This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/CBPzx6SbCNPOaXg_7NjE5c-to9Q.roa
File:                     CBPzx6SbCNPOaXg_7NjE5c-to9Q.roa (raw, json)
Hash identifier:          lAdcYAZ9J14q211MaZL2jjksWV0/Dt0NA0UCT5TwNsA=
Subject key identifier:   08:13:F3:C7:A4:9B:08:D3:CE:69:78:3F:EC:D8:C4:E5:CF:AD:A3:D4
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B791155474D6468ADE572D19396912200
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/CBPzx6SbCNPOaXg_7NjE5c-to9Q.roa
Signing time:             Thu 01 Jan 2026 10:18:57 +0000
ROA not before:           Thu 01 Jan 2026 10:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213918
IP address blocks:        104.238.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:55:47:4d:64:68:ad:e5:72:d1:93:96:91:22:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  1 10:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0813f3c7a49b08d3ce69783fecd8c4e5cfada3d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:bd:1e:26:38:8a:33:a2:79:31:93:00:1c:e3:
                    67:12:d6:99:9e:de:d6:31:bb:1f:4d:ca:5f:96:44:
                    04:75:75:85:46:fb:e6:a4:c3:89:1a:f2:4f:90:cf:
                    10:46:30:fd:96:90:41:93:ab:e6:e3:bf:52:d9:f2:
                    3f:91:84:8e:d3:c2:43:1e:58:b4:bc:b7:61:d9:08:
                    dc:e8:be:1a:f8:5f:51:14:14:6a:78:e4:a7:73:33:
                    9f:d4:c3:da:f1:7d:06:13:03:5a:61:30:f6:dd:50:
                    ed:00:6a:dd:ad:9b:3b:d3:55:08:5b:3f:c1:ac:84:
                    80:84:12:08:72:cc:61:f9:b1:16:a7:35:ea:da:13:
                    eb:cc:97:20:fe:2f:34:34:db:73:46:25:8a:7a:ba:
                    67:f6:17:d1:ab:55:f4:6f:94:0b:8e:d8:ce:70:fb:
                    28:7e:66:40:78:2d:40:44:d4:96:29:8e:50:bb:cd:
                    15:ea:84:08:24:9f:c0:a8:5a:f9:dc:57:ea:98:f5:
                    ca:97:7b:92:cc:c5:26:dc:96:03:65:e9:cd:2b:4d:
                    4b:2d:a0:17:84:79:7b:d5:de:80:84:24:3b:e2:de:
                    fa:cd:15:f0:48:6b:60:93:4b:d8:2c:4d:a6:58:2b:
                    dd:4b:65:ae:62:79:44:c0:f5:84:2f:db:b5:93:8b:
                    b4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:13:F3:C7:A4:9B:08:D3:CE:69:78:3F:EC:D8:C4:E5:CF:AD:A3:D4
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/CBPzx6SbCNPOaXg_7NjE5c-to9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:7c:bb:be:bb:35:b8:d1:c5:2e:f0:7d:95:78:d3:6a:4b:ed:
         67:b3:31:5e:ad:a0:64:f5:17:8e:ab:a4:4c:3c:d5:3c:f6:99:
         05:2e:e9:07:a5:be:30:ed:b5:e6:7f:42:a3:30:11:7b:0c:06:
         04:2b:83:99:ad:69:7d:93:c7:e2:dd:0d:d5:75:c4:2a:73:6c:
         46:9f:4f:6d:95:68:0b:2a:95:5d:ae:88:0c:28:6d:53:73:9a:
         f3:31:c6:de:6b:74:cd:91:90:1a:5e:d4:49:ba:d8:ea:b6:06:
         4a:2e:d7:12:88:e5:e8:34:16:b8:ff:ba:33:13:50:0c:fa:e2:
         4d:94:32:97:24:03:6b:f5:22:ff:29:67:23:a3:55:9c:bd:23:
         1d:e1:04:fa:e0:05:1b:6d:ee:ed:15:a5:56:bf:2f:22:9f:6c:
         b8:50:0b:8a:ae:21:df:f8:21:aa:53:38:af:38:cf:c8:2d:38:
         62:79:11:f3:6f:16:fb:1b:42:8e:c5:eb:51:d7:92:85:56:a2:
         bb:67:5b:29:a0:a9:4b:fd:30:78:0c:a2:5d:b8:20:2b:a8:65:
         aa:a3:e8:4d:86:52:ab:b7:57:3b:44:11:a9:4e:f3:22:f7:46:
         28:5b:a5:16:72:d1:a8:62:da:4a:26:29:e2:8d:28:41:4c:66:
         6b:7c:e6:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EVVHTWRoreVy0ZOWkSIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTAxMTAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODEzZjNjN2E0OWIwOGQzY2U2OTc4M2ZlY2Q4YzRlNWNmYWRhM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApr0eJjiKM6J5MZMAHONnEtaZnt7W
MbsfTcpflkQEdXWFRvvmpMOJGvJPkM8QRjD9lpBBk6vm479S2fI/kYSO08JDHli0
vLdh2Qjc6L4a+F9RFBRqeOSnczOf1MPa8X0GEwNaYTD23VDtAGrdrZs701UIWz/B
rISAhBIIcsxh+bEWpzXq2hPrzJcg/i80NNtzRiWKerpn9hfRq1X0b5QLjtjOcPso
fmZAeC1ARNSWKY5Qu80V6oQIJJ/AqFr53FfqmPXKl3uSzMUm3JYDZenNK01LLaAX
hHl71d6AhCQ74t76zRXwSGtgk0vYLE2mWCvdS2WuYnlEwPWEL9u1k4u0VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgT88ekmwjTzml4P+zYxOXPraPUMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvQ0JQeng2U2JDTlBPYVhnXzdOakU1Yy10bzlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4fMA0G
CSqGSIb3DQEBCwUAA4IBAQCXfLu+uzW40cUu8H2VeNNqS+1nszFeraBk9ReOq6RM
PNU89pkFLukHpb4w7bXmf0KjMBF7DAYEK4OZrWl9k8fi3Q3VdcQqc2xGn09tlWgL
KpVdrogMKG1Tc5rzMcbea3TNkZAaXtRJutjqtgZKLtcSiOXoNBa4/7ozE1AM+uJN
lDKXJANr9SL/KWcjo1WcvSMd4QT64AUbbe7tFaVWvy8in2y4UAuKriHf+CGqUziv
OM/ILThieRHzbxb7G0KOxetR15KFVqK7Z1spoKlL/TB4DKJduCArqGWqo+hNhlKr
t1c7RBGpTvMi90YoW6UWctGoYtpKJinijShBTGZrfOaU
-----END CERTIFICATE-----