This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/e4QufroyVWdWI18YSP-xE5y8nsQ.roa
File:                     e4QufroyVWdWI18YSP-xE5y8nsQ.roa (raw, json)
Hash identifier:          D8HQMrEwK3oNuQ0az3Yjngy1UMsE6uMPy+4eRKXzeeY=
Subject key identifier:   7B:84:2E:7E:BA:32:55:67:56:23:5F:18:48:FF:B1:13:9C:BC:9E:C4
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019B77C725CE31DCA2A8244C04B798A936A5
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/e4QufroyVWdWI18YSP-xE5y8nsQ.roa
Signing time:             Thu 01 Jan 2026 04:18:18 +0000
ROA not before:           Thu 01 Jan 2026 04:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        109.107.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:25:ce:31:dc:a2:a8:24:4c:04:b7:98:a9:36:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 04:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b842e7eba32556756235f1848ffb1139cbc9ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:83:2e:50:82:ad:a5:3e:93:dd:5e:59:ff:d3:
                    24:d1:5d:8f:32:3b:e0:c5:97:d9:d9:fa:c5:2b:5f:
                    b9:d2:4d:e3:38:d1:a2:e4:b6:0a:51:93:b6:70:62:
                    a9:24:ca:62:af:d3:d9:1a:21:0b:78:fb:b6:09:dd:
                    e5:da:7f:ca:a9:2f:3e:fe:67:88:7c:04:df:94:28:
                    1c:6f:49:da:f7:47:79:b7:b0:cc:80:3e:3c:c2:fc:
                    ac:29:c0:f4:04:85:9f:92:13:86:4b:0b:b2:d2:ae:
                    89:2f:6f:9f:f8:e8:9b:a0:b3:8c:3f:e8:01:74:de:
                    30:ee:1d:6d:46:ab:90:ba:f0:51:0f:98:ef:1a:a5:
                    45:9f:69:5a:fc:8c:78:bc:aa:0c:33:b4:9b:8b:25:
                    51:5d:fc:22:de:93:29:c1:63:56:2f:a2:69:c3:ab:
                    82:bb:e7:1b:bb:49:9c:a0:67:fa:ed:c3:44:c9:b3:
                    bb:c7:8e:14:87:33:ce:5b:52:c4:69:1c:6b:f0:6a:
                    06:76:b8:63:a1:f4:10:ec:70:45:15:7b:15:5d:1c:
                    56:43:55:8b:29:1a:e5:9b:12:3f:de:8b:46:7f:14:
                    f9:4e:82:d7:1f:53:a8:d1:7f:ad:77:77:bd:ad:88:
                    fc:f9:52:d3:94:b3:e1:79:8f:e9:bf:ee:a4:a0:f1:
                    06:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:84:2E:7E:BA:32:55:67:56:23:5F:18:48:FF:B1:13:9C:BC:9E:C4
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/e4QufroyVWdWI18YSP-xE5y8nsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:b8:95:92:c9:13:71:22:bb:4b:95:bc:ec:c7:14:86:dd:ee:
         d4:f6:41:a0:8b:40:e4:ec:e9:ed:dd:aa:0a:04:60:ed:87:f1:
         ea:4d:67:87:d7:95:77:02:1c:24:0f:3f:b0:cc:80:a1:c7:31:
         13:1c:a9:3e:bf:fe:9e:57:94:f1:22:63:dc:59:6b:0e:b4:f9:
         99:a5:b3:a7:ef:a0:b0:8b:c4:2b:ba:3b:b7:b6:39:24:de:49:
         0e:c9:de:8e:06:22:a2:5c:70:ef:20:ba:62:59:e0:f6:fb:7f:
         6f:da:b4:8e:09:43:d0:d2:61:a7:fc:b2:a7:63:7c:3f:65:f0:
         3d:ea:a2:a2:38:c7:09:92:bd:fd:c7:e8:d4:75:2f:70:7a:cb:
         d5:77:84:84:2d:e8:60:fe:bf:2a:4a:ed:2f:81:e1:eb:7c:c1:
         79:10:22:0a:67:ed:14:a4:74:8e:a7:7c:13:e7:df:a1:cc:d9:
         24:74:84:07:9c:c9:27:40:fc:48:b2:e6:b0:c3:39:c0:d9:5d:
         4b:db:08:74:55:45:76:8f:4d:30:e2:52:c2:23:ca:47:5c:38:
         94:f2:ba:05:ba:31:46:d7:b8:5f:76:95:49:37:c1:cc:6d:d2:
         1b:2f:92:8f:4f:31:ef:58:1e:c2:cc:14:b3:1a:cb:03:29:c7:
         e6:ed:0e:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xyXOMdyiqCRMBLeYqTalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjYwMTAxMDQxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjg0MmU3ZWJhMzI1NTY3NTYyMzVmMTg0OGZmYjExMzljYmM5ZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIMuUIKtpT6T3V5Z/9Mk0V2PMjvg
xZfZ2frFK1+50k3jONGi5LYKUZO2cGKpJMpir9PZGiELePu2Cd3l2n/KqS8+/meI
fATflCgcb0na90d5t7DMgD48wvysKcD0BIWfkhOGSwuy0q6JL2+f+OiboLOMP+gB
dN4w7h1tRquQuvBRD5jvGqVFn2la/Ix4vKoMM7SbiyVRXfwi3pMpwWNWL6Jpw6uC
u+cbu0mcoGf67cNEybO7x44UhzPOW1LEaRxr8GoGdrhjofQQ7HBFFXsVXRxWQ1WL
KRrlmxI/3otGfxT5ToLXH1Oo0X+td3e9rYj8+VLTlLPheY/pv+6koPEGYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuELn66MlVnViNfGEj/sROcvJ7EMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvZTRRdWZyb3lWV2RXSTE4WVNQLXhFNXk4bnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWubMA0G
CSqGSIb3DQEBCwUAA4IBAQBduJWSyRNxIrtLlbzsxxSG3e7U9kGgi0Dk7Ont3aoK
BGDth/HqTWeH15V3AhwkDz+wzIChxzETHKk+v/6eV5TxImPcWWsOtPmZpbOn76Cw
i8Qruju3tjkk3kkOyd6OBiKiXHDvILpiWeD2+39v2rSOCUPQ0mGn/LKnY3w/ZfA9
6qKiOMcJkr39x+jUdS9wesvVd4SELehg/r8qSu0vgeHrfMF5ECIKZ+0UpHSOp3wT
59+hzNkkdIQHnMknQPxIsuawwznA2V1L2wh0VUV2j00w4lLCI8pHXDiU8roFujFG
17hfdpVJN8HMbdIbL5KPTzHvWB7CzBSzGssDKcfm7Q6W
-----END CERTIFICATE-----