:8e:51:26:5c:9a:69:51:70:45:f3:69:f6:d3:d2:
                    bf:c7:14:24:06:cd:39:ba:b9:67:6c:9b:03:38:28:
                    63:7d:11:d7:23:e3:59:bc:da:8e:83:bc:47:d7:a9:
                    45:fa:36:5b:12:a5:1a:4d:58:24:b1:c6:9e:cf:64:
                    50:84:d6:79:f4:66:30:4d:51:12:1a:39:e9:7c:07:
                    9b:ba:89:e9:a0:c9:59:48:8f:38:57:3a:5e:71:14:
                    e3:fa:6a:ff:16:c1:41:f5:c4:2b:ec:95:82:78:89:
                    86:e1:80:f3:ca:fa:47:98:b1:3e:ab:11:37:d9:aa:
                    19:a5:ff:b0:a6:ad:7c:91:0b:4e:08:78:f0:8d:8f:
                    48:09:55:81:97:c4:8a:cb:c3:5c:61:53:3e:b5:f0:
                    5e:dd:dc:cc:b1:e0:f8:ab:c0:eb:6e:30:29:62:08:
                    3c:2b:ee:f3:de:d7:0a:34:a3:0c:0c:13:b4:80:24:
                    31:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:11:66:5C:57:A9:A1:59:28:3E:E4:1A:1F:B8:B0:36:2A:D9:DD:75
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/shFmXFepoVkoPuQaH7iwNirZ3XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e7:4a:cc:c7:e9:d6:aa:5c:d5:83:a2:9a:cb:5d:e4:53:27:56:
         0e:87:2b:da:b6:f7:3e:12:8c:3d:9a:b4:36:2e:3e:a1:a1:1c:
         24:e8:fc:25:66:8b:5c:14:bd:ae:cd:92:79:57:41:34:29:23:
         66:7f:f9:6a:a3:ae:d3:dd:c4:98:39:70:d0:2f:c7:1d:4f:11:
         c9:4d:a8:c1:f0:56:31:c2:41:80:d4:c2:01:eb:a7:f0:a1:d3:
         59:4c:b0:2e:95:30:49:b4:36:6b:24:cf:61:5f:e9:cb:37:cc:
         be:1d:b4:13:a1:2d:3b:2c:45:9c:09:29:ad:12:39:4d:5a:4b:
         c5:0e:42:6c:b6:d0:d2:50:72:11:87:78:c1:c4:fa:7f:7a:74:
         75:46:5c:ab:8f:10:f9:96:b0:97:32:8f:ee:dc:aa:dc:1f:8a:
         c4:84:7b:c7:ab:0d:71:43:13:0f:18:18:ad:d4:b9:3d:f5:54:
         4c:aa:aa:f2:c5:53:89:88:9e:50:8f:7e:0d:88:a3:87:88:45:
         40:ef:5d:2e:57:07:5f:b9:75:ac:2d:93:e0:cc:82:ef:95:66:
         bb:cd:28:4b:09:a0:ee:01:8e:57:98:87:55:27:93:62:d5:d0:
         21:c4:8e:7d:b5:25:6c:7e:6e:02:7f:dd:5b:c2:2c:a5:f4:c5:
         9e:5b:7e:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XSdryW1W4aGOoLwL6qS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwMTAyMDYyMDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjExNjY1YzU3YTlhMTU5MjgzZWU0MWExZmI4YjAzNjJhZDlkZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpOnNGqf7OVsMm9yWGKcFAPkJ5bZ
CTJF0vjQyOGOTCoGR0OO8xJ5DqLAVhCluw95uG9eyHcF/GBFmWeT16klRwgPBv9Z
xBmbhi+cjlEmXJppUXBF82n209K/xxQkBs05urlnbJsDOChjfRHXI+NZvNqOg7xH
16lF+jZbEqUaTVgkscaez2RQhNZ59GYwTVESGjnpfAebuonpoMlZSI84VzpecRTj
+mr/FsFB9cQr7JWCeImG4YDzyvpHmLE+qxE32aoZpf+wpq18kQtOCHjwjY9ICVWB
l8SKy8NcYVM+tfBe3dzMseD4q8DrbjApYgg8K+7z3tcKNKMMDBO0gCQxPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIRZlxXqaFZKD7kGh+4sDYq2d11MB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvc2hGbVhGZXBvVmtvUHVRYUg3aXdOaXJaM1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATih2MA0G
CSqGSIb3DQEBCwUAA4IBAQDnSszH6daqXNWDoprLXeRTJ1YOhyvatvc+Eow9mrQ2
Lj6hoRwk6PwlZotcFL2uzZJ5V0E0KSNmf/lqo67T3cSYOXDQL8cdTxHJTajB8FYx
wkGA1MIB66fwodNZTLAulTBJtDZrJM9hX+nLN8y+HbQToS07LEWcCSmtEjlNWkvF
DkJsttDSUHIRh3jBxPp/enR1RlyrjxD5lrCXMo/u3KrcH4rEhHvHqw1xQxMPGBit
1Lk99VRMqqryxVOJiJ5Qj34NiKOHiEVA710uVwdfuXWsLZPgzILvlWa7zShLCaDu
AY5XmIdVJ5Ni1dAhxI59tSVsfm4Cf91bwiyl9MWeW35g
-----END CERTIFICATE-----