This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/70W8hHs32_e_Y4owrZCojxZEGfo.roa
File:                     70W8hHs32_e_Y4owrZCojxZEGfo.roa (raw, json)
Hash identifier:          QwnSOO6uyq0JleXAg0WrwVkU5dv9WnW0sVY/lPSgnME=
Subject key identifier:   EF:45:BC:84:7B:37:DB:F7:BF:63:8A:30:AD:90:A8:8F:16:44:19:FA
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C80242A9E15567930B0FEB5F8E63DD0
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/70W8hHs32_e_Y4owrZCojxZEGfo.roa
Signing time:             Fri 02 Jan 2026 02:18:51 +0000
ROA not before:           Fri 02 Jan 2026 02:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200482
IP address blocks:        109.71.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:24:2a:9e:15:56:79:30:b0:fe:b5:f8:e6:3d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef45bc847b37dbf7bf638a30ad90a88f164419fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b3:b6:dc:2e:c3:b2:c7:59:a2:ea:89:f1:84:
                    6c:9a:11:c1:af:89:69:08:b9:50:0c:53:4c:8d:4e:
                    83:0e:bf:a0:99:3e:61:56:fc:ca:35:aa:a2:31:06:
                    48:64:7c:0a:7a:d7:2d:93:8e:b2:43:ca:4a:48:83:
                    ea:d0:4c:5f:b0:4f:26:60:f0:c2:77:7d:af:be:c4:
                    de:e8:8b:1c:11:cf:eb:22:f0:d8:0e:4d:17:d4:b6:
                    35:b2:57:05:81:3a:02:84:57:ca:c6:4f:9c:e7:f4:
                    72:ec:12:84:8b:3d:70:35:6f:0d:af:70:0c:22:a2:
                    04:97:b6:cf:95:df:a4:8f:73:75:65:0c:53:1b:6d:
                    38:04:74:61:07:05:2a:d2:77:e0:9e:00:81:b2:82:
                    0c:e9:b8:8c:02:bb:46:9e:a8:b0:94:62:0f:9e:df:
                    b6:6a:c4:10:d9:e5:0f:fc:e2:45:0c:f8:42:98:47:
                    d1:38:3b:82:c1:c2:e9:64:c7:ea:86:00:8b:29:f3:
                    2e:9c:8c:5e:f6:cc:74:7a:2b:ac:0a:93:57:d6:58:
                    ac:33:c1:57:d4:19:0f:ae:4b:f5:d6:4c:6f:45:60:
                    3a:92:97:1f:b4:48:52:00:42:e8:2a:3d:5f:65:88:
                    72:65:e2:7d:f1:c5:a2:c5:bd:33:14:32:70:bd:d9:
                    3b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:45:BC:84:7B:37:DB:F7:BF:63:8A:30:AD:90:A8:8F:16:44:19:FA
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/70W8hHs32_e_Y4owrZCojxZEGfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:f7:2e:75:cd:e9:06:a2:c0:df:d8:64:04:af:9a:4b:92:b2:
         db:07:dd:66:7f:5b:6a:78:e5:79:87:35:af:8c:6f:f2:f3:5f:
         3e:aa:54:a8:40:8c:c8:1f:af:5a:68:5b:c5:d8:e2:09:99:08:
         c3:8a:dc:53:4e:75:f9:b9:c3:1b:70:46:4f:9b:8b:55:10:54:
         d9:f5:29:49:cf:33:9c:8c:43:10:81:5e:bb:29:67:a4:52:79:
         19:1a:84:89:11:f7:1e:91:e3:a2:3a:a4:8b:5b:41:28:18:57:
         cf:31:29:98:f0:0c:09:fb:39:d6:10:e4:4f:2d:3d:18:56:98:
         c8:ce:52:55:52:f0:e2:ae:41:87:79:71:77:1b:74:14:78:21:
         d5:11:71:53:ed:1a:ba:b7:b1:32:03:b9:8e:f1:99:b1:a2:bb:
         9f:be:fb:4a:69:1d:89:ef:93:ae:e3:07:b3:3f:a1:66:95:17:
         d2:9a:93:6c:60:fd:f6:b0:2d:be:17:cc:6f:ac:63:03:91:52:
         d6:e7:a1:4e:74:07:ff:3d:65:13:a2:b7:06:1c:b0:11:ef:f0:
         42:54:b1:55:c8:f1:4c:11:24:36:0b:45:9d:de:ff:04:b7:fd:
         e9:71:f5:9b:13:5a:26:2c:ad:27:56:52:ca:5d:e5:27:db:c3:
         81:7f:68:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gCQqnhVWeTCw/rX45j3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjQ1YmM4NDdiMzdkYmY3YmY2MzhhMzBhZDkwYTg4ZjE2NDQxOWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bO23C7DssdZouqJ8YRsmhHBr4lp
CLlQDFNMjU6DDr+gmT5hVvzKNaqiMQZIZHwKetctk46yQ8pKSIPq0ExfsE8mYPDC
d32vvsTe6IscEc/rIvDYDk0X1LY1slcFgToChFfKxk+c5/Ry7BKEiz1wNW8Nr3AM
IqIEl7bPld+kj3N1ZQxTG204BHRhBwUq0nfgngCBsoIM6biMArtGnqiwlGIPnt+2
asQQ2eUP/OJFDPhCmEfRODuCwcLpZMfqhgCLKfMunIxe9sx0eiusCpNX1lisM8FX
1BkPrkv11kxvRWA6kpcftEhSAELoKj1fZYhyZeJ98cWixb0zFDJwvdk7vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9FvIR7N9v3v2OKMK2QqI8WRBn6MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvNzBXOGhIczMyX2VfWTRvd3JaQ29qeFpFR2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUf+MA0G
CSqGSIb3DQEBCwUAA4IBAQCl9y51zekGosDf2GQEr5pLkrLbB91mf1tqeOV5hzWv
jG/y818+qlSoQIzIH69aaFvF2OIJmQjDitxTTnX5ucMbcEZPm4tVEFTZ9SlJzzOc
jEMQgV67KWekUnkZGoSJEfcekeOiOqSLW0EoGFfPMSmY8AwJ+znWEORPLT0YVpjI
zlJVUvDirkGHeXF3G3QUeCHVEXFT7Rq6t7EyA7mO8ZmxorufvvtKaR2J75Ou4wez
P6FmlRfSmpNsYP32sC2+F8xvrGMDkVLW56FOdAf/PWUTorcGHLAR7/BCVLFVyPFM
ESQ2C0Wd3v8Et/3pcfWbE1omLK0nVlLKXeUn28OBf2h7
-----END CERTIFICATE-----