This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/WeKOa0H0czOL8IIE6VOIs9H9HXM.roa
File:                     WeKOa0H0czOL8IIE6VOIs9H9HXM.roa (raw, json)
Hash identifier:          HnR5cSodno/i5GR28495C4j2bGZUas8Sx3TSjsOhefE=
Subject key identifier:   59:E2:8E:6B:41:F4:73:33:8B:F0:82:04:E9:53:88:B3:D1:FD:1D:73
Certificate issuer:       /CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
Certificate serial:       019BCDEE356C7987D01822D4ED95E2FA78CB
Authority key identifier: FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/WeKOa0H0czOL8IIE6VOIs9H9HXM.roa
Signing time:             Sat 17 Jan 2026 21:48:19 +0000
ROA not before:           Sat 17 Jan 2026 21:48:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44559
IP address blocks:        109.197.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:cd:ee:35:6c:79:87:d0:18:22:d4:ed:95:e2:fa:78:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
        Validity
            Not Before: Jan 17 21:48:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59e28e6b41f473338bf08204e95388b3d1fd1d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2f:39:c5:ba:e3:5d:91:d6:7d:e4:28:53:08:
                    2e:34:9d:c1:46:98:af:75:18:cd:59:b5:07:16:f7:
                    6a:16:12:36:32:f5:37:4f:e7:38:c6:a3:56:38:2f:
                    87:7b:24:54:bc:aa:9e:8f:21:f3:96:ac:1e:4a:a5:
                    cb:93:29:39:97:d0:c6:2b:dc:ec:55:65:ae:53:86:
                    a1:a7:7e:ee:c5:bf:49:d4:3d:dc:24:4c:ab:1e:84:
                    83:a2:ab:3e:8a:ba:56:19:64:24:c1:0d:70:a0:00:
                    81:ed:de:76:56:cb:6c:2b:52:a6:1e:66:24:ff:a4:
                    ea:c7:f6:c8:6b:37:02:23:db:05:03:24:e0:f5:ee:
                    8d:e0:86:63:a5:7a:d5:10:55:33:b5:86:4f:a0:e0:
                    eb:0a:80:4e:bf:f3:90:e4:9c:47:0f:98:3c:e9:fc:
                    8d:93:73:f8:02:96:98:69:1c:72:42:35:c3:e8:94:
                    a2:84:3a:d7:be:2e:ed:20:c5:f5:9d:41:52:87:1a:
                    bd:e5:55:0a:e9:f3:56:3c:e0:eb:58:07:e3:e8:20:
                    77:37:8d:10:f5:2a:fa:21:f0:c4:35:0c:6c:0a:f2:
                    39:b2:1f:e9:46:a0:bd:cb:02:53:19:ce:2e:6a:97:
                    eb:52:90:25:27:39:57:01:43:e4:4b:94:f1:2f:4f:
                    cb:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E2:8E:6B:41:F4:73:33:8B:F0:82:04:E9:53:88:B3:D1:FD:1D:73
            X509v3 Authority Key Identifier:
                keyid:FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/WeKOa0H0czOL8IIE6VOIs9H9HXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:55:82:b5:31:69:7e:d0:8a:9f:37:cf:90:6b:02:18:8f:e9:
         97:7a:11:03:5c:36:9b:9f:ae:cf:9a:fa:48:73:fc:b5:c9:cf:
         8b:b2:b2:3c:8d:7f:48:6a:5c:28:8d:56:47:9a:d4:ab:10:bd:
         0b:91:a8:dc:a5:f2:98:b0:1c:fa:70:0d:63:fd:cd:6f:a7:ad:
         f2:5e:23:b2:3c:ca:6d:70:98:da:72:3e:f1:0b:e8:a6:79:2f:
         59:20:66:0c:d1:d7:ae:eb:7d:c0:ce:b6:71:2e:4c:77:53:f2:
         5e:f0:b7:ae:f1:1a:2f:26:32:3f:16:ff:7c:cb:3a:e7:1e:16:
         a3:c5:54:08:ba:44:4b:46:99:90:3c:49:e4:76:23:f7:4a:e6:
         f7:d0:5b:96:4d:7b:3e:1d:b4:94:b5:cb:ce:52:00:bf:36:22:
         16:a9:f8:f5:1d:4e:e6:ba:a1:78:1b:52:f8:d1:e6:d9:4c:13:
         cc:17:3b:69:54:eb:f4:13:b1:20:3d:24:26:78:d4:3b:7a:78:
         38:94:f3:f0:ed:14:c7:5e:0d:02:d4:6d:e3:ee:a1:75:33:0d:
         99:f5:d3:01:59:4c:03:9a:7c:30:0f:95:af:2f:4e:b7:e8:8f:
         6e:29:93:51:0f:48:00:74:7f:7f:1c:8c:bd:9c:9b:68:cb:0b:
         51:b4:5a:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvN7jVseYfQGCLU7ZXi+njLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmOGRkNWZlNDE3OWU4YmRhMjg1MzI1NjE5MTlmNmQwNzg3
N2M2M2QwHhcNMjYwMTE3MjE0ODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWUyOGU2YjQxZjQ3MzMzOGJmMDgyMDRlOTUzODhiM2QxZmQxZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC85xbrjXZHWfeQoUwguNJ3BRpiv
dRjNWbUHFvdqFhI2MvU3T+c4xqNWOC+HeyRUvKqejyHzlqweSqXLkyk5l9DGK9zs
VWWuU4ahp37uxb9J1D3cJEyrHoSDoqs+irpWGWQkwQ1woACB7d52VstsK1KmHmYk
/6Tqx/bIazcCI9sFAyTg9e6N4IZjpXrVEFUztYZPoODrCoBOv/OQ5JxHD5g86fyN
k3P4ApaYaRxyQjXD6JSihDrXvi7tIMX1nUFShxq95VUK6fNWPODrWAfj6CB3N40Q
9Sr6IfDENQxsCvI5sh/pRqC9ywJTGc4uapfrUpAlJzlXAUPkS5TxL0/LtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnijmtB9HMzi/CCBOlTiLPR/R1zMB8GA1UdIwQY
MBaAFP+N1f5Beei9ooUyVhkZ9tB4d8Y9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQt
MDZhNDA0NDM1ZTUwLzEvV2VLT2EwSDBjek9MOElJRTZWT0lzOUg5SFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQtMDZhNDA0NDM1ZTUw
LzEvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbcURMA0G
CSqGSIb3DQEBCwUAA4IBAQARVYK1MWl+0IqfN8+QawIYj+mXehEDXDabn67PmvpI
c/y1yc+LsrI8jX9IalwojVZHmtSrEL0LkajcpfKYsBz6cA1j/c1vp63yXiOyPMpt
cJjacj7xC+imeS9ZIGYM0deu633AzrZxLkx3U/Je8Leu8RovJjI/Fv98yzrnHhaj
xVQIukRLRpmQPEnkdiP3Sub30FuWTXs+HbSUtcvOUgC/NiIWqfj1HU7muqF4G1L4
0ebZTBPMFztpVOv0E7EgPSQmeNQ7eng4lPPw7RTHXg0C1G3j7qF1Mw2Z9dMBWUwD
mnwwD5WvL0636I9uKZNRD0gAdH9/HIy9nJtoywtRtFqV
-----END CERTIFICATE-----