This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/fdb10d-0f40-4151-ae17-c1b6216b7268/1/0zE3UfEHUEziOBAn5MV-3cMOfAI.roa
File:                     0zE3UfEHUEziOBAn5MV-3cMOfAI.roa (raw, json)
Hash identifier:          C69mVu54AG+KnNmbROi8pSxGo/q1kcnt7UFnI0LaEzc=
Subject key identifier:   D3:31:37:51:F1:07:50:4C:E2:38:10:27:E4:C5:7E:DD:C3:0E:7C:02
Certificate issuer:       /CN=d8399126b6052552da801d0ee47a2c7c32e7cdbc
Certificate serial:       019B92D82AB621C7E3D97A9A1B3430F7F9A7
Authority key identifier: D8:39:91:26:B6:05:25:52:DA:80:1D:0E:E4:7A:2C:7C:32:E7:CD:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2DmRJrYFJVLagB0O5HosfDLnzbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/fdb10d-0f40-4151-ae17-c1b6216b7268/1/0zE3UfEHUEziOBAn5MV-3cMOfAI.roa
Signing time:             Tue 06 Jan 2026 10:26:38 +0000
ROA not before:           Tue 06 Jan 2026 10:26:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60412
IP address blocks:        178.211.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/fdb10d-0f40-4151-ae17-c1b6216b7268/1/2DmRJrYFJVLagB0O5HosfDLnzbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/fdb10d-0f40-4151-ae17-c1b6216b7268/1/2DmRJrYFJVLagB0O5HosfDLnzbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2DmRJrYFJVLagB0O5HosfDLnzbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:92:d8:2a:b6:21:c7:e3:d9:7a:9a:1b:34:30:f7:f9:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8399126b6052552da801d0ee47a2c7c32e7cdbc
        Validity
            Not Before: Jan  6 10:26:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3313751f107504ce2381027e4c57eddc30e7c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:3d:b9:7d:41:31:a8:d9:73:c7:a0:9e:22:91:
                    e7:71:f7:5b:51:74:c6:26:9b:94:92:39:99:f7:63:
                    0a:23:61:77:38:52:aa:55:bd:96:78:50:85:fa:7d:
                    c5:14:86:f9:9e:89:c6:d6:07:b9:03:5c:92:ea:2f:
                    89:9f:88:f7:f2:2e:67:82:78:a4:d0:c7:33:63:ee:
                    49:99:b7:34:b1:b8:42:c2:8f:fa:ba:94:e3:35:2a:
                    22:60:fc:ad:2e:7a:92:a1:b4:84:35:20:cb:3e:33:
                    7c:b1:45:6c:eb:b1:52:a1:1c:a2:79:26:76:44:20:
                    dc:f3:a0:27:e0:21:a8:08:0c:fc:e9:99:06:fc:be:
                    75:8e:c9:7c:06:bf:71:0a:81:fb:cf:b1:a0:d4:9e:
                    13:68:35:9f:4c:55:1c:fd:b9:22:18:7c:01:14:17:
                    e6:ca:97:02:c4:64:55:82:8f:17:60:9b:35:fa:a1:
                    77:72:64:bc:3e:95:7a:5e:33:dd:f0:33:0f:d3:42:
                    4c:94:a0:5d:19:38:91:3d:c6:a4:16:a1:f6:3b:0a:
                    0c:e3:0f:5e:7f:db:bb:e3:8c:90:5b:9a:ec:b2:9e:
                    20:eb:01:35:35:3a:f3:d9:a7:ef:a9:8f:5b:7a:14:
                    c7:fe:86:da:6d:fe:3b:da:4a:93:f8:8c:7a:d9:10:
                    e8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:31:37:51:F1:07:50:4C:E2:38:10:27:E4:C5:7E:DD:C3:0E:7C:02
            X509v3 Authority Key Identifier:
                keyid:D8:39:91:26:B6:05:25:52:DA:80:1D:0E:E4:7A:2C:7C:32:E7:CD:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2DmRJrYFJVLagB0O5HosfDLnzbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/fdb10d-0f40-4151-ae17-c1b6216b7268/1/0zE3UfEHUEziOBAn5MV-3cMOfAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/fdb10d-0f40-4151-ae17-c1b6216b7268/1/2DmRJrYFJVLagB0O5HosfDLnzbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:b4:de:1a:bb:fd:32:a7:45:0e:70:5a:30:32:8a:2b:0d:fb:
         c2:c4:61:62:3a:82:a3:72:fd:e7:0c:83:41:4a:f4:01:25:4c:
         7b:2b:b1:5b:00:fa:01:9d:75:6c:43:2f:25:0d:4b:ee:14:6d:
         22:82:1b:66:c1:71:a2:7e:4b:46:36:79:e4:ef:64:d2:c8:a6:
         35:a3:65:b7:75:46:09:c1:8d:10:76:e7:8c:16:75:0e:5f:3f:
         26:e6:87:6d:ca:ab:6b:f3:93:e3:e9:93:35:1a:27:0f:3e:54:
         27:da:14:47:28:52:b1:a4:a8:50:ed:4c:48:2f:81:a5:f6:d0:
         15:e5:a8:17:2b:e5:f7:d0:48:66:18:13:62:b5:d0:ab:d5:97:
         dc:68:71:5f:2e:c6:6c:ac:9d:6b:8c:67:4e:8c:72:39:26:81:
         f8:77:5c:0e:6b:96:09:15:3b:44:50:b0:6f:ae:f3:49:5f:ab:
         d7:99:4e:06:2c:c5:cd:d6:1c:b9:14:7f:a0:6b:c1:b8:2e:c8:
         29:f3:9b:c7:1d:e9:03:62:c4:9e:eb:fa:30:5b:bc:e6:4c:97:
         a4:91:87:0d:c3:33:95:36:17:2e:0c:f0:c9:a0:64:a8:26:97:
         41:9c:37:2b:9e:fa:9a:6d:11:47:b8:2b:5b:6d:fd:f8:32:d8:
         c5:e4:9d:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuS2Cq2Icfj2XqaGzQw9/mnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Mzk5MTI2YjYwNTI1NTJkYTgwMWQwZWU0N2EyYzdjMzJl
N2NkYmMwHhcNMjYwMTA2MTAyNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzMxMzc1MWYxMDc1MDRjZTIzODEwMjdlNGM1N2VkZGMzMGU3YzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3z25fUExqNlzx6CeIpHncfdbUXTG
JpuUkjmZ92MKI2F3OFKqVb2WeFCF+n3FFIb5nonG1ge5A1yS6i+Jn4j38i5ngnik
0MczY+5Jmbc0sbhCwo/6upTjNSoiYPytLnqSobSENSDLPjN8sUVs67FSoRyieSZ2
RCDc86An4CGoCAz86ZkG/L51jsl8Br9xCoH7z7Gg1J4TaDWfTFUc/bkiGHwBFBfm
ypcCxGRVgo8XYJs1+qF3cmS8PpV6XjPd8DMP00JMlKBdGTiRPcakFqH2OwoM4w9e
f9u744yQW5rssp4g6wE1NTrz2afvqY9behTH/obabf472kqT+Ix62RDooQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMxN1HxB1BM4jgQJ+TFft3DDnwCMB8GA1UdIwQY
MBaAFNg5kSa2BSVS2oAdDuR6LHwy5828MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkRtUkpyWUZKVkxhZ0IwTzVIb3NmRExuemJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9mZGIxMGQtMGY0MC00MTUxLWFlMTct
YzFiNjIxNmI3MjY4LzEvMHpFM1VmRUhVRXppT0JBbjVNVi0zY01PZkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9mZGIxMGQtMGY0MC00MTUxLWFlMTctYzFiNjIxNmI3MjY4
LzEvMkRtUkpyWUZKVkxhZ0IwTzVIb3NmRExuemJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOAMA0G
CSqGSIb3DQEBCwUAA4IBAQAntN4au/0yp0UOcFowMoorDfvCxGFiOoKjcv3nDINB
SvQBJUx7K7FbAPoBnXVsQy8lDUvuFG0ightmwXGifktGNnnk72TSyKY1o2W3dUYJ
wY0QdueMFnUOXz8m5odtyqtr85Pj6ZM1GicPPlQn2hRHKFKxpKhQ7UxIL4Gl9tAV
5agXK+X30EhmGBNitdCr1ZfcaHFfLsZsrJ1rjGdOjHI5JoH4d1wOa5YJFTtEULBv
rvNJX6vXmU4GLMXN1hy5FH+ga8G4Lsgp85vHHekDYsSe6/owW7zmTJekkYcNwzOV
NhcuDPDJoGSoJpdBnDcrnvqabRFHuCtbbf34MtjF5J18
-----END CERTIFICATE-----