This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/1a24f6-c5a0-40bf-abb6-8da5373a6a6d/1/wsRYfWg6DsSzH9Q3tVso7U8el9Q.roa
File:                     wsRYfWg6DsSzH9Q3tVso7U8el9Q.roa (raw, json)
Hash identifier:          Xq2nLBLB6mAPwQgJf30OZP4onb0gGELFmiDalFNQA4U=
Subject key identifier:   C2:C4:58:7D:68:3A:0E:C4:B3:1F:D4:37:B5:5B:28:ED:4F:1E:97:D4
Certificate issuer:       /CN=0331b87e91ea271046d31995e7a6c038bf1b147c
Certificate serial:       019B7DC944CFA977416372D6FE62597B92FB
Authority key identifier: 03:31:B8:7E:91:EA:27:10:46:D3:19:95:E7:A6:C0:38:BF:1B:14:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AzG4fpHqJxBG0xmV56bAOL8bFHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/1a24f6-c5a0-40bf-abb6-8da5373a6a6d/1/wsRYfWg6DsSzH9Q3tVso7U8el9Q.roa
Signing time:             Fri 02 Jan 2026 08:18:20 +0000
ROA not before:           Fri 02 Jan 2026 08:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        109.234.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/1a24f6-c5a0-40bf-abb6-8da5373a6a6d/1/AzG4fpHqJxBG0xmV56bAOL8bFHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/1a24f6-c5a0-40bf-abb6-8da5373a6a6d/1/AzG4fpHqJxBG0xmV56bAOL8bFHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AzG4fpHqJxBG0xmV56bAOL8bFHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:44:cf:a9:77:41:63:72:d6:fe:62:59:7b:92:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0331b87e91ea271046d31995e7a6c038bf1b147c
        Validity
            Not Before: Jan  2 08:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2c4587d683a0ec4b31fd437b55b28ed4f1e97d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:41:6f:f3:f7:2c:d4:26:66:e5:b9:66:64:ac:
                    a3:30:e8:a1:54:66:76:2f:12:92:2c:70:6b:c2:c2:
                    ac:f8:31:f2:4e:eb:87:96:07:de:aa:dd:cc:76:67:
                    40:6c:d3:ca:33:e8:75:53:13:de:16:31:ea:96:f7:
                    01:56:c2:06:38:f2:01:14:9b:d8:f1:96:9b:11:f5:
                    fc:35:91:94:a0:b1:7f:67:d9:81:50:80:32:b1:73:
                    20:9e:ae:75:4a:04:4c:66:b7:f8:38:14:8b:b8:96:
                    3c:ac:4d:1d:30:a9:d8:1b:60:7c:5a:9b:ec:48:7c:
                    64:42:b7:98:66:15:03:6d:ce:d3:8b:ce:6c:49:72:
                    1a:e3:b9:b7:38:db:6e:24:d3:67:69:ba:19:48:0b:
                    ea:bd:d1:03:35:a3:8b:c8:85:72:e5:3a:c6:fc:fd:
                    ac:4e:fb:0d:0e:25:3b:6d:12:4a:c3:48:c8:c0:3b:
                    d4:a4:67:39:da:54:62:f4:0d:1d:ea:e2:74:7a:91:
                    69:66:2b:71:df:9e:82:6f:c4:33:12:cb:01:1a:28:
                    78:7e:8d:bc:cf:90:10:90:82:aa:79:89:63:6d:8e:
                    aa:52:22:5f:02:79:64:e6:4b:47:32:02:6f:6c:00:
                    ed:62:d9:31:8c:18:41:a6:c2:05:f3:5b:d6:f3:5c:
                    f0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C4:58:7D:68:3A:0E:C4:B3:1F:D4:37:B5:5B:28:ED:4F:1E:97:D4
            X509v3 Authority Key Identifier:
                keyid:03:31:B8:7E:91:EA:27:10:46:D3:19:95:E7:A6:C0:38:BF:1B:14:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AzG4fpHqJxBG0xmV56bAOL8bFHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/1a24f6-c5a0-40bf-abb6-8da5373a6a6d/1/wsRYfWg6DsSzH9Q3tVso7U8el9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/1a24f6-c5a0-40bf-abb6-8da5373a6a6d/1/AzG4fpHqJxBG0xmV56bAOL8bFHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:c9:17:4e:75:f5:9d:ef:bc:9c:76:fe:d5:37:c0:99:7c:ec:
         f0:9f:3c:f1:70:6c:a5:4c:85:2a:91:b0:0e:db:d6:b2:f7:95:
         c7:84:10:d5:8d:05:9f:c6:23:08:fd:a6:02:91:e7:f0:28:c3:
         e7:f0:08:a0:a9:7e:c9:c4:b6:3e:46:c8:83:bf:1d:15:e8:b6:
         5f:7e:43:c8:55:f3:f3:71:06:3d:21:65:18:7f:c5:31:5d:de:
         e6:f2:56:2d:86:a8:ed:4d:67:79:26:a7:19:d5:e7:b3:c0:fc:
         ee:a7:96:2f:16:0f:93:b7:44:eb:13:29:40:b9:50:03:ad:ed:
         a0:b6:62:28:8c:96:37:31:53:1d:b0:52:3b:13:31:98:4e:a0:
         89:1f:72:9c:df:a5:43:3c:b6:99:1e:4c:35:84:77:d2:ff:15:
         c0:9b:1f:be:e4:b2:bb:fc:09:48:d2:ec:44:fd:6e:1d:7f:27:
         8c:02:71:9d:76:d2:ea:f3:c4:49:8d:fc:0e:ea:ba:1d:2f:3d:
         84:b0:a8:85:af:07:b3:c4:94:73:b9:ec:cf:53:64:85:84:33:
         c3:4d:fb:c8:09:3d:3f:2e:6a:e9:a1:13:88:29:14:5e:ae:16:
         14:3b:18:45:4e:79:01:4b:fe:5c:2c:ca:d2:de:a5:9a:05:70:
         f9:58:2c:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yUTPqXdBY3LW/mJZe5L7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMzFiODdlOTFlYTI3MTA0NmQzMTk5NWU3YTZjMDM4YmYx
YjE0N2MwHhcNMjYwMTAyMDgxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmM0NTg3ZDY4M2EwZWM0YjMxZmQ0MzdiNTViMjhlZDRmMWU5N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0Fv8/cs1CZm5blmZKyjMOihVGZ2
LxKSLHBrwsKs+DHyTuuHlgfeqt3MdmdAbNPKM+h1UxPeFjHqlvcBVsIGOPIBFJvY
8ZabEfX8NZGUoLF/Z9mBUIAysXMgnq51SgRMZrf4OBSLuJY8rE0dMKnYG2B8Wpvs
SHxkQreYZhUDbc7Ti85sSXIa47m3ONtuJNNnaboZSAvqvdEDNaOLyIVy5TrG/P2s
TvsNDiU7bRJKw0jIwDvUpGc52lRi9A0d6uJ0epFpZitx356Cb8QzEssBGih4fo28
z5AQkIKqeYljbY6qUiJfAnlk5ktHMgJvbADtYtkxjBhBpsIF81vW81zwiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLEWH1oOg7Esx/UN7VbKO1PHpfUMB8GA1UdIwQY
MBaAFAMxuH6R6icQRtMZleemwDi/GxR8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXpHNGZwSHFKeEJHMHhtVjU2YkFPTDhiRkh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8xYTI0ZjYtYzVhMC00MGJmLWFiYjYt
OGRhNTM3M2E2YTZkLzEvd3NSWWZXZzZEc1N6SDlRM3RWc283VThlbDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8xYTI0ZjYtYzVhMC00MGJmLWFiYjYtOGRhNTM3M2E2YTZk
LzEvQXpHNGZwSHFKeEJHMHhtVjU2YkFPTDhiRkh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbepIMA0G
CSqGSIb3DQEBCwUAA4IBAQClyRdOdfWd77ycdv7VN8CZfOzwnzzxcGylTIUqkbAO
29ay95XHhBDVjQWfxiMI/aYCkefwKMPn8AigqX7JxLY+RsiDvx0V6LZffkPIVfPz
cQY9IWUYf8UxXd7m8lYthqjtTWd5JqcZ1eezwPzup5YvFg+Tt0TrEylAuVADre2g
tmIojJY3MVMdsFI7EzGYTqCJH3Kc36VDPLaZHkw1hHfS/xXAmx++5LK7/AlI0uxE
/W4dfyeMAnGddtLq88RJjfwO6rodLz2EsKiFrwezxJRzuezPU2SFhDPDTfvICT0/
LmrpoROIKRRerhYUOxhFTnkBS/5cLMrS3qWaBXD5WCwK
-----END CERTIFICATE-----