This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/q1bz7lipoEEvzR36Y8eq26tIMF0.roa
File:                     q1bz7lipoEEvzR36Y8eq26tIMF0.roa (raw, json)
Hash identifier:          FPqu+aTHRlxWMSNZDCq3DHl+OclP1ZhNEHEfxgak6Pg=
Subject key identifier:   AB:56:F3:EE:58:A9:A0:41:2F:CD:1D:FA:63:C7:AA:DB:AB:48:30:5D
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019B7F15CF2BB6040B43CD7197D329E9D258
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/q1bz7lipoEEvzR36Y8eq26tIMF0.roa
Signing time:             Fri 02 Jan 2026 14:21:34 +0000
ROA not before:           Fri 02 Jan 2026 14:21:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215238
IP address blocks:        78.40.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 11:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:cf:2b:b6:04:0b:43:cd:71:97:d3:29:e9:d2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  2 14:21:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab56f3ee58a9a0412fcd1dfa63c7aadbab48305d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:da:5c:0d:2f:f2:65:ea:c5:9b:d7:eb:dd:ea:
                    29:99:28:69:94:05:f9:cc:dd:70:28:fd:74:95:b9:
                    9f:70:63:97:82:5d:fb:ed:87:2b:53:f4:91:e3:61:
                    d5:8c:57:64:f1:32:db:72:c2:3b:da:67:51:cb:dd:
                    1a:b4:a2:df:45:b7:e2:9e:73:69:d9:09:17:4f:13:
                    58:88:75:2e:cc:f7:da:49:f1:08:40:50:f6:22:ce:
                    65:4a:1e:72:9f:b1:2d:e4:b1:3f:e2:dc:8d:b2:8e:
                    05:33:f6:13:24:16:70:cf:7b:b9:c0:ff:0d:82:85:
                    5b:8d:0d:ef:be:b9:07:03:b2:9a:a3:c7:bf:e2:cf:
                    90:f8:51:fb:de:08:34:37:e6:a9:06:f4:77:24:51:
                    14:df:fd:9b:56:23:95:5b:2c:f1:c1:72:a8:6e:0e:
                    a6:22:16:75:f0:00:70:46:62:af:1a:81:ac:8c:7e:
                    e6:67:1e:9b:3b:78:84:ab:14:61:eb:5e:d2:14:ac:
                    20:0e:ba:0d:df:41:35:a7:75:2d:66:67:f0:2a:55:
                    38:94:36:8e:99:54:92:eb:73:0f:ea:76:aa:19:65:
                    1d:33:c8:29:fc:be:52:ba:98:cd:43:a8:26:16:a0:
                    41:f0:94:ba:58:ae:a4:ff:5e:c1:e2:3d:97:36:23:
                    9e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:56:F3:EE:58:A9:A0:41:2F:CD:1D:FA:63:C7:AA:DB:AB:48:30:5D
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/q1bz7lipoEEvzR36Y8eq26tIMF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:e1:e3:78:07:fc:db:1b:86:75:4a:09:7c:b2:6d:b7:16:7a:
         a7:02:74:0f:9b:44:82:46:ef:68:2d:8a:5e:97:3f:78:4b:e1:
         09:6e:b7:72:0c:ce:d6:58:3a:59:da:36:e6:a8:c6:97:e9:2c:
         b3:b5:e4:16:15:07:dc:30:9d:32:aa:69:7a:00:fb:76:6e:8a:
         7b:f2:4a:b6:ac:34:83:92:96:b3:e6:ff:85:3c:8c:ca:aa:b1:
         ae:ab:61:57:33:c9:38:d8:1d:f7:fe:75:62:05:66:38:d2:f3:
         7e:e0:2d:e8:d0:c1:90:22:9a:65:45:60:5d:2b:db:01:ad:41:
         fc:75:76:ac:41:f4:0a:bf:0d:11:af:78:bc:0a:e2:88:b1:f5:
         ab:08:71:d3:d0:79:89:af:5c:dc:f6:72:15:4b:c0:ef:11:b3:
         10:2f:e0:6e:bb:8a:d5:d3:b2:77:3f:ec:c2:00:00:5b:ed:d0:
         7d:52:98:c2:3d:17:9d:b7:52:80:80:5d:6b:95:d6:76:27:b9:
         07:42:49:58:3b:8f:c9:e5:37:6a:93:5b:fa:ee:6d:92:0a:c7:
         bc:af:10:ab:2a:5f:18:2c:06:43:3c:ec:25:4d:9d:23:c2:f2:
         f9:73:06:1a:d7:af:89:fc:11:32:e5:d4:32:60:80:fd:fe:c8:
         ad:99:af:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Fc8rtgQLQ81xl9Mp6dJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwMTAyMTQyMTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjU2ZjNlZTU4YTlhMDQxMmZjZDFkZmE2M2M3YWFkYmFiNDgzMDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltpcDS/yZerFm9fr3eopmShplAX5
zN1wKP10lbmfcGOXgl377YcrU/SR42HVjFdk8TLbcsI72mdRy90atKLfRbfinnNp
2QkXTxNYiHUuzPfaSfEIQFD2Is5lSh5yn7Et5LE/4tyNso4FM/YTJBZwz3u5wP8N
goVbjQ3vvrkHA7Kao8e/4s+Q+FH73gg0N+apBvR3JFEU3/2bViOVWyzxwXKobg6m
IhZ18ABwRmKvGoGsjH7mZx6bO3iEqxRh617SFKwgDroN30E1p3UtZmfwKlU4lDaO
mVSS63MP6naqGWUdM8gp/L5SupjNQ6gmFqBB8JS6WK6k/17B4j2XNiOeTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtW8+5YqaBBL80d+mPHqturSDBdMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvcTFiejdsaXBvRUV2elIzNlk4ZXEyNnRJTUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATijQMA0G
CSqGSIb3DQEBCwUAA4IBAQAO4eN4B/zbG4Z1Sgl8sm23FnqnAnQPm0SCRu9oLYpe
lz94S+EJbrdyDM7WWDpZ2jbmqMaX6SyzteQWFQfcMJ0yqml6APt2bop78kq2rDSD
kpaz5v+FPIzKqrGuq2FXM8k42B33/nViBWY40vN+4C3o0MGQIpplRWBdK9sBrUH8
dXasQfQKvw0Rr3i8CuKIsfWrCHHT0HmJr1zc9nIVS8DvEbMQL+Buu4rV07J3P+zC
AABb7dB9UpjCPRedt1KAgF1rldZ2J7kHQklYO4/J5Tdqk1v67m2SCse8rxCrKl8Y
LAZDPOwlTZ0jwvL5cwYa16+J/BEy5dQyYID9/sitma+w
-----END CERTIFICATE-----