This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Ro9U9BJ6f0_Ri9pStBmjPzC3PAI.roa
File:                     Ro9U9BJ6f0_Ri9pStBmjPzC3PAI.roa (raw, json)
Hash identifier:          OME7cIqz4TyEQ9tHIazsSceKPyDQCFfwvggAogmMI2I=
Subject key identifier:   46:8F:54:F4:12:7A:7F:4F:D1:8B:DA:52:B4:19:A3:3F:30:B7:3C:02
Certificate issuer:       /CN=2dfef2b839ad07786833b1bedca8b0b19203e111
Certificate serial:       019B7E39258D8DDF02A9A1262B35E4C17FAB
Authority key identifier: 2D:FE:F2:B8:39:AD:07:78:68:33:B1:BE:DC:A8:B0:B1:92:03:E1:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Ro9U9BJ6f0_Ri9pStBmjPzC3PAI.roa
Signing time:             Fri 02 Jan 2026 10:20:32 +0000
ROA not before:           Fri 02 Jan 2026 10:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        109.234.220.0/24 maxlen: 24
                          109.234.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:09:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:25:8d:8d:df:02:a9:a1:26:2b:35:e4:c1:7f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dfef2b839ad07786833b1bedca8b0b19203e111
        Validity
            Not Before: Jan  2 10:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=468f54f4127a7f4fd18bda52b419a33f30b73c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:49:ef:11:01:a2:12:b1:70:e1:5e:ce:31:c9:
                    1a:49:60:bd:9b:f4:67:64:18:45:fc:38:82:72:69:
                    e9:a9:e4:02:a6:d0:03:cf:a0:50:1a:76:0c:27:c8:
                    ac:23:92:e2:3d:e9:61:7a:66:22:0b:7c:aa:00:ad:
                    9e:b7:7f:f1:02:f9:6d:ec:ea:7c:4b:12:a4:09:e9:
                    37:07:f6:13:e8:ed:a4:bd:f5:a4:56:76:43:7e:d2:
                    eb:ff:aa:44:30:28:21:8d:ec:ec:cc:41:b1:19:3b:
                    a4:e4:0f:ea:be:d0:f5:79:a4:62:2c:ca:04:43:94:
                    86:c5:ff:94:73:1e:d4:39:2d:51:b0:06:83:99:5c:
                    88:ed:41:d6:07:0e:68:48:02:41:00:e1:76:06:e0:
                    0d:7b:1d:f2:8c:9a:cd:39:7c:a2:e4:9c:2d:28:01:
                    33:78:61:e1:84:87:e5:52:33:4f:c4:52:6d:19:46:
                    40:7d:b2:69:c2:50:26:b3:da:ff:6a:fd:d2:40:91:
                    7c:65:6b:3c:14:d4:9b:1a:c6:0e:b3:82:2b:9d:f0:
                    36:52:a3:83:a2:56:83:1d:18:df:88:1f:78:c6:f9:
                    95:30:89:06:dd:c3:f1:9f:44:cc:f4:1a:fb:c0:72:
                    3f:e2:8f:f6:e5:5e:ff:7f:a4:5b:ff:d2:b2:dd:08:
                    6e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8F:54:F4:12:7A:7F:4F:D1:8B:DA:52:B4:19:A3:3F:30:B7:3C:02
            X509v3 Authority Key Identifier:
                keyid:2D:FE:F2:B8:39:AD:07:78:68:33:B1:BE:DC:A8:B0:B1:92:03:E1:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Ro9U9BJ6f0_Ri9pStBmjPzC3PAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:6e:47:94:f9:84:05:86:6c:96:70:40:34:cc:22:ad:a4:b5:
         ea:c6:55:95:a9:3c:bd:9b:49:f9:9f:d0:d2:c6:58:69:80:b2:
         44:38:9c:af:d0:e0:59:4a:18:9b:35:f1:14:af:63:99:89:eb:
         00:60:42:30:a6:02:7e:8e:99:7d:d7:91:23:aa:93:68:49:b1:
         aa:9f:0b:04:6e:51:2a:3e:1b:f9:c8:a9:d5:7d:bf:2e:5d:18:
         a6:b0:83:61:b3:e6:5f:57:3a:91:49:4d:b2:ab:1d:48:ae:38:
         5b:40:9a:29:6f:ad:3a:39:fd:a9:c2:cb:3c:89:bb:fd:40:de:
         36:81:cd:00:e5:65:c3:8f:fb:35:a9:75:84:16:ba:81:b2:05:
         e8:58:47:26:09:65:97:a4:9d:f3:e0:61:e0:aa:f4:86:a8:7f:
         f1:81:8f:6d:ca:58:a3:05:c2:42:f0:6b:f0:50:c3:a1:94:87:
         db:a6:76:d1:6a:43:8b:c1:bb:20:df:84:06:91:93:e7:b4:2c:
         d5:8d:5b:7d:00:04:1f:e7:80:76:08:43:d0:d5:50:af:95:38:
         77:a7:70:c1:0d:ae:91:4c:f4:bd:95:ed:2c:f2:68:6c:01:5a:
         39:be:b7:f3:21:c8:9a:2c:b9:59:33:36:a1:ca:60:37:21:29:
         4c:fc:70:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OSWNjd8CqaEmKzXkwX+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZmVmMmI4MzlhZDA3Nzg2ODMzYjFiZWRjYThiMGIxOTIw
M2UxMTEwHhcNMjYwMTAyMTAyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhmNTRmNDEyN2E3ZjRmZDE4YmRhNTJiNDE5YTMzZjMwYjczYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtknvEQGiErFw4V7OMckaSWC9m/Rn
ZBhF/DiCcmnpqeQCptADz6BQGnYMJ8isI5LiPelhemYiC3yqAK2et3/xAvlt7Op8
SxKkCek3B/YT6O2kvfWkVnZDftLr/6pEMCghjezszEGxGTuk5A/qvtD1eaRiLMoE
Q5SGxf+Ucx7UOS1RsAaDmVyI7UHWBw5oSAJBAOF2BuANex3yjJrNOXyi5JwtKAEz
eGHhhIflUjNPxFJtGUZAfbJpwlAms9r/av3SQJF8ZWs8FNSbGsYOs4IrnfA2UqOD
olaDHRjfiB94xvmVMIkG3cPxn0TM9Br7wHI/4o/25V7/f6Rb/9Ky3Qhu7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaPVPQSen9P0YvaUrQZoz8wtzwCMB8GA1UdIwQY
MBaAFC3+8rg5rQd4aDOxvtyosLGSA+ERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGY3eXVEbXRCM2hvTTdHLTNLaXdzWklENFJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8wMzU3ZTgtM2VhMC00OTY4LTllZjkt
N2Q3MDUxOWI3NmRhLzEvUm85VTlCSjZmMF9SaTlwU3RCbWpQekMzUEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8wMzU3ZTgtM2VhMC00OTY4LTllZjktN2Q3MDUxOWI3NmRh
LzEvTGY3eXVEbXRCM2hvTTdHLTNLaXdzWklENFJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbercMA0G
CSqGSIb3DQEBCwUAA4IBAQC8bkeU+YQFhmyWcEA0zCKtpLXqxlWVqTy9m0n5n9DS
xlhpgLJEOJyv0OBZShibNfEUr2OZiesAYEIwpgJ+jpl915EjqpNoSbGqnwsEblEq
Phv5yKnVfb8uXRimsINhs+ZfVzqRSU2yqx1IrjhbQJopb606Of2pwss8ibv9QN42
gc0A5WXDj/s1qXWEFrqBsgXoWEcmCWWXpJ3z4GHgqvSGqH/xgY9tylijBcJC8Gvw
UMOhlIfbpnbRakOLwbsg34QGkZPntCzVjVt9AAQf54B2CEPQ1VCvlTh3p3DBDa6R
TPS9le0s8mhsAVo5vrfzIciaLLlZMzahymA3ISlM/HDm
-----END CERTIFICATE-----