This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/McFNnzpHzhpmoFZdbzkuosTAsvk.roa
File:                     McFNnzpHzhpmoFZdbzkuosTAsvk.roa (raw, json)
Hash identifier:          OMKMsdmX4c62QJZWxfllC0dx5TGYtcJXjJaSNIruMhg=
Subject key identifier:   31:C1:4D:9F:3A:47:CE:1A:66:A0:56:5D:6F:39:2E:A2:C4:C0:B2:F9
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019B7BA533542D1F4C3FF0C50155E3CB3992
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/McFNnzpHzhpmoFZdbzkuosTAsvk.roa
Signing time:             Thu 01 Jan 2026 22:19:42 +0000
ROA not before:           Thu 01 Jan 2026 22:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        78.108.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 00:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:33:54:2d:1f:4c:3f:f0:c5:01:55:e3:cb:39:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jan  1 22:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31c14d9f3a47ce1a66a0565d6f392ea2c4c0b2f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c6:e6:02:f0:45:49:52:a0:53:05:0c:82:32:
                    11:09:8e:4f:63:8f:30:44:49:77:50:e6:43:1f:a6:
                    c4:dc:a6:b7:3f:c5:10:bb:da:f5:05:34:36:80:ed:
                    69:52:26:5d:77:eb:80:4d:77:9b:af:30:f9:41:df:
                    a1:aa:c5:bc:22:b6:a5:37:2c:d1:70:9b:b8:01:6d:
                    0f:45:3a:08:1f:c8:f8:d9:6c:e1:b6:ae:e2:c1:9d:
                    eb:4a:37:c9:6b:15:d5:69:11:b4:ac:a2:09:94:a3:
                    56:98:2d:95:3d:f0:53:e2:81:1a:6e:be:c4:03:77:
                    10:81:ed:25:3f:b7:a5:d7:ec:6f:54:d3:c8:95:9d:
                    03:3d:5b:82:10:71:4b:56:b2:cd:9b:9b:0e:7b:35:
                    f7:f8:68:55:bd:c2:0a:f2:f2:03:8d:2a:98:dc:82:
                    68:12:5f:7d:4a:4b:d2:4c:0f:35:58:da:b9:05:bb:
                    19:6d:89:99:f5:98:29:1e:b2:48:12:d0:5f:30:0a:
                    06:28:bc:c2:6d:5d:fd:9c:3f:00:de:8b:df:3c:53:
                    a5:29:96:2d:b3:12:3b:68:da:51:fe:ad:47:9f:59:
                    af:d8:6c:c6:ae:5b:1a:0a:da:b8:c0:65:94:91:ed:
                    a5:d3:6d:6f:e2:29:fb:11:d6:86:7a:b1:2e:eb:76:
                    9f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C1:4D:9F:3A:47:CE:1A:66:A0:56:5D:6F:39:2E:A2:C4:C0:B2:F9
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/McFNnzpHzhpmoFZdbzkuosTAsvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:7d:99:03:b5:0d:13:66:a8:d9:6d:0b:83:f5:fd:e1:9a:fd:
         28:85:8d:45:4a:70:27:16:c6:58:82:9d:8e:a3:4d:42:46:b8:
         b2:63:d1:4c:f5:21:94:38:4e:7f:17:ac:dd:6c:7f:54:5f:b0:
         68:d0:de:14:fe:14:f7:f8:57:e7:42:71:87:2e:de:a7:5c:50:
         72:be:5a:52:e2:82:c5:73:0b:f0:6c:08:d8:60:13:28:94:56:
         e6:a8:06:2d:df:55:0e:f6:80:19:e8:ed:c7:5d:ac:1a:3d:7a:
         ee:5e:5d:56:b7:83:cb:e3:ce:ce:09:e7:d7:3e:6d:1a:04:57:
         c7:b7:27:e8:ed:d1:fd:b5:16:9c:31:6d:68:9a:76:ad:15:dc:
         e5:e9:5f:b0:2b:04:65:67:21:22:66:02:b3:3e:ea:33:6f:40:
         ab:9b:59:21:c4:a1:40:24:7b:c7:53:07:b3:31:ee:62:a6:69:
         f6:39:52:e4:8f:2f:3d:3a:4f:6d:76:eb:4d:ee:80:b2:df:2d:
         d2:0c:71:fa:c6:c1:46:0f:68:41:2f:ba:dc:42:f2:46:ef:5a:
         5a:b3:3d:93:f2:c3:ef:76:c6:ac:1c:93:82:7b:41:99:1d:85:
         c8:4c:2f:b4:78:d2:ff:00:78:7f:a2:74:74:f9:11:d3:8e:a9:
         06:28:06:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTNULR9MP/DFAVXjyzmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMTAxMjIxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWMxNGQ5ZjNhNDdjZTFhNjZhMDU2NWQ2ZjM5MmVhMmM0YzBiMmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcbmAvBFSVKgUwUMgjIRCY5PY48w
REl3UOZDH6bE3Ka3P8UQu9r1BTQ2gO1pUiZdd+uATXebrzD5Qd+hqsW8IralNyzR
cJu4AW0PRToIH8j42Wzhtq7iwZ3rSjfJaxXVaRG0rKIJlKNWmC2VPfBT4oEabr7E
A3cQge0lP7el1+xvVNPIlZ0DPVuCEHFLVrLNm5sOezX3+GhVvcIK8vIDjSqY3IJo
El99SkvSTA81WNq5BbsZbYmZ9ZgpHrJIEtBfMAoGKLzCbV39nD8A3ovfPFOlKZYt
sxI7aNpR/q1Hn1mv2GzGrlsaCtq4wGWUke2l021v4in7EdaGerEu63afMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHBTZ86R84aZqBWXW85LqLEwLL5MB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvTWNGTm56cEh6aHBtb0ZaZGJ6a3Vvc1RBc3ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw7MA0G
CSqGSIb3DQEBCwUAA4IBAQCyfZkDtQ0TZqjZbQuD9f3hmv0ohY1FSnAnFsZYgp2O
o01CRriyY9FM9SGUOE5/F6zdbH9UX7Bo0N4U/hT3+FfnQnGHLt6nXFByvlpS4oLF
cwvwbAjYYBMolFbmqAYt31UO9oAZ6O3HXawaPXruXl1Wt4PL487OCefXPm0aBFfH
tyfo7dH9tRacMW1omnatFdzl6V+wKwRlZyEiZgKzPuozb0Crm1khxKFAJHvHUwez
Me5ipmn2OVLkjy89Ok9tdutN7oCy3y3SDHH6xsFGD2hBL7rcQvJG71pasz2T8sPv
dsasHJOCe0GZHYXITC+0eNL/AHh/onR0+RHTjqkGKAYq
-----END CERTIFICATE-----