This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/cIwuNOBQZVEAKmirlwvqGCKlAVA.roa
File:                     cIwuNOBQZVEAKmirlwvqGCKlAVA.roa (raw, json)
Hash identifier:          MTQrQYMht/gMO7+xqgltPlCnk6FhdwKMEakt6nRw8pI=
Subject key identifier:   70:8C:2E:34:E0:50:65:51:00:2A:68:AB:97:0B:EA:18:22:A5:01:50
Certificate issuer:       /CN=63c34455c0d4e4fc3ba2f1c46f08b475c8f6d980
Certificate serial:       019B797EC6364C38BD5CB0A14BAF31648A6F
Authority key identifier: 63:C3:44:55:C0:D4:E4:FC:3B:A2:F1:C4:6F:08:B4:75:C8:F6:D9:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/cIwuNOBQZVEAKmirlwvqGCKlAVA.roa
Signing time:             Thu 01 Jan 2026 12:18:29 +0000
ROA not before:           Thu 01 Jan 2026 12:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24867
IP address blocks:        78.40.152.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:c6:36:4c:38:bd:5c:b0:a1:4b:af:31:64:8a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63c34455c0d4e4fc3ba2f1c46f08b475c8f6d980
        Validity
            Not Before: Jan  1 12:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=708c2e34e0506551002a68ab970bea1822a50150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5a:d4:f8:00:f4:c7:c0:30:80:6b:f1:3f:4b:
                    0c:a5:3f:a7:20:23:f0:3e:d9:9c:47:86:68:af:f0:
                    85:7f:71:ad:ae:1e:57:55:1e:3d:93:61:21:e1:f7:
                    b3:f5:b2:55:2d:bc:33:40:25:08:c5:d2:b6:bd:93:
                    02:db:30:42:f5:ab:86:c4:5c:b5:f5:9d:4d:55:56:
                    c0:9c:2f:37:13:6f:b9:da:d5:e7:b9:12:7a:2c:d1:
                    ba:5b:90:47:62:1a:63:9a:a0:9b:bc:67:f7:d2:6b:
                    de:c4:f4:1c:19:fa:67:f9:95:a1:eb:a8:b9:22:9a:
                    8a:10:e9:ce:a0:2d:1c:f7:03:56:c6:76:52:a4:a1:
                    67:48:1d:8a:92:43:d9:22:65:0c:08:20:ca:37:1c:
                    93:90:90:d8:02:41:43:7a:28:a4:be:d2:91:e8:ca:
                    aa:2a:30:e3:53:2e:0b:9e:cb:df:ef:8c:90:9b:b1:
                    fd:dc:f9:d9:b0:c6:6e:17:15:f0:37:8f:8e:bb:a6:
                    b6:57:43:fc:86:3b:33:a6:54:68:5e:e7:91:5c:79:
                    ce:bc:f6:73:a6:4c:6c:28:c2:43:b2:ce:8a:01:81:
                    9f:be:f6:2f:9e:89:f2:f4:6c:00:e2:66:d6:1b:5e:
                    7a:fb:0f:e2:93:97:8c:15:cb:4c:36:4d:f2:a3:c2:
                    47:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8C:2E:34:E0:50:65:51:00:2A:68:AB:97:0B:EA:18:22:A5:01:50
            X509v3 Authority Key Identifier:
                keyid:63:C3:44:55:C0:D4:E4:FC:3B:A2:F1:C4:6F:08:B4:75:C8:F6:D9:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/cIwuNOBQZVEAKmirlwvqGCKlAVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         43:3a:a2:c5:a3:1d:38:fc:64:cf:4f:95:90:6a:0d:5a:fd:b0:
         a1:58:fa:6d:76:24:73:14:ed:fd:b2:00:33:69:4f:31:c0:20:
         5b:01:76:11:f5:82:b4:80:0a:21:4b:a0:db:cb:30:17:da:0a:
         f1:ef:7f:cb:b7:a1:9c:51:d2:5e:c5:a8:92:16:48:99:6e:5d:
         9f:18:15:2e:7f:27:19:0b:01:c2:65:39:16:4a:06:df:f5:27:
         0d:31:82:58:fe:9e:f8:0a:cd:b7:1e:ac:6a:3b:6f:34:db:4c:
         33:da:aa:4e:db:5b:56:14:5c:6b:f0:31:2d:18:35:e8:5b:4f:
         79:64:cd:e0:39:6b:8b:9c:9f:96:f1:32:10:05:81:f2:14:27:
         10:32:88:f9:c3:7c:67:c9:11:27:5d:18:28:93:dc:a5:95:7a:
         18:ab:d2:e4:e3:2b:b6:af:73:4f:e7:95:a7:5b:8c:98:05:76:
         ac:24:ea:39:b5:38:b4:d5:ed:32:8a:d4:1c:e6:f5:1c:90:b1:
         dc:55:78:35:d3:25:df:d3:2f:ea:25:fc:87:b3:e0:85:1d:e9:
         3e:8f:fb:65:f9:04:26:5e:46:ad:1a:dd:db:98:45:4f:3b:8d:
         15:d4:f5:2a:b5:50:77:80:93:88:be:88:ab:d1:30:35:b2:b7:
         23:11:47:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fsY2TDi9XLChS68xZIpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYzM0NDU1YzBkNGU0ZmMzYmEyZjFjNDZmMDhiNDc1Yzhm
NmQ5ODAwHhcNMjYwMTAxMTIxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDhjMmUzNGUwNTA2NTUxMDAyYTY4YWI5NzBiZWExODIyYTUwMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVrU+AD0x8AwgGvxP0sMpT+nICPw
PtmcR4Zor/CFf3Gtrh5XVR49k2Eh4fez9bJVLbwzQCUIxdK2vZMC2zBC9auGxFy1
9Z1NVVbAnC83E2+52tXnuRJ6LNG6W5BHYhpjmqCbvGf30mvexPQcGfpn+ZWh66i5
IpqKEOnOoC0c9wNWxnZSpKFnSB2KkkPZImUMCCDKNxyTkJDYAkFDeiikvtKR6Mqq
KjDjUy4Lnsvf74yQm7H93PnZsMZuFxXwN4+Ou6a2V0P8hjszplRoXueRXHnOvPZz
pkxsKMJDss6KAYGfvvYvnony9GwA4mbWG156+w/ik5eMFctMNk3yo8JHUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCMLjTgUGVRACpoq5cL6hgipQFQMB8GA1UdIwQY
MBaAFGPDRFXA1OT8O6LxxG8ItHXI9tmAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWThORVZjRFU1UHc3b3ZIRWJ3aTBkY2oyMllBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8zNTY1NmEtMDY2ZS00OWRmLWI3MDkt
N2JmY2Q3ZTk0YjllLzEvY0l3dU5PQlFaVkVBS21pcmx3dnFHQ0tsQVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8zNTY1NmEtMDY2ZS00OWRmLWI3MDktN2JmY2Q3ZTk0Yjll
LzEvWThORVZjRFU1UHc3b3ZIRWJ3aTBkY2oyMllBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTiiYMA0G
CSqGSIb3DQEBCwUAA4IBAQBDOqLFox04/GTPT5WQag1a/bChWPptdiRzFO39sgAz
aU8xwCBbAXYR9YK0gAohS6DbyzAX2grx73/Lt6GcUdJexaiSFkiZbl2fGBUufycZ
CwHCZTkWSgbf9ScNMYJY/p74Cs23HqxqO28020wz2qpO21tWFFxr8DEtGDXoW095
ZM3gOWuLnJ+W8TIQBYHyFCcQMoj5w3xnyREnXRgok9yllXoYq9Lk4yu2r3NP55Wn
W4yYBXasJOo5tTi01e0yitQc5vUckLHcVXg10yXf0y/qJfyHs+CFHek+j/tl+QQm
XkatGt3bmEVPO40V1PUqtVB3gJOIvoir0TA1srcjEUfi
-----END CERTIFICATE-----