This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/nX8N-jyzrfI0oSko9GdsGIf_Il0.roa
File:                     nX8N-jyzrfI0oSko9GdsGIf_Il0.roa (raw, json)
Hash identifier:          3r0BbCyBSb5W/wVBb7Z3/O6CcnOLpW4A7av6ZVyo3Ws=
Subject key identifier:   9D:7F:0D:FA:3C:B3:AD:F2:34:A1:29:28:F4:67:6C:18:87:FF:22:5D
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019B7C133ABD01FD740DE41F343F8F8B3C4A
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/nX8N-jyzrfI0oSko9GdsGIf_Il0.roa
Signing time:             Fri 02 Jan 2026 00:19:53 +0000
ROA not before:           Fri 02 Jan 2026 00:19:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199785
IP address blocks:        185.78.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 13:16:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:3a:bd:01:fd:74:0d:e4:1f:34:3f:8f:8b:3c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 00:19:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d7f0dfa3cb3adf234a12928f4676c1887ff225d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:15:59:70:72:82:ea:b5:53:74:8f:6d:87:d2:
                    25:64:11:aa:75:d9:4e:a7:88:8f:4d:0f:d7:99:0b:
                    fd:f5:5c:db:0b:60:34:03:bf:fb:11:d0:a9:66:80:
                    71:89:f0:10:db:3e:69:7a:6c:65:82:a4:18:20:18:
                    4c:f1:01:31:ca:9d:c8:4a:b3:1c:3a:0b:bf:75:fb:
                    ec:20:83:9e:b2:54:34:d1:3b:7d:4f:9f:52:11:98:
                    37:d6:e3:80:25:5d:5b:4e:0a:c9:d1:a9:64:fb:7c:
                    d4:da:21:56:fb:20:a6:be:1a:18:5a:6b:25:98:6e:
                    d7:19:0a:d5:4f:ac:2c:7d:60:ea:ed:32:43:ec:d0:
                    3f:3d:96:85:1c:d7:dc:18:20:2c:ca:66:20:88:37:
                    be:c7:ae:9c:b4:fd:ec:4c:cf:a0:ba:ac:91:3b:b4:
                    c6:fe:a8:5a:cc:9c:dd:65:58:60:db:d4:1f:8b:a3:
                    e3:09:a9:be:d4:e6:0e:b9:09:90:55:0b:43:60:37:
                    52:bf:75:c2:3c:f0:1b:f7:68:39:bd:65:08:10:69:
                    84:cd:25:3c:67:83:0a:0a:b7:e5:47:b9:df:6a:70:
                    61:56:5a:f3:0b:dc:e1:26:43:fd:22:ea:c3:9b:a6:
                    5e:f6:cf:a9:cd:75:48:98:da:0c:6a:de:cd:9a:2e:
                    d8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:7F:0D:FA:3C:B3:AD:F2:34:A1:29:28:F4:67:6C:18:87:FF:22:5D
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/nX8N-jyzrfI0oSko9GdsGIf_Il0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:51:6f:61:ed:07:80:7f:77:f0:67:9d:36:59:f2:d4:83:1b:
         6c:5a:a4:d1:ac:4e:53:5a:d1:e1:29:34:18:4e:a7:93:db:45:
         97:53:1c:25:f1:47:31:7b:6c:1d:8f:9b:b9:da:f3:b9:ec:3f:
         db:60:52:f1:8d:8b:99:9a:40:61:cd:37:e3:e8:ee:41:f1:b3:
         89:1a:2e:ed:f5:50:f9:1a:0e:54:15:c5:86:85:bb:48:69:c8:
         a0:e4:52:1a:e6:cd:02:29:06:6b:40:c7:35:eb:2f:9f:72:55:
         54:72:e0:34:ba:46:75:66:9b:4d:37:83:79:34:dd:70:7e:12:
         ab:1d:ea:c1:df:72:2b:e2:c9:58:7c:5a:db:c7:c5:b6:2f:62:
         dc:09:70:12:7d:f1:a4:0a:4b:61:40:e8:2d:69:eb:02:d6:2b:
         9b:20:15:e8:d4:f7:18:da:13:08:cb:91:82:08:31:c6:a0:38:
         05:44:eb:f8:26:dc:7a:2b:5e:2e:ef:2e:53:38:92:4f:ac:b8:
         76:66:eb:56:e6:c9:aa:0f:21:41:07:58:2e:55:79:44:ba:1c:
         85:16:cf:47:3b:ea:f5:fa:cc:10:7b:56:df:ea:d2:2c:78:ee:
         6a:7a:22:e7:80:7e:a7:ce:0c:0b:59:bc:45:43:f5:b3:e1:e5:
         f7:33:8b:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ezq9Af10DeQfND+PizxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjYwMTAyMDAxOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDdmMGRmYTNjYjNhZGYyMzRhMTI5MjhmNDY3NmMxODg3ZmYyMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRVZcHKC6rVTdI9th9IlZBGqddlO
p4iPTQ/XmQv99VzbC2A0A7/7EdCpZoBxifAQ2z5pemxlgqQYIBhM8QExyp3ISrMc
Ogu/dfvsIIOeslQ00Tt9T59SEZg31uOAJV1bTgrJ0alk+3zU2iFW+yCmvhoYWmsl
mG7XGQrVT6wsfWDq7TJD7NA/PZaFHNfcGCAsymYgiDe+x66ctP3sTM+guqyRO7TG
/qhazJzdZVhg29Qfi6PjCam+1OYOuQmQVQtDYDdSv3XCPPAb92g5vWUIEGmEzSU8
Z4MKCrflR7nfanBhVlrzC9zhJkP9IurDm6Ze9s+pzXVImNoMat7Nmi7YlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1/Dfo8s63yNKEpKPRnbBiH/yJdMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvblg4Ti1qeXpyZkkwb1NrbzlHZHNHSWZfSWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU5MMA0G
CSqGSIb3DQEBCwUAA4IBAQA6UW9h7QeAf3fwZ502WfLUgxtsWqTRrE5TWtHhKTQY
TqeT20WXUxwl8Ucxe2wdj5u52vO57D/bYFLxjYuZmkBhzTfj6O5B8bOJGi7t9VD5
Gg5UFcWGhbtIacig5FIa5s0CKQZrQMc16y+fclVUcuA0ukZ1ZptNN4N5NN1wfhKr
HerB33Ir4slYfFrbx8W2L2LcCXASffGkCkthQOgtaesC1iubIBXo1PcY2hMIy5GC
CDHGoDgFROv4Jtx6K14u7y5TOJJPrLh2ZutW5smqDyFBB1guVXlEuhyFFs9HO+r1
+swQe1bf6tIseO5qeiLngH6nzgwLWbxFQ/Wz4eX3M4tB
-----END CERTIFICATE-----