This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/qBAd6yQPjLXAKJuuP_CdFngQD2M.roa
File:                     qBAd6yQPjLXAKJuuP_CdFngQD2M.roa (raw, json)
Hash identifier:          /ofdK5/jkhAtRoiOLNcbcKncV7/sR7sjaCafbChgexw=
Subject key identifier:   A8:10:1D:EB:24:0F:8C:B5:C0:28:9B:AE:3F:F0:9D:16:78:10:0F:63
Certificate issuer:       /CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
Certificate serial:       019B7D5B020970DA0B253AB5E1A68992A89C
Authority key identifier: 4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/qBAd6yQPjLXAKJuuP_CdFngQD2M.roa
Signing time:             Fri 02 Jan 2026 06:17:54 +0000
ROA not before:           Fri 02 Jan 2026 06:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        78.24.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 01:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:02:09:70:da:0b:25:3a:b5:e1:a6:89:92:a8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
        Validity
            Not Before: Jan  2 06:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8101deb240f8cb5c0289bae3ff09d1678100f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c0:49:1b:39:00:13:38:19:f7:5b:c0:27:af:
                    4f:15:5f:0f:93:bf:2f:e5:a2:b3:bf:37:65:bd:74:
                    c4:84:48:01:c7:79:94:5b:9d:2f:d0:c9:83:5a:9f:
                    24:8e:c4:d7:78:ff:a9:7a:ab:1f:f7:47:d4:fa:8a:
                    fa:72:68:6d:65:d9:46:d9:02:42:98:3a:df:1f:61:
                    dc:7b:28:7e:1f:12:f5:96:f8:a0:b2:f8:40:ba:2b:
                    92:65:51:60:b5:2d:18:da:f0:57:f6:61:81:bb:f1:
                    91:8c:71:e2:1c:6e:af:ac:96:29:4d:47:44:ea:22:
                    d4:c6:7a:74:9d:19:9b:c9:ec:43:7b:93:d9:10:23:
                    10:4d:3c:16:60:d6:52:23:9c:a6:8d:da:ac:7e:04:
                    08:dc:e0:e2:4b:f1:67:49:37:49:83:19:8b:b5:57:
                    66:39:aa:5b:62:21:d8:ee:98:51:48:a0:72:0d:93:
                    30:ce:7d:dd:44:2d:98:b8:b4:77:5a:a6:74:5b:cb:
                    c2:ba:20:96:b6:52:d3:30:50:46:98:ed:ba:94:35:
                    83:6c:88:4c:5f:4d:c7:00:61:4f:84:16:c2:aa:51:
                    62:06:db:27:7b:c7:13:48:51:3b:80:5f:f6:0a:4f:
                    e4:f7:8e:f5:56:71:e0:8a:7d:32:f5:ce:76:30:e7:
                    d5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:10:1D:EB:24:0F:8C:B5:C0:28:9B:AE:3F:F0:9D:16:78:10:0F:63
            X509v3 Authority Key Identifier:
                keyid:4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/qBAd6yQPjLXAKJuuP_CdFngQD2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:4e:33:04:2f:8a:59:87:4c:4d:33:d9:77:49:92:5f:69:0d:
         66:dd:fa:6e:78:4d:b6:9b:dd:e7:2d:8e:5a:85:fa:ec:df:ae:
         85:c5:3a:57:fe:b9:ed:34:0f:be:41:1e:c9:d2:c5:17:c1:eb:
         ac:8f:f6:5e:ad:87:bc:23:a8:31:77:8a:91:82:76:de:51:9a:
         d2:05:8e:ed:16:23:42:d7:60:55:a8:b3:55:88:45:1e:18:fb:
         14:53:dc:1a:a4:fb:40:04:f3:b9:3c:58:a0:58:c5:21:08:6f:
         2f:1d:24:a0:01:08:cd:40:96:40:97:52:37:67:e9:78:b3:f3:
         88:a2:19:51:ad:e2:0b:7c:37:88:16:fa:ee:57:56:05:0b:7c:
         9b:22:ea:e7:ba:a5:37:fe:d7:a9:d0:a6:5e:f9:d4:54:2d:35:
         a3:d3:a0:10:66:26:03:a2:4f:a6:5c:4a:44:bc:aa:50:54:e1:
         96:b6:d2:15:ea:60:26:32:f8:b6:f7:57:cf:bb:b0:22:25:d4:
         14:7b:ea:be:76:01:69:5e:92:7e:28:8f:41:a4:7a:ab:2e:97:
         3b:91:89:69:d3:b6:e8:19:fd:2e:e9:a9:e1:4a:0c:69:bb:d2:
         18:c2:6f:4a:b5:c4:ce:99:c2:bb:fc:8d:37:0b:11:17:90:bf:
         45:df:ed:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WwIJcNoLJTq14aaJkqicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzhjYWE3NzQxZjk5YjlmYmNhNGY0OTQzYzhiNzlmMDBi
ZWJmZjgwHhcNMjYwMTAyMDYxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODEwMWRlYjI0MGY4Y2I1YzAyODliYWUzZmYwOWQxNjc4MTAwZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusBJGzkAEzgZ91vAJ69PFV8Pk78v
5aKzvzdlvXTEhEgBx3mUW50v0MmDWp8kjsTXeP+peqsf90fU+or6cmhtZdlG2QJC
mDrfH2Hceyh+HxL1lvigsvhAuiuSZVFgtS0Y2vBX9mGBu/GRjHHiHG6vrJYpTUdE
6iLUxnp0nRmbyexDe5PZECMQTTwWYNZSI5ymjdqsfgQI3ODiS/FnSTdJgxmLtVdm
OapbYiHY7phRSKByDZMwzn3dRC2YuLR3WqZ0W8vCuiCWtlLTMFBGmO26lDWDbIhM
X03HAGFPhBbCqlFiBtsne8cTSFE7gF/2Ck/k9471VnHgin0y9c52MOfV/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgQHeskD4y1wCibrj/wnRZ4EA9jMB8GA1UdIwQY
MBaAFEt4yqd0H5m5+8pPSUPIt58Avr/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMt
NjNjZWQ4NzYyMDQyLzEvcUJBZDZ5UVBqTFhBS0p1dVBfQ2RGbmdRRDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMtNjNjZWQ4NzYyMDQy
LzEvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThh7MA0G
CSqGSIb3DQEBCwUAA4IBAQCGTjMEL4pZh0xNM9l3SZJfaQ1m3fpueE22m93nLY5a
hfrs366FxTpX/rntNA++QR7J0sUXweusj/ZerYe8I6gxd4qRgnbeUZrSBY7tFiNC
12BVqLNViEUeGPsUU9wapPtABPO5PFigWMUhCG8vHSSgAQjNQJZAl1I3Z+l4s/OI
ohlRreILfDeIFvruV1YFC3ybIurnuqU3/tep0KZe+dRULTWj06AQZiYDok+mXEpE
vKpQVOGWttIV6mAmMvi291fPu7AiJdQUe+q+dgFpXpJ+KI9BpHqrLpc7kYlp07bo
Gf0u6anhSgxpu9IYwm9KtcTOmcK7/I03CxEXkL9F3+1v
-----END CERTIFICATE-----