This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/NKy6Tyf5RyRglBk0yV_ExDPmxuo.roa
File:                     NKy6Tyf5RyRglBk0yV_ExDPmxuo.roa (raw, json)
Hash identifier:          ebb1VqS7aGDzvUXqYNWhDAqOkeGUT55XR6ggJqYbSMU=
Subject key identifier:   34:AC:BA:4F:27:F9:47:24:60:94:19:34:C9:5F:C4:C4:33:E6:C6:EA
Certificate issuer:       /CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
Certificate serial:       019B7F15FDD71681525D70D3FF4B6C730689
Authority key identifier: ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/NKy6Tyf5RyRglBk0yV_ExDPmxuo.roa
Signing time:             Fri 02 Jan 2026 14:21:46 +0000
ROA not before:           Fri 02 Jan 2026 14:21:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        109.71.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:fd:d7:16:81:52:5d:70:d3:ff:4b:6c:73:06:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
        Validity
            Not Before: Jan  2 14:21:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34acba4f27f9472460941934c95fc4c433e6c6ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7e:b4:74:11:c9:f5:9b:f4:51:fa:59:31:f5:
                    6b:25:c0:ef:b8:8e:81:68:c7:67:44:c4:ce:e1:8a:
                    3d:19:13:0e:a3:b2:c4:a6:22:db:eb:b6:e2:f6:79:
                    05:75:a5:5b:2e:8c:67:15:fb:68:b7:c9:9e:4c:9c:
                    0e:38:3f:43:01:96:e6:ef:7d:0f:e8:1c:53:85:09:
                    8a:4a:3d:b9:a9:7f:11:f0:68:1b:76:1b:82:58:ab:
                    9d:25:53:1c:6c:61:23:48:64:88:1f:5e:a0:24:51:
                    3a:7b:da:69:45:90:7e:05:b4:13:82:4f:f4:19:5b:
                    ec:f4:58:cc:88:8a:ae:36:e3:6f:04:3e:e9:7c:72:
                    e4:23:14:8d:51:21:05:12:f4:9e:51:d4:2e:20:8c:
                    9c:40:9e:93:bc:8f:af:eb:c5:b3:f8:41:ca:28:12:
                    99:08:9b:be:e3:6d:9a:86:aa:da:26:3c:11:1b:d8:
                    10:50:e6:46:99:44:1d:e1:6a:87:98:e5:87:f5:a0:
                    e3:b2:40:19:83:5c:5c:ac:f2:6c:51:af:9e:3f:2b:
                    22:30:79:d2:13:52:eb:aa:d6:78:d6:57:40:da:73:
                    b8:f6:32:30:10:f4:39:ae:fc:54:9e:f4:3a:f7:db:
                    fa:2d:b4:74:d1:cc:6e:3a:f9:ee:30:01:3f:2e:0c:
                    3a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AC:BA:4F:27:F9:47:24:60:94:19:34:C9:5F:C4:C4:33:E6:C6:EA
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/NKy6Tyf5RyRglBk0yV_ExDPmxuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:a5:46:4b:f4:7e:8e:11:bf:b2:7b:a4:27:9a:8a:22:7f:14:
         6e:db:09:20:c6:55:d3:20:33:8a:5c:92:23:9f:4f:45:d2:27:
         4e:44:fa:17:71:3f:8f:95:67:43:ee:d5:c4:6d:2d:f2:ab:a5:
         b7:c0:e4:99:ff:d2:31:f9:1a:71:de:1e:ab:3d:47:b7:cf:42:
         ab:95:97:8a:f8:49:bc:4d:d9:a6:90:a8:3b:f3:17:8d:8c:93:
         f8:02:8f:2f:1f:5d:c3:d7:0c:da:7b:74:f6:af:69:73:22:79:
         cb:af:b0:dd:dc:8f:eb:94:4e:8d:15:48:fd:43:c7:04:c8:d1:
         36:11:75:f3:d8:5d:76:bb:ee:b6:c0:15:14:3d:e9:cc:ff:9e:
         62:9c:07:fb:93:57:1e:11:62:52:3f:b8:fc:ab:07:99:42:49:
         83:03:dd:88:28:d7:e7:04:d0:ee:3c:50:4c:f4:54:34:e1:ff:
         72:63:c5:7b:7a:1a:83:bd:9d:f4:3d:1c:af:f0:ff:a4:20:94:
         f7:8d:0e:36:be:10:83:b3:50:09:37:73:63:0f:16:33:d0:9e:
         9f:c2:d1:28:d0:74:ac:ed:ed:c4:a7:96:bf:12:68:4e:f7:a0:
         a1:7a:b7:83:95:bd:8c:8d:2d:46:76:d6:c8:70:8b:94:6f:9c:
         d0:c2:5d:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Ff3XFoFSXXDT/0tscwaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhODJkYmM3ZDdlMjgxOGY5NjY4MGI2NmVmY2VkYjEw
ODc5NDcwHhcNMjYwMTAyMTQyMTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFjYmE0ZjI3Zjk0NzI0NjA5NDE5MzRjOTVmYzRjNDMzZTZjNmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmX60dBHJ9Zv0UfpZMfVrJcDvuI6B
aMdnRMTO4Yo9GRMOo7LEpiLb67bi9nkFdaVbLoxnFftot8meTJwOOD9DAZbm730P
6BxThQmKSj25qX8R8GgbdhuCWKudJVMcbGEjSGSIH16gJFE6e9ppRZB+BbQTgk/0
GVvs9FjMiIquNuNvBD7pfHLkIxSNUSEFEvSeUdQuIIycQJ6TvI+v68Wz+EHKKBKZ
CJu+422ahqraJjwRG9gQUOZGmUQd4WqHmOWH9aDjskAZg1xcrPJsUa+ePysiMHnS
E1LrqtZ41ldA2nO49jIwEPQ5rvxUnvQ699v6LbR00cxuOvnuMAE/Lgw62QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSsuk8n+UckYJQZNMlfxMQz5sbqMB8GA1UdIwQY
MBaAFO1tqC28fX4oGPlmgLZu/O2xCHlHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAt
NTk5NTc3ODdiMDE1LzEvTkt5NlR5ZjVSeVJnbEJrMHlWX0V4RFBteHVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAtNTk5NTc3ODdiMDE1
LzEvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUcYMA0G
CSqGSIb3DQEBCwUAA4IBAQBNpUZL9H6OEb+ye6QnmooifxRu2wkgxlXTIDOKXJIj
n09F0idORPoXcT+PlWdD7tXEbS3yq6W3wOSZ/9Ix+Rpx3h6rPUe3z0KrlZeK+Em8
TdmmkKg78xeNjJP4Ao8vH13D1wzae3T2r2lzInnLr7Dd3I/rlE6NFUj9Q8cEyNE2
EXXz2F12u+62wBUUPenM/55inAf7k1ceEWJSP7j8qweZQkmDA92IKNfnBNDuPFBM
9FQ04f9yY8V7ehqDvZ30PRyv8P+kIJT3jQ42vhCDs1AJN3NjDxYz0J6fwtEo0HSs
7e3Ep5a/EmhO96ChereDlb2MjS1GdtbIcIuUb5zQwl3A
-----END CERTIFICATE-----