This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vW5WM4Rh3-cq9qiNtIEfCgDBOn8.roa
File:                     vW5WM4Rh3-cq9qiNtIEfCgDBOn8.roa (raw, json)
Hash identifier:          mszi6X6Ep+NbkX7ZHi/7q8hVNjOIsmhoOAFigylmZQM=
Subject key identifier:   BD:6E:56:33:84:61:DF:E7:2A:F6:A8:8D:B4:81:1F:0A:00:C1:3A:7F
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019A8E231FC20F4608BFED6CA0CC51CE612D
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vW5WM4Rh3-cq9qiNtIEfCgDBOn8.roa
Signing time:             Sun 16 Nov 2025 19:27:37 +0000
ROA not before:           Sun 16 Nov 2025 19:27:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215168
IP address blocks:        109.122.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Nov 2025 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:8e:23:1f:c2:0f:46:08:bf:ed:6c:a0:cc:51:ce:61:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Nov 16 19:27:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd6e56338461dfe72af6a88db4811f0a00c13a7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:da:c4:c2:69:d3:fb:14:d5:d6:f3:18:be:3b:
                    18:e8:55:ef:c8:f5:0c:af:6c:bd:3f:9e:00:26:dd:
                    e4:15:b8:e7:52:3f:4c:c7:57:e9:73:c1:08:22:a7:
                    c1:6e:ce:8a:b7:a6:97:79:7d:d8:7b:62:a9:b7:c9:
                    af:fd:b1:16:12:ba:bb:c9:9c:b9:c4:4e:52:98:6b:
                    8a:7b:f3:0f:96:5f:da:9d:fe:32:f1:6d:dd:93:f9:
                    fc:b9:20:18:df:5b:72:7b:6a:5e:45:bc:5a:b8:5f:
                    54:dc:bb:40:d1:df:be:a2:67:53:62:75:f0:d2:41:
                    07:a3:2e:48:e4:cc:b3:c8:97:04:ba:25:7b:b0:c6:
                    7d:33:67:62:5e:6c:95:fb:a8:3a:25:09:33:ec:be:
                    1d:3c:34:ff:9d:32:49:ed:2e:d2:93:c0:6e:5b:46:
                    75:27:0b:34:54:f9:09:6f:5b:71:f8:50:e9:e9:aa:
                    32:fa:50:99:9d:70:be:c4:23:e5:9a:e5:52:e4:e3:
                    13:5d:52:33:ec:d6:e4:25:c2:f0:d6:98:a7:a6:73:
                    24:c8:e6:cf:88:c3:18:e1:10:e9:5e:1f:7c:ef:4e:
                    f6:aa:0f:36:67:74:de:7b:c6:17:5e:1d:73:05:13:
                    18:69:56:ee:61:1a:7b:cb:20:81:51:11:75:9e:09:
                    4d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:6E:56:33:84:61:DF:E7:2A:F6:A8:8D:B4:81:1F:0A:00:C1:3A:7F
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vW5WM4Rh3-cq9qiNtIEfCgDBOn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:67:e1:32:6b:3a:56:cf:de:44:d8:1e:6c:3f:02:4f:b0:4e:
         6d:87:22:71:fc:de:15:b7:86:83:3c:1f:cc:c4:04:bc:3c:24:
         50:28:0b:df:d7:a2:2a:79:cd:5f:51:e8:28:4b:8d:d3:52:5f:
         60:09:c3:d7:bd:ef:04:a9:3f:e2:d9:8a:f2:de:4d:1b:fe:3b:
         c2:29:bc:01:42:89:2f:52:21:cb:73:d3:7a:70:2d:d6:84:a6:
         a2:f1:be:5a:13:39:91:4c:10:9a:95:04:f5:59:f4:11:65:3c:
         5c:03:2b:11:18:c2:21:2b:0b:93:22:a2:c6:f4:46:65:3d:22:
         e8:7d:32:bd:71:26:20:10:51:5b:4c:00:b5:77:5b:14:e2:d2:
         14:f0:46:b0:79:6a:90:21:78:30:aa:19:b6:85:a8:0c:4a:e1:
         20:ed:c2:56:8c:fa:f7:bb:07:9f:a0:4e:63:34:6c:92:88:7d:
         fc:22:35:27:5d:75:54:a9:ce:e8:75:d7:b8:50:1e:f1:69:79:
         85:81:06:b4:6b:5b:50:90:4d:98:2c:6c:ed:e1:f0:22:32:a6:
         af:cf:44:94:72:12:8e:c3:a7:05:58:c4:91:8b:6a:6e:52:04:
         6a:be:27:f3:66:b6:ad:17:7e:f0:c8:11:26:d9:64:80:b4:c0:
         2e:b8:14:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqOIx/CD0YIv+1soMxRzmEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUxMTE2MTkyNzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDZlNTYzMzg0NjFkZmU3MmFmNmE4OGRiNDgxMWYwYTAwYzEzYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdrEwmnT+xTV1vMYvjsY6FXvyPUM
r2y9P54AJt3kFbjnUj9Mx1fpc8EIIqfBbs6Kt6aXeX3Ye2Kpt8mv/bEWErq7yZy5
xE5SmGuKe/MPll/anf4y8W3dk/n8uSAY31tye2peRbxauF9U3LtA0d++omdTYnXw
0kEHoy5I5MyzyJcEuiV7sMZ9M2diXmyV+6g6JQkz7L4dPDT/nTJJ7S7Sk8BuW0Z1
Jws0VPkJb1tx+FDp6aoy+lCZnXC+xCPlmuVS5OMTXVIz7NbkJcLw1pinpnMkyObP
iMMY4RDpXh987072qg82Z3Tee8YXXh1zBRMYaVbuYRp7yyCBURF1nglNewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1uVjOEYd/nKvaojbSBHwoAwTp/MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvdlc1V000UmgzLWNxOXFpTnRJRWZDZ0RCT244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXocMA0G
CSqGSIb3DQEBCwUAA4IBAQC8Z+EyazpWz95E2B5sPwJPsE5thyJx/N4Vt4aDPB/M
xAS8PCRQKAvf16Iqec1fUegoS43TUl9gCcPXve8EqT/i2Yry3k0b/jvCKbwBQokv
UiHLc9N6cC3WhKai8b5aEzmRTBCalQT1WfQRZTxcAysRGMIhKwuTIqLG9EZlPSLo
fTK9cSYgEFFbTAC1d1sU4tIU8EaweWqQIXgwqhm2hagMSuEg7cJWjPr3uwefoE5j
NGySiH38IjUnXXVUqc7odde4UB7xaXmFgQa0a1tQkE2YLGzt4fAiMqavz0SUchKO
w6cFWMSRi2puUgRqvifzZratF37wyBEm2WSAtMAuuBRo
-----END CERTIFICATE-----