This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4HiwRJ2gaqJCD6O0ejqDrJn5WKY.roa
File:                     4HiwRJ2gaqJCD6O0ejqDrJn5WKY.roa (raw, json)
Hash identifier:          pQTdAM8PPvJlNtCNTwhiZp3TAQ6K5A8RogbMYbiHOko=
Subject key identifier:   E0:78:B0:44:9D:A0:6A:A2:42:0F:A3:B4:7A:3A:83:AC:99:F9:58:A6
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019B79106771E1268D34B7C17DB47CE1A43B
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4HiwRJ2gaqJCD6O0ejqDrJn5WKY.roa
Signing time:             Thu 01 Jan 2026 10:17:56 +0000
ROA not before:           Thu 01 Jan 2026 10:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210388
IP address blocks:        78.135.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:67:71:e1:26:8d:34:b7:c1:7d:b4:7c:e1:a4:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  1 10:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e078b0449da06aa2420fa3b47a3a83ac99f958a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:32:be:6e:1d:f2:5e:8f:a2:a2:23:2c:ae:6d:
                    10:07:1a:c1:fe:18:35:d6:fe:ce:e6:1c:7d:1e:21:
                    a9:4a:5d:a4:f9:95:93:10:43:d7:b2:cd:ed:c9:51:
                    d2:5b:e1:91:f5:c1:c3:06:46:22:82:37:f9:b2:55:
                    3c:f4:64:65:2c:cd:78:7e:dd:1f:3d:4a:49:3f:ee:
                    ec:7c:5f:12:14:90:23:8a:f0:6e:0b:55:2f:b9:8c:
                    d6:7e:10:af:9b:20:50:a9:d9:39:05:18:55:4a:df:
                    c2:66:55:1f:4b:ad:0e:06:53:f5:8c:02:57:a7:be:
                    fe:08:a5:33:90:9f:e3:f5:fc:66:c4:87:67:1d:ac:
                    51:d0:a7:70:d8:dc:df:99:5c:fc:68:ca:04:3a:e6:
                    8d:e8:e7:25:8d:56:f7:f3:2f:8b:83:9b:26:c3:89:
                    f3:da:c9:d0:9f:14:fe:66:65:d8:a3:ff:49:3d:1a:
                    f4:dd:5b:56:aa:2d:44:0a:52:9d:45:cf:15:bb:7b:
                    91:84:16:eb:f0:11:d4:eb:63:db:d3:e2:64:eb:e4:
                    0c:19:54:ec:03:ed:14:ea:ff:e0:a4:1b:a8:cb:0f:
                    ea:d9:c3:cf:b0:7e:b5:e8:c5:01:57:67:ce:71:f2:
                    65:97:8b:f4:de:04:2c:72:58:9a:e5:d6:2b:7c:88:
                    69:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:78:B0:44:9D:A0:6A:A2:42:0F:A3:B4:7A:3A:83:AC:99:F9:58:A6
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4HiwRJ2gaqJCD6O0ejqDrJn5WKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:a9:38:74:b4:47:c3:25:c1:22:71:30:32:6d:d0:3a:89:22:
         fb:73:b4:14:7c:11:b2:25:0a:13:36:14:93:df:1b:73:61:68:
         aa:e3:79:52:8e:6a:bb:eb:e5:08:75:86:01:27:5e:da:69:24:
         4a:cc:81:1f:be:1e:16:76:6a:33:9a:fb:9a:82:89:b8:7b:56:
         23:17:1d:84:93:9f:38:f1:98:e4:2e:45:c0:4a:80:37:ec:70:
         25:84:d2:dd:dd:c1:75:58:52:10:39:14:5e:20:c0:73:9c:fd:
         91:83:e9:3a:7a:97:e1:44:b8:ac:65:c3:08:c1:fc:62:03:39:
         0e:fe:32:e6:f2:a5:0f:8e:ea:7a:ca:52:06:ac:e8:6f:e7:2b:
         8d:fe:3b:1d:66:e9:98:04:2b:f3:db:81:c3:37:84:b0:7a:4d:
         70:f9:5c:22:e7:09:61:af:02:af:57:db:39:b5:e1:57:12:28:
         ec:44:8e:f8:d3:27:3c:a1:6d:33:21:ce:51:70:a1:36:72:eb:
         74:ea:c8:09:65:f5:57:b7:d6:c7:bf:d2:74:40:46:8d:e0:17:
         83:b4:06:56:5e:ca:92:cc:6e:c1:ca:fb:9a:60:a2:e3:e0:5b:
         01:95:2e:9d:b2:22:0e:38:10:a8:61:87:4c:26:9c:90:c4:d5:
         f4:3d:5f:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EGdx4SaNNLfBfbR84aQ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwMTAxMTAxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDc4YjA0NDlkYTA2YWEyNDIwZmEzYjQ3YTNhODNhYzk5Zjk1OGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTK+bh3yXo+ioiMsrm0QBxrB/hg1
1v7O5hx9HiGpSl2k+ZWTEEPXss3tyVHSW+GR9cHDBkYigjf5slU89GRlLM14ft0f
PUpJP+7sfF8SFJAjivBuC1UvuYzWfhCvmyBQqdk5BRhVSt/CZlUfS60OBlP1jAJX
p77+CKUzkJ/j9fxmxIdnHaxR0Kdw2NzfmVz8aMoEOuaN6OcljVb38y+Lg5smw4nz
2snQnxT+ZmXYo/9JPRr03VtWqi1EClKdRc8Vu3uRhBbr8BHU62Pb0+Jk6+QMGVTs
A+0U6v/gpBuoyw/q2cPPsH616MUBV2fOcfJll4v03gQsclia5dYrfIhp4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOB4sESdoGqiQg+jtHo6g6yZ+VimMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvNEhpd1JKMmdhcUpDRDZPMGVqcURySm41V0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodpMA0G
CSqGSIb3DQEBCwUAA4IBAQBlqTh0tEfDJcEicTAybdA6iSL7c7QUfBGyJQoTNhST
3xtzYWiq43lSjmq76+UIdYYBJ17aaSRKzIEfvh4Wdmozmvuagom4e1YjFx2Ek584
8ZjkLkXASoA37HAlhNLd3cF1WFIQORReIMBznP2Rg+k6epfhRLisZcMIwfxiAzkO
/jLm8qUPjup6ylIGrOhv5yuN/jsdZumYBCvz24HDN4Swek1w+Vwi5wlhrwKvV9s5
teFXEijsRI740yc8oW0zIc5RcKE2cut06sgJZfVXt9bHv9J0QEaN4BeDtAZWXsqS
zG7ByvuaYKLj4FsBlS6dsiIOOBCoYYdMJpyQxNX0PV91
-----END CERTIFICATE-----