This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/5bipmYuZdCEM8VPSfBwU7kBfD7k.roa
File:                     5bipmYuZdCEM8VPSfBwU7kBfD7k.roa (raw, json)
Hash identifier:          rJbb8JFd8s8UnBFOgHYdzD0bHSoVDCm7hVVCJlgCa+U=
Subject key identifier:   E5:B8:A9:99:8B:99:74:21:0C:F1:53:D2:7C:1C:14:EE:40:5F:0F:B9
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019B7E38F09BECF88F30AD06BB8135FE5752
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/5bipmYuZdCEM8VPSfBwU7kBfD7k.roa
Signing time:             Fri 02 Jan 2026 10:20:19 +0000
ROA not before:           Fri 02 Jan 2026 10:20:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        109.122.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:f0:9b:ec:f8:8f:30:ad:06:bb:81:35:fe:57:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jan  2 10:20:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5b8a9998b9974210cf153d27c1c14ee405f0fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:17:93:44:80:a3:26:4d:27:7f:cc:bf:2f:d8:
                    5d:4e:24:5f:e9:c1:f2:75:72:88:4b:b2:8f:dd:50:
                    e6:98:d2:1c:b7:8c:43:e7:64:e5:9e:93:67:c4:20:
                    70:b8:73:00:86:db:ea:3c:67:df:c7:1f:6c:f9:15:
                    2a:d6:a5:0f:6c:7f:29:25:f7:d7:06:3b:fe:fa:a7:
                    86:d9:90:fc:a5:8c:07:56:98:39:aa:99:e9:48:c5:
                    13:e8:21:3e:8f:8c:61:b1:d4:d3:5a:81:6a:7e:bd:
                    9b:67:0b:4f:c9:29:2e:63:57:0d:79:c6:ef:fd:5c:
                    47:a2:80:87:be:81:34:b1:40:a0:34:1e:64:c1:db:
                    2b:50:1e:92:ca:32:2f:ce:de:58:13:aa:44:2c:0b:
                    af:53:04:39:dd:70:22:2e:d1:9d:9c:38:f9:1a:91:
                    e7:b0:9d:31:81:30:7f:4d:a1:3a:a3:28:30:72:77:
                    fa:09:70:25:68:d9:cd:f2:9a:71:5b:25:97:59:8a:
                    63:fb:3c:59:a9:a5:35:ad:55:88:af:d3:1f:47:de:
                    9d:69:48:5c:62:e7:d8:e7:1e:bf:a7:47:2c:26:23:
                    23:13:9b:e5:bd:f1:eb:0a:5f:26:12:29:f4:66:ad:
                    e9:c6:1c:82:d3:24:c9:9d:08:b9:5e:ec:4c:8d:d6:
                    f9:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:B8:A9:99:8B:99:74:21:0C:F1:53:D2:7C:1C:14:EE:40:5F:0F:B9
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/5bipmYuZdCEM8VPSfBwU7kBfD7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e7:d5:0e:9b:13:30:be:c0:a4:63:8a:14:ec:bd:0e:1a:f0:
         bd:a6:2c:7d:45:18:68:bc:96:85:8f:f9:40:26:84:94:f0:97:
         44:1f:6b:5e:ba:af:4e:c0:6d:77:1d:f2:4e:f0:5b:34:6c:54:
         1b:c9:8f:60:26:d7:70:68:3a:a9:9c:a0:91:ae:25:60:52:af:
         b0:5a:20:79:bb:df:eb:d7:0d:fe:d3:dd:70:66:b9:a7:bd:f0:
         c1:6c:96:9f:4f:b6:64:7a:a3:62:46:b9:d8:ec:e1:9c:6f:4c:
         78:36:67:22:cd:60:9d:b3:3e:eb:f2:ad:e1:a7:f0:9d:c0:25:
         38:ad:66:c9:bd:69:b8:f5:f2:a3:90:b2:7d:39:16:63:d7:d1:
         c1:88:21:d4:b8:f1:61:8d:0d:38:ff:b9:3d:63:71:e6:f1:8f:
         5b:a7:47:e3:77:09:7d:62:cf:94:84:c0:3a:1f:ce:44:b3:9b:
         f6:a5:b9:0d:6a:3b:ef:f8:37:11:81:dd:81:01:a1:f3:c0:82:
         82:02:52:28:2c:e5:2d:66:4e:ec:8d:ab:bc:56:2f:9e:dc:ad:
         c1:68:e4:2c:ec:5f:a1:94:4b:d3:b0:ee:84:51:8c:2b:55:d6:
         5c:d8:cc:03:45:5e:35:f1:0d:db:8f:8f:36:cc:2b:a5:a0:a5:
         f8:8f:74:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OPCb7PiPMK0Gu4E1/ldSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwMTAyMTAyMDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWI4YTk5OThiOTk3NDIxMGNmMTUzZDI3YzFjMTRlZTQwNWYwZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyReTRICjJk0nf8y/L9hdTiRf6cHy
dXKIS7KP3VDmmNIct4xD52TlnpNnxCBwuHMAhtvqPGffxx9s+RUq1qUPbH8pJffX
Bjv++qeG2ZD8pYwHVpg5qpnpSMUT6CE+j4xhsdTTWoFqfr2bZwtPySkuY1cNecbv
/VxHooCHvoE0sUCgNB5kwdsrUB6SyjIvzt5YE6pELAuvUwQ53XAiLtGdnDj5GpHn
sJ0xgTB/TaE6oygwcnf6CXAlaNnN8ppxWyWXWYpj+zxZqaU1rVWIr9MfR96daUhc
YufY5x6/p0csJiMjE5vlvfHrCl8mEin0Zq3pxhyC0yTJnQi5XuxMjdb5VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOW4qZmLmXQhDPFT0nwcFO5AXw+5MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvNWJpcG1ZdVpkQ0VNOFZQU2ZCd1U3a0JmRDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoAMA0G
CSqGSIb3DQEBCwUAA4IBAQCP59UOmxMwvsCkY4oU7L0OGvC9pix9RRhovJaFj/lA
JoSU8JdEH2teuq9OwG13HfJO8Fs0bFQbyY9gJtdwaDqpnKCRriVgUq+wWiB5u9/r
1w3+091wZrmnvfDBbJafT7ZkeqNiRrnY7OGcb0x4NmcizWCdsz7r8q3hp/CdwCU4
rWbJvWm49fKjkLJ9ORZj19HBiCHUuPFhjQ04/7k9Y3Hm8Y9bp0fjdwl9Ys+UhMA6
H85Es5v2pbkNajvv+DcRgd2BAaHzwIKCAlIoLOUtZk7sjau8Vi+e3K3BaOQs7F+h
lEvTsO6EUYwrVdZc2MwDRV418Q3bj482zCuloKX4j3S2
-----END CERTIFICATE-----