This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ryfEVRKZnK1jVhVaw9sfrzHqLCM.roa
File:                     ryfEVRKZnK1jVhVaw9sfrzHqLCM.roa (raw, json)
Hash identifier:          r6enxmx5xQGmlOEDSFrMxun8mtTQGChD+RDV9jYpnaQ=
Subject key identifier:   AF:27:C4:55:12:99:9C:AD:63:56:15:5A:C3:DB:1F:AF:31:EA:2C:23
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019B7F80C1440563425B802B3BB449476FAB
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ryfEVRKZnK1jVhVaw9sfrzHqLCM.roa
Signing time:             Fri 02 Jan 2026 16:18:23 +0000
ROA not before:           Fri 02 Jan 2026 16:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141968
IP address blocks:        109.111.52.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:c1:44:05:63:42:5b:80:2b:3b:b4:49:47:6f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  2 16:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af27c45512999cad6356155ac3db1faf31ea2c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b1:ee:66:19:e3:b5:4a:34:ee:78:2f:83:30:
                    b3:0f:17:1c:06:73:32:19:97:71:0a:d2:7d:e6:6d:
                    97:ab:93:92:b5:af:1c:04:57:26:f5:5d:2c:6c:ec:
                    26:de:00:ec:d7:f5:2e:d5:2a:03:f9:62:84:87:e8:
                    47:79:c8:19:27:f5:be:90:24:20:81:2c:2f:3b:f7:
                    2b:7d:97:49:ab:d2:a3:6f:6c:36:63:7c:96:fa:3d:
                    32:13:2b:19:45:42:4a:d7:27:b1:8e:56:0a:29:ba:
                    98:20:64:e8:28:6e:5f:2b:8a:25:5b:a5:4a:36:78:
                    50:61:77:05:50:13:d8:79:ff:9a:1d:46:66:b1:74:
                    63:23:19:fe:a2:3c:40:f1:60:49:53:83:af:8c:f7:
                    58:79:7b:c8:3c:70:6a:be:92:c2:ed:51:54:37:f1:
                    2b:00:57:7a:55:f8:16:55:38:c3:43:c5:c9:f0:cb:
                    20:44:88:73:cd:b7:75:76:9c:79:0c:8b:95:47:fc:
                    8b:a1:46:a9:9a:d4:22:99:ec:96:9b:3c:b8:ae:8f:
                    99:78:98:3c:b3:5b:80:03:c1:ee:27:5c:44:03:1a:
                    ef:bd:e7:be:67:87:22:4a:d1:b1:23:b1:d3:53:cb:
                    20:f7:46:d5:9f:00:9f:f5:8d:1f:d8:b7:11:ed:35:
                    bd:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:27:C4:55:12:99:9C:AD:63:56:15:5A:C3:DB:1F:AF:31:EA:2C:23
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ryfEVRKZnK1jVhVaw9sfrzHqLCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:6c:c6:b9:df:73:8b:41:27:f3:8e:9e:db:2e:dc:aa:18:eb:
         7f:1f:7c:f5:f4:82:20:41:63:6f:80:9f:6d:4a:9e:1c:3b:9a:
         d4:db:05:6a:bb:a0:6b:f9:0f:07:bc:fb:40:8b:65:cb:06:6d:
         08:d4:32:0f:02:76:1a:99:a0:21:26:7e:36:aa:f9:ea:64:e2:
         31:90:17:a0:2c:48:2c:0a:2b:a1:87:a4:9c:06:b6:67:06:19:
         1b:f6:47:e4:ed:8a:9a:33:66:00:3f:4e:82:b2:20:fe:64:61:
         26:cc:6e:68:2a:4e:b0:90:d9:75:8c:b2:d7:4b:d4:d4:8f:ce:
         18:f1:9a:c9:58:be:27:9a:48:07:e1:82:0f:a5:dc:28:b5:c6:
         64:65:27:80:73:98:25:a1:88:18:a7:94:b5:2b:3c:6b:a1:8e:
         a8:e3:88:ed:2e:dc:36:75:c4:94:e6:4a:44:86:57:59:a1:43:
         c1:c9:15:e4:cd:19:88:ba:c2:c8:39:40:4a:ce:d2:cb:79:fe:
         72:ff:b7:07:e3:58:64:5f:59:0b:25:50:12:d1:6e:c1:19:41:
         fb:bc:f6:36:78:59:74:aa:b8:a4:26:c0:07:ea:e3:54:db:44:
         c3:d8:67:8e:4f:ef:ea:35:4a:1f:e4:05:6e:3e:11:75:e4:68:
         6e:98:73:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gMFEBWNCW4ArO7RJR2+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwMTAyMTYxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjI3YzQ1NTEyOTk5Y2FkNjM1NjE1NWFjM2RiMWZhZjMxZWEyYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbHuZhnjtUo07ngvgzCzDxccBnMy
GZdxCtJ95m2Xq5OSta8cBFcm9V0sbOwm3gDs1/Uu1SoD+WKEh+hHecgZJ/W+kCQg
gSwvO/crfZdJq9Kjb2w2Y3yW+j0yEysZRUJK1yexjlYKKbqYIGToKG5fK4olW6VK
NnhQYXcFUBPYef+aHUZmsXRjIxn+ojxA8WBJU4OvjPdYeXvIPHBqvpLC7VFUN/Er
AFd6VfgWVTjDQ8XJ8MsgRIhzzbd1dpx5DIuVR/yLoUapmtQimeyWmzy4ro+ZeJg8
s1uAA8HuJ1xEAxrvvee+Z4ciStGxI7HTU8sg90bVnwCf9Y0f2LcR7TW9pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8nxFUSmZytY1YVWsPbH68x6iwjMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvcnlmRVZSS1puSzFqVmhWYXc5c2ZyekhxTENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW80MA0G
CSqGSIb3DQEBCwUAA4IBAQA4bMa533OLQSfzjp7bLtyqGOt/H3z19IIgQWNvgJ9t
Sp4cO5rU2wVqu6Br+Q8HvPtAi2XLBm0I1DIPAnYamaAhJn42qvnqZOIxkBegLEgs
Ciuhh6ScBrZnBhkb9kfk7YqaM2YAP06CsiD+ZGEmzG5oKk6wkNl1jLLXS9TUj84Y
8ZrJWL4nmkgH4YIPpdwotcZkZSeAc5gloYgYp5S1KzxroY6o44jtLtw2dcSU5kpE
hldZoUPByRXkzRmIusLIOUBKztLLef5y/7cH41hkX1kLJVAS0W7BGUH7vPY2eFl0
qrikJsAH6uNU20TD2GeOT+/qNUof5AVuPhF15GhumHNZ
-----END CERTIFICATE-----