This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xh7RSUwiBVANXtMMIBZXlrsg2mQ.roa
File:                     xh7RSUwiBVANXtMMIBZXlrsg2mQ.roa (raw, json)
Hash identifier:          TMp3z2IynO2xSEsC3bAli7G13qod/n7CAd4pIOr904w=
Subject key identifier:   C6:1E:D1:49:4C:22:05:50:0D:5E:D3:0C:20:16:57:96:BB:20:DA:64
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019AB059A1D044BED32859801EEEEA52A980
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xh7RSUwiBVANXtMMIBZXlrsg2mQ.roa
Signing time:             Sun 23 Nov 2025 10:54:15 +0000
ROA not before:           Sun 23 Nov 2025 10:54:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213702
IP address blocks:        78.40.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 12:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b0:59:a1:d0:44:be:d3:28:59:80:1e:ee:ea:52:a9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Nov 23 10:54:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c61ed1494c2205500d5ed30c20165796bb20da64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d2:c0:d7:f5:50:d9:20:30:56:c1:93:a9:aa:
                    7d:7e:12:2c:8a:33:f5:ba:96:fb:e1:6e:6d:33:e4:
                    1d:da:74:2f:dd:e8:a8:a5:00:4f:56:4a:76:84:96:
                    d9:74:ec:00:f7:74:f9:5e:4b:82:20:4b:6f:33:c9:
                    ce:49:88:b6:f0:42:69:b4:61:c4:cf:65:ad:1c:9b:
                    67:de:76:29:f8:63:83:0b:44:a0:82:6d:b1:00:a1:
                    61:c2:8c:5b:48:0d:82:77:84:c7:d0:81:ab:3b:05:
                    d7:a3:3c:af:7f:a4:30:ea:c7:c1:a7:98:fb:81:a1:
                    28:b8:58:23:ff:5d:33:02:0d:47:2b:b0:8d:c9:e1:
                    60:ad:2d:dc:86:77:a6:48:aa:ff:ac:f9:64:ac:64:
                    f2:e0:b0:de:43:85:ff:4d:02:32:79:95:d7:1d:8a:
                    28:bb:9d:29:c7:1b:f0:5e:e4:c0:35:da:f8:fc:5d:
                    89:dd:55:ec:c1:1b:ea:bf:da:61:fe:63:e1:d6:9f:
                    d9:06:19:ef:c7:54:d3:cf:6a:45:86:61:d6:52:b0:
                    c6:d3:10:c3:0c:b4:bc:ac:52:d7:26:aa:db:41:a7:
                    d1:46:0f:42:00:c6:3f:c0:03:12:0c:64:46:44:7b:
                    26:26:e3:18:53:a7:e1:c1:6c:a6:a7:b0:a2:ae:7e:
                    d8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1E:D1:49:4C:22:05:50:0D:5E:D3:0C:20:16:57:96:BB:20:DA:64
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xh7RSUwiBVANXtMMIBZXlrsg2mQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:0f:c6:2f:b4:9b:bd:04:20:c0:73:a0:81:c7:bc:d0:65:c5:
         94:3d:bd:e2:5a:0e:30:23:2a:df:c6:10:e7:8c:f0:51:81:1c:
         de:aa:d1:e6:d8:1c:cf:b6:5a:e7:06:f0:c8:e1:a7:eb:93:31:
         f8:92:ca:1d:94:fd:d9:5f:12:47:c6:7a:56:9a:ff:43:64:0b:
         b2:64:77:45:14:4a:f8:b9:f1:11:99:0a:90:f5:04:b3:65:9e:
         6b:58:a0:af:02:3b:1d:06:1b:ca:18:6d:d3:28:80:5a:32:a5:
         e0:77:e4:bb:70:cc:b9:43:f1:62:9b:b2:35:73:d9:4b:12:7d:
         14:46:89:48:21:15:ef:81:ec:ae:93:fc:fe:48:c0:c0:4b:73:
         c4:f0:51:49:e4:cd:3c:a1:6c:ac:db:2f:d7:04:cd:62:09:ae:
         f8:45:c0:dc:b9:3c:46:71:36:c3:60:fb:0c:ac:8e:e9:67:c7:
         84:25:ad:61:cb:c8:81:ce:f0:b8:df:44:3c:df:7a:3a:e7:fd:
         69:86:56:a5:ea:c8:e8:b6:1e:08:aa:5e:25:8c:76:b0:5d:dd:
         36:c3:73:76:98:4c:77:cb:d0:83:43:8a:e6:2f:11:21:54:42:
         3b:7b:67:f2:29:13:f0:b2:a8:48:0e:f8:2e:aa:c1:b5:de:68:
         85:e2:eb:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqwWaHQRL7TKFmAHu7qUqmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUxMTIzMTA1NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjFlZDE0OTRjMjIwNTUwMGQ1ZWQzMGMyMDE2NTc5NmJiMjBkYTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NLA1/VQ2SAwVsGTqap9fhIsijP1
upb74W5tM+Qd2nQv3eiopQBPVkp2hJbZdOwA93T5XkuCIEtvM8nOSYi28EJptGHE
z2WtHJtn3nYp+GODC0Sggm2xAKFhwoxbSA2Cd4TH0IGrOwXXozyvf6Qw6sfBp5j7
gaEouFgj/10zAg1HK7CNyeFgrS3chnemSKr/rPlkrGTy4LDeQ4X/TQIyeZXXHYoo
u50pxxvwXuTANdr4/F2J3VXswRvqv9ph/mPh1p/ZBhnvx1TTz2pFhmHWUrDG0xDD
DLS8rFLXJqrbQafRRg9CAMY/wAMSDGRGRHsmJuMYU6fhwWymp7Cirn7Y9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYe0UlMIgVQDV7TDCAWV5a7INpkMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEveGg3UlNVd2lCVkFOWHRNTUlCWlhscnNnMm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATijRMA0G
CSqGSIb3DQEBCwUAA4IBAQAFD8YvtJu9BCDAc6CBx7zQZcWUPb3iWg4wIyrfxhDn
jPBRgRzeqtHm2BzPtlrnBvDI4afrkzH4ksodlP3ZXxJHxnpWmv9DZAuyZHdFFEr4
ufERmQqQ9QSzZZ5rWKCvAjsdBhvKGG3TKIBaMqXgd+S7cMy5Q/Fim7I1c9lLEn0U
RolIIRXvgeyuk/z+SMDAS3PE8FFJ5M08oWys2y/XBM1iCa74RcDcuTxGcTbDYPsM
rI7pZ8eEJa1hy8iBzvC430Q833o65/1phlal6sjoth4Iql4ljHawXd02w3N2mEx3
y9CDQ4rmLxEhVEI7e2fyKRPwsqhIDvguqsG13miF4utI
-----END CERTIFICATE-----