This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/XHzhckAnu87gDfunEM3sM2fHJc4.roa
File:                     XHzhckAnu87gDfunEM3sM2fHJc4.roa (raw, json)
Hash identifier:          J4SR1s2pClNQQ3/S6LW+95K5vqFvopp0j499gt2QsWY=
Subject key identifier:   5C:7C:E1:72:40:27:BB:CE:E0:0D:FB:A7:10:CD:EC:33:67:C7:25:CE
Certificate issuer:       /CN=68f43b5bbcc4962806ea9322ec292e9b66ddccc5
Certificate serial:       019B7C8008F183EA2D01B25E0D3F7D21B4B6
Authority key identifier: 68:F4:3B:5B:BC:C4:96:28:06:EA:93:22:EC:29:2E:9B:66:DD:CC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aPQ7W7zEligG6pMi7Ckum2bdzMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/XHzhckAnu87gDfunEM3sM2fHJc4.roa
Signing time:             Fri 02 Jan 2026 02:18:44 +0000
ROA not before:           Fri 02 Jan 2026 02:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        104.204.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/aPQ7W7zEligG6pMi7Ckum2bdzMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/aPQ7W7zEligG6pMi7Ckum2bdzMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aPQ7W7zEligG6pMi7Ckum2bdzMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:08:f1:83:ea:2d:01:b2:5e:0d:3f:7d:21:b4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68f43b5bbcc4962806ea9322ec292e9b66ddccc5
        Validity
            Not Before: Jan  2 02:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c7ce1724027bbcee00dfba710cdec3367c725ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d2:c4:7a:23:92:99:01:20:19:7a:f9:9d:39:
                    1c:22:c0:77:a5:ad:3b:4c:a6:5a:07:83:aa:60:e0:
                    1c:4b:7f:cb:05:f1:e6:d2:8f:c0:02:29:7e:06:97:
                    e4:73:3c:45:3f:fc:e9:13:a4:14:4f:6d:af:92:f0:
                    fb:c4:dc:74:33:90:5e:24:87:4e:11:af:83:11:cc:
                    8c:be:db:07:af:e0:cf:c9:1d:73:75:4b:98:c2:24:
                    4f:e6:fe:25:ca:f2:9d:1b:f4:0e:7d:38:f9:12:e5:
                    7f:40:27:6e:be:7e:5b:8b:56:f2:d7:4e:a7:9a:a1:
                    45:16:c2:31:b5:e9:5f:59:a3:fe:49:9f:b1:74:b4:
                    b0:4b:73:45:ce:7a:92:d5:b6:36:f4:a4:ee:8d:60:
                    ef:41:20:d1:13:96:84:30:a5:44:09:4d:3e:df:bb:
                    17:43:b7:2d:1f:9d:ed:76:57:6e:b7:7b:8d:a5:fc:
                    a5:92:bb:5f:c0:c5:78:93:2e:17:f5:5a:e6:ed:ab:
                    b3:4d:c2:10:dd:7e:fc:f1:84:ba:09:9c:11:83:8a:
                    d0:96:d5:9b:7b:ba:3f:cb:cf:50:d1:9d:37:64:2a:
                    20:61:49:54:86:c3:77:77:d4:02:35:f9:1c:77:3e:
                    41:20:fd:26:94:0c:05:fa:4d:d4:1e:9d:81:b1:c8:
                    4f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7C:E1:72:40:27:BB:CE:E0:0D:FB:A7:10:CD:EC:33:67:C7:25:CE
            X509v3 Authority Key Identifier:
                keyid:68:F4:3B:5B:BC:C4:96:28:06:EA:93:22:EC:29:2E:9B:66:DD:CC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aPQ7W7zEligG6pMi7Ckum2bdzMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/XHzhckAnu87gDfunEM3sM2fHJc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/046ffe-05eb-4c8c-8545-02483e6482cb/1/aPQ7W7zEligG6pMi7Ckum2bdzMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.204.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:59:57:eb:56:fa:9e:34:04:6c:b1:21:43:a2:96:54:c9:76:
         6e:93:ec:9f:ac:1e:71:ee:98:14:4c:3c:fd:3a:54:bd:20:aa:
         a1:1a:4a:c4:4c:2a:ad:fb:b6:89:a0:dc:8e:e7:13:7e:80:7d:
         30:1a:bc:5f:de:16:10:db:73:a7:6b:b1:3e:68:1e:01:d0:2f:
         2e:83:f8:01:00:d7:b6:ff:a9:a5:5a:a7:74:20:c2:cb:65:b5:
         76:ec:92:d2:98:99:ef:2e:2d:1f:c8:76:65:a3:93:9f:72:e0:
         0d:ee:a6:66:9b:79:2e:c7:21:72:78:c6:e5:69:f9:c5:52:a6:
         9e:74:a7:a0:0a:c9:ba:d0:dc:22:4b:8b:43:99:60:54:8e:ed:
         76:67:22:87:71:bc:b4:c9:6f:48:30:0b:34:fb:ba:8a:58:a7:
         65:a2:96:70:3c:e7:6b:e7:b1:30:94:c0:a5:d3:d2:bf:96:3e:
         13:7e:7a:45:d2:03:48:af:b0:5d:f7:03:59:c2:66:61:8c:9b:
         34:75:5b:ff:bd:4b:d3:27:79:67:08:05:33:c6:cb:c1:ab:64:
         32:5b:5f:a5:e4:f6:bd:cb:ad:87:b1:0d:b8:43:13:23:ec:bc:
         ee:0e:5c:29:48:4b:37:12:41:fc:08:ac:04:e7:26:e5:2a:d6:
         8b:b9:c5:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gAjxg+otAbJeDT99IbS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZjQzYjViYmNjNDk2MjgwNmVhOTMyMmVjMjkyZTliNjZk
ZGNjYzUwHhcNMjYwMTAyMDIxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzdjZTE3MjQwMjdiYmNlZTAwZGZiYTcxMGNkZWMzMzY3YzcyNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9LEeiOSmQEgGXr5nTkcIsB3pa07
TKZaB4OqYOAcS3/LBfHm0o/AAil+BpfkczxFP/zpE6QUT22vkvD7xNx0M5BeJIdO
Ea+DEcyMvtsHr+DPyR1zdUuYwiRP5v4lyvKdG/QOfTj5EuV/QCduvn5bi1by106n
mqFFFsIxtelfWaP+SZ+xdLSwS3NFznqS1bY29KTujWDvQSDRE5aEMKVECU0+37sX
Q7ctH53tdldut3uNpfylkrtfwMV4ky4X9Vrm7auzTcIQ3X788YS6CZwRg4rQltWb
e7o/y89Q0Z03ZCogYUlUhsN3d9QCNfkcdz5BIP0mlAwF+k3UHp2BschPYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx84XJAJ7vO4A37pxDN7DNnxyXOMB8GA1UdIwQY
MBaAFGj0O1u8xJYoBuqTIuwpLptm3czFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVBRN1c3ekVsaWdHNnBNaTdDa3VtMmJkek1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8wNDZmZmUtMDVlYi00YzhjLTg1NDUt
MDI0ODNlNjQ4MmNiLzEvWEh6aGNrQW51ODdnRGZ1bkVNM3NNMmZISmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8wNDZmZmUtMDVlYi00YzhjLTg1NDUtMDI0ODNlNjQ4MmNi
LzEvYVBRN1c3ekVsaWdHNnBNaTdDa3VtMmJkek1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaMz2MA0G
CSqGSIb3DQEBCwUAA4IBAQCWWVfrVvqeNARssSFDopZUyXZuk+yfrB5x7pgUTDz9
OlS9IKqhGkrETCqt+7aJoNyO5xN+gH0wGrxf3hYQ23Ona7E+aB4B0C8ug/gBANe2
/6mlWqd0IMLLZbV27JLSmJnvLi0fyHZlo5OfcuAN7qZmm3kuxyFyeMblafnFUqae
dKegCsm60NwiS4tDmWBUju12ZyKHcby0yW9IMAs0+7qKWKdlopZwPOdr57EwlMCl
09K/lj4TfnpF0gNIr7Bd9wNZwmZhjJs0dVv/vUvTJ3lnCAUzxsvBq2QyW1+l5Pa9
y62HsQ24QxMj7LzuDlwpSEs3EkH8CKwE5yblKtaLucXp
-----END CERTIFICATE-----