This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fXi-3J0I08pHCGpMDBfoClmPjMc.roa
File:                     fXi-3J0I08pHCGpMDBfoClmPjMc.roa (raw, json)
Hash identifier:          021lBJ+9jhBzDrRbngydXsCj6/uNgbtu04bJTaEzJbY=
Subject key identifier:   7D:78:BE:DC:9D:08:D3:CA:47:08:6A:4C:0C:17:E8:0A:59:8F:8C:C7
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019B7758B1FD5D71DB1AB95A0A692BB7DFEF
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fXi-3J0I08pHCGpMDBfoClmPjMc.roa
Signing time:             Thu 01 Jan 2026 02:17:39 +0000
ROA not before:           Thu 01 Jan 2026 02:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60781
IP address blocks:        109.236.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:b1:fd:5d:71:db:1a:b9:5a:0a:69:2b:b7:df:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 02:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d78bedc9d08d3ca47086a4c0c17e80a598f8cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5a:e6:80:c7:da:ec:15:bd:fd:d5:f5:1f:74:
                    fd:cf:fa:4b:73:ac:6d:eb:6d:e2:37:b5:3b:76:4a:
                    57:3d:4f:6e:6e:8e:b7:4e:7c:37:85:91:2a:40:18:
                    d6:c4:90:9d:1d:1b:6f:77:00:98:d9:62:fc:56:40:
                    d4:d8:27:0c:5d:af:3a:48:da:50:92:fb:9f:37:ce:
                    a3:1e:60:77:af:26:3e:54:d2:15:e2:1d:35:d9:d9:
                    f5:5c:8b:4f:c3:d8:1a:67:d7:08:3b:48:04:74:4d:
                    2e:fb:a7:55:89:1d:1e:3f:7c:02:d5:c9:ac:3f:cf:
                    29:a6:4c:4e:b1:83:e5:3e:b3:5d:de:96:f1:c7:93:
                    61:25:00:53:72:72:32:02:d1:aa:0b:dd:78:01:9a:
                    19:36:96:a4:68:81:08:25:48:1b:e0:6e:81:4f:2b:
                    cb:98:ff:aa:fb:f2:0a:f1:eb:0a:72:7c:bb:17:24:
                    e4:7a:67:5f:2f:be:b3:41:48:1b:5a:c5:d1:8f:c9:
                    6f:c8:5e:76:3f:cd:7a:8a:50:cf:e3:e2:9c:73:49:
                    4d:d5:1a:c0:02:6c:ed:5d:51:17:7f:ad:df:0f:bf:
                    98:a3:51:0e:ac:e0:0a:7e:1e:d3:9c:76:0f:8d:a6:
                    7a:c4:c8:e7:fb:60:ac:2e:a7:a2:d4:e3:df:33:cd:
                    db:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:78:BE:DC:9D:08:D3:CA:47:08:6A:4C:0C:17:E8:0A:59:8F:8C:C7
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fXi-3J0I08pHCGpMDBfoClmPjMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:5e:63:d9:35:a7:3b:45:26:9d:8b:99:1a:32:3a:9c:d5:57:
         0a:4b:98:5f:e0:69:0a:85:b4:80:9b:1f:b3:ac:42:d6:6d:26:
         a5:2f:93:e2:93:c4:bd:4c:dc:60:05:3b:38:b6:11:1f:2f:c2:
         fb:8d:fd:c4:81:68:a7:b1:69:66:30:96:fc:3c:15:a2:05:12:
         21:e1:08:3e:d3:8b:e1:a6:2a:52:9b:db:3e:7a:d5:f1:5c:c9:
         be:66:2b:a9:e8:b3:6c:81:0d:85:12:9b:b6:de:3a:ba:e6:f7:
         89:e8:13:06:e8:4c:73:de:88:8f:1c:5b:1e:ab:85:0d:93:59:
         85:f1:e1:17:63:ae:c4:63:ac:87:f2:ef:66:e2:f3:77:ea:e3:
         a5:f0:36:7d:49:88:36:c3:13:fb:0f:4d:ed:66:af:04:cb:7c:
         c2:86:6e:00:a0:ef:39:6e:43:a6:d0:3c:92:ee:9d:81:4c:97:
         8f:a2:69:42:4b:18:0c:1a:2a:39:46:87:90:4f:bc:a5:96:cd:
         f3:7d:03:f8:cc:e5:fe:96:f1:ef:1d:30:b2:40:9f:ec:86:5e:
         4a:f5:21:9d:0a:1b:b3:5a:80:ec:05:2b:7c:4f:5c:3c:d6:43:
         0a:4f:22:d8:dd:a5:d3:23:54:31:02:28:05:76:f4:55:62:4d:
         96:87:2f:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WLH9XXHbGrlaCmkrt9/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMTAxMDIxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDc4YmVkYzlkMDhkM2NhNDcwODZhNGMwYzE3ZTgwYTU5OGY4Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVrmgMfa7BW9/dX1H3T9z/pLc6xt
623iN7U7dkpXPU9ubo63Tnw3hZEqQBjWxJCdHRtvdwCY2WL8VkDU2CcMXa86SNpQ
kvufN86jHmB3ryY+VNIV4h012dn1XItPw9gaZ9cIO0gEdE0u+6dViR0eP3wC1cms
P88ppkxOsYPlPrNd3pbxx5NhJQBTcnIyAtGqC914AZoZNpakaIEIJUgb4G6BTyvL
mP+q+/IK8esKcny7FyTkemdfL76zQUgbWsXRj8lvyF52P816ilDP4+Kcc0lN1RrA
AmztXVEXf63fD7+Yo1EOrOAKfh7TnHYPjaZ6xMjn+2CsLqei1OPfM83bCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH14vtydCNPKRwhqTAwX6ApZj4zHMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZlhpLTNKMEkwOHBIQ0dwTURCZm9DbG1Qak1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbewyMA0G
CSqGSIb3DQEBCwUAA4IBAQAaXmPZNac7RSadi5kaMjqc1VcKS5hf4GkKhbSAmx+z
rELWbSalL5Pik8S9TNxgBTs4thEfL8L7jf3EgWinsWlmMJb8PBWiBRIh4Qg+04vh
pipSm9s+etXxXMm+Ziup6LNsgQ2FEpu23jq65veJ6BMG6Exz3oiPHFseq4UNk1mF
8eEXY67EY6yH8u9m4vN36uOl8DZ9SYg2wxP7D03tZq8Ey3zChm4AoO85bkOm0DyS
7p2BTJePomlCSxgMGio5RoeQT7ylls3zfQP4zOX+lvHvHTCyQJ/shl5K9SGdChuz
WoDsBSt8T1w81kMKTyLY3aXTI1QxAigFdvRVYk2Why+y
-----END CERTIFICATE-----