This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/C4UsWWSkM-BnhYMBEvTvGvac8FA.roa
File:                     C4UsWWSkM-BnhYMBEvTvGvac8FA.roa (raw, json)
Hash identifier:          Udd8lMesWtN+x6oPF2e8nLmi9fAdU3zj7CTo6T72YnU=
Subject key identifier:   0B:85:2C:59:64:A4:33:E0:67:85:83:01:12:F4:EF:1A:F6:9C:F0:50
Certificate issuer:       /CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
Certificate serial:       019ACBE58978372ED6221EFD07B861E30298
Authority key identifier: 2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/C4UsWWSkM-BnhYMBEvTvGvac8FA.roa
Signing time:             Fri 28 Nov 2025 19:16:49 +0000
ROA not before:           Fri 28 Nov 2025 19:16:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206986
IP address blocks:        78.143.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Dec 2025 14:45:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:cb:e5:89:78:37:2e:d6:22:1e:fd:07:b8:61:e3:02:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
        Validity
            Not Before: Nov 28 19:16:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b852c5964a433e06785830112f4ef1af69cf050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:46:aa:1b:89:ba:b8:b9:5c:3a:d6:a1:36:d8:
                    aa:21:91:d0:de:83:c9:91:cb:27:27:1c:a2:0f:e8:
                    38:67:db:dd:ad:f3:f7:15:76:13:5d:b8:97:e4:d8:
                    b0:41:19:83:45:81:8f:e4:2e:70:d3:ce:eb:a8:26:
                    5b:df:36:69:8b:50:4d:49:73:b1:72:dc:f9:df:b5:
                    75:d2:81:58:ce:08:c4:2b:ae:56:3f:cc:5f:b3:df:
                    84:8c:ec:5f:55:cc:94:80:88:16:a4:c6:b7:36:fa:
                    cb:ac:28:f2:5c:85:31:44:ca:7f:25:84:64:30:4a:
                    b7:22:b1:01:f1:23:cd:10:94:1a:69:24:23:0e:80:
                    3c:34:4f:23:74:45:53:f6:d7:de:1e:64:a8:0d:07:
                    f1:8a:11:b4:6c:3a:a0:f6:b1:5a:bb:e5:13:3d:1e:
                    42:f5:5c:60:4a:90:78:00:fe:38:4f:86:e5:0b:51:
                    8c:82:4d:2b:f1:3b:37:53:9a:13:27:93:2d:b0:34:
                    cb:63:c7:77:3b:73:71:cd:77:46:16:e7:7c:77:5b:
                    ba:e5:1a:88:ca:c6:76:9a:9f:9c:2a:b7:02:d0:15:
                    1b:17:bc:4e:59:df:5b:bb:cf:a0:57:cb:e1:c5:28:
                    ae:84:bb:78:b7:18:87:95:16:2e:dc:f8:67:c2:86:
                    2b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:85:2C:59:64:A4:33:E0:67:85:83:01:12:F4:EF:1A:F6:9C:F0:50
            X509v3 Authority Key Identifier:
                keyid:2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/C4UsWWSkM-BnhYMBEvTvGvac8FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:54:ee:ee:bf:f3:2f:0b:b3:9a:68:30:00:15:a4:d5:c0:7b:
         f3:2e:0a:f2:f4:c4:01:ed:1e:74:9e:9c:ed:6c:88:c2:7b:b7:
         38:df:51:6e:ae:4d:55:f5:39:d0:e7:a3:23:9e:3a:c7:b6:f5:
         83:89:1b:5d:05:2e:c0:86:d6:93:24:52:be:63:3a:62:d9:de:
         a8:ed:27:53:52:a6:95:41:4d:9f:9c:3c:b8:7a:a4:26:9c:7d:
         70:15:0c:de:b9:4d:ca:4c:c9:b2:a1:18:c3:cd:41:2a:e4:27:
         54:f2:cc:22:aa:ed:c2:b3:e3:cf:13:08:94:08:9d:1f:a4:43:
         12:33:1d:6d:94:08:db:c7:66:9c:a9:5a:6f:83:bd:13:1f:c4:
         ea:3a:cb:b8:d9:54:40:bd:25:d1:10:88:37:d9:ae:58:2e:ed:
         2f:dc:e2:bd:1f:57:4d:7d:b7:7a:46:a7:59:6e:ed:a7:df:a0:
         65:73:a8:b0:f1:70:ba:21:96:24:25:a1:dc:05:7c:53:a3:ff:
         1f:97:7e:b5:5c:ef:70:01:02:26:93:a8:82:19:1d:66:42:2d:
         db:76:11:3d:4b:20:74:77:3a:25:4d:6e:cb:2f:1a:0a:57:0a:
         e7:4d:b2:d9:e7:58:58:bc:33:c6:a7:5a:4a:f1:92:62:9c:3b:
         21:03:38:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrL5Yl4Ny7WIh79B7hh4wKYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmEwZmEyMDM4MzMzMmEzZjQxNGYwNTQ3NTNhMGI2MGIy
NWJhMTAwHhcNMjUxMTI4MTkxNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjg1MmM1OTY0YTQzM2UwNjc4NTgzMDExMmY0ZWYxYWY2OWNmMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0aqG4m6uLlcOtahNtiqIZHQ3oPJ
kcsnJxyiD+g4Z9vdrfP3FXYTXbiX5NiwQRmDRYGP5C5w087rqCZb3zZpi1BNSXOx
ctz537V10oFYzgjEK65WP8xfs9+EjOxfVcyUgIgWpMa3NvrLrCjyXIUxRMp/JYRk
MEq3IrEB8SPNEJQaaSQjDoA8NE8jdEVT9tfeHmSoDQfxihG0bDqg9rFau+UTPR5C
9VxgSpB4AP44T4blC1GMgk0r8Ts3U5oTJ5MtsDTLY8d3O3NxzXdGFud8d1u65RqI
ysZ2mp+cKrcC0BUbF7xOWd9bu8+gV8vhxSiuhLt4txiHlRYu3PhnwoYrowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuFLFlkpDPgZ4WDARL07xr2nPBQMB8GA1UdIwQY
MBaAFC8qD6IDgzMqP0FPBUdToLYLJboQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMt
NTVhOTMwZmMwYzcxLzEvQzRVc1dXU2tNLUJuaFlNQkV2VHZHdmFjOEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMtNTVhOTMwZmMwYzcx
LzEvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo/8MA0G
CSqGSIb3DQEBCwUAA4IBAQCdVO7uv/MvC7OaaDAAFaTVwHvzLgry9MQB7R50npzt
bIjCe7c431Furk1V9TnQ56MjnjrHtvWDiRtdBS7AhtaTJFK+Yzpi2d6o7SdTUqaV
QU2fnDy4eqQmnH1wFQzeuU3KTMmyoRjDzUEq5CdU8swiqu3Cs+PPEwiUCJ0fpEMS
Mx1tlAjbx2acqVpvg70TH8TqOsu42VRAvSXREIg32a5YLu0v3OK9H1dNfbd6RqdZ
bu2n36Blc6iw8XC6IZYkJaHcBXxTo/8fl361XO9wAQImk6iCGR1mQi3bdhE9SyB0
dzolTW7LLxoKVwrnTbLZ51hYvDPGp1pK8ZJinDshAziO
-----END CERTIFICATE-----