This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/b6f1IQwAc0MCC2q-PZ1DNz57RDo.roa
File:                     b6f1IQwAc0MCC2q-PZ1DNz57RDo.roa (raw, json)
Hash identifier:          lTEvCl2vEXs2t2BpFO5BGQcQDhjtDq2M8E67j8BNBwo=
Subject key identifier:   6F:A7:F5:21:0C:00:73:43:02:0B:6A:BE:3D:9D:43:37:3E:7B:44:3A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B791152D17533BA3AACCFC72829FC7751
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/b6f1IQwAc0MCC2q-PZ1DNz57RDo.roa
Signing time:             Thu 01 Jan 2026 10:18:57 +0000
ROA not before:           Thu 01 Jan 2026 10:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211484
IP address blocks:        104.238.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:52:d1:75:33:ba:3a:ac:cf:c7:28:29:fc:77:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  1 10:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fa7f5210c007343020b6abe3d9d43373e7b443a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e9:35:8b:e3:18:c4:95:87:6a:8b:cf:13:7a:
                    ef:50:39:75:88:33:21:5e:7c:52:0e:cc:d8:05:a8:
                    53:a8:00:3a:99:5c:ef:98:9f:5b:80:55:f1:6c:5b:
                    45:c8:0a:dc:74:b6:a5:ff:29:94:c9:a3:c2:ca:94:
                    43:cc:e7:33:3b:93:af:0f:fb:09:37:b0:a8:11:eb:
                    c9:d1:27:a0:b8:f2:7f:90:9b:80:bf:26:68:e3:2c:
                    a6:bc:72:26:39:22:de:64:18:9d:95:fa:20:e0:bb:
                    d8:f8:32:5f:32:6a:3d:f4:05:27:98:c9:61:54:33:
                    df:7f:ef:c6:0d:ad:ae:f2:ee:01:81:98:73:86:f4:
                    48:fc:e4:9e:22:73:e3:0e:fb:8c:4d:3f:39:ac:9e:
                    d3:f6:84:69:e4:c5:cc:bc:40:c1:6f:57:df:6e:5e:
                    c5:7c:61:18:63:e3:ca:63:a2:d8:c5:a0:3b:21:ef:
                    2f:3a:3a:9f:98:0e:c8:e1:10:e8:a1:3b:ca:34:fb:
                    27:e8:64:ff:6b:6b:14:36:67:1e:1a:fb:83:25:e3:
                    e4:dc:47:cd:c7:24:a4:44:46:03:73:50:d2:e5:98:
                    a3:8d:07:22:69:47:5a:1a:13:60:e4:43:cb:6e:21:
                    7b:a6:d3:40:43:d5:09:fe:29:59:24:f9:ac:93:97:
                    c2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:A7:F5:21:0C:00:73:43:02:0B:6A:BE:3D:9D:43:37:3E:7B:44:3A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/b6f1IQwAc0MCC2q-PZ1DNz57RDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:0e:99:c4:b8:87:fa:00:2d:b6:a8:89:ea:ca:dc:12:64:fa:
         b5:0f:53:5c:fb:61:ad:d7:0f:38:3c:cd:e4:48:ee:ce:47:2a:
         c7:16:bf:48:39:55:c2:23:45:7e:04:7d:91:6d:a0:25:0c:ff:
         50:54:b0:fc:65:83:7e:ec:5c:84:3f:00:1b:7f:b3:43:22:df:
         3b:30:15:12:69:48:86:c6:ad:4b:e4:4f:54:9c:df:54:91:9a:
         86:6e:e5:90:d2:3c:37:39:14:b6:2b:73:67:f0:4a:3a:93:53:
         64:63:6a:3c:e9:44:67:7b:6e:84:6a:4d:d4:f2:d9:ff:82:d3:
         28:32:fa:c0:ba:e0:04:df:fa:a9:2f:64:13:ca:a6:93:9b:ec:
         25:eb:8d:45:33:b5:09:0b:fe:d4:fe:e9:83:ef:e7:7e:78:a3:
         15:55:3e:9e:7d:31:1b:aa:20:bb:9f:b4:03:22:cd:61:68:f1:
         43:91:57:4f:2d:84:00:fc:76:87:47:cf:a3:cc:22:9a:87:8d:
         f3:06:54:09:b9:5e:e3:67:49:78:7e:58:53:d7:14:12:db:fe:
         bb:91:0c:22:ac:21:6c:10:c0:e0:6a:28:2b:5c:b8:88:be:fd:
         ff:03:00:ed:f5:bd:cc:0b:f1:8c:79:d2:77:9a:aa:af:87:c3:
         44:ec:9b:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EVLRdTO6OqzPxygp/HdRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTAxMTAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmE3ZjUyMTBjMDA3MzQzMDIwYjZhYmUzZDlkNDMzNzNlN2I0NDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ek1i+MYxJWHaovPE3rvUDl1iDMh
XnxSDszYBahTqAA6mVzvmJ9bgFXxbFtFyArcdLal/ymUyaPCypRDzOczO5OvD/sJ
N7CoEevJ0SeguPJ/kJuAvyZo4yymvHImOSLeZBidlfog4LvY+DJfMmo99AUnmMlh
VDPff+/GDa2u8u4BgZhzhvRI/OSeInPjDvuMTT85rJ7T9oRp5MXMvEDBb1ffbl7F
fGEYY+PKY6LYxaA7Ie8vOjqfmA7I4RDooTvKNPsn6GT/a2sUNmceGvuDJePk3EfN
xySkREYDc1DS5ZijjQciaUdaGhNg5EPLbiF7ptNAQ9UJ/ilZJPmsk5fChQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+n9SEMAHNDAgtqvj2dQzc+e0Q6MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvYjZmMUlRd0FjME1DQzJxLVBaMUROejU3UkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4fMA0G
CSqGSIb3DQEBCwUAA4IBAQBpDpnEuIf6AC22qInqytwSZPq1D1Nc+2Gt1w84PM3k
SO7ORyrHFr9IOVXCI0V+BH2RbaAlDP9QVLD8ZYN+7FyEPwAbf7NDIt87MBUSaUiG
xq1L5E9UnN9UkZqGbuWQ0jw3ORS2K3Nn8Eo6k1NkY2o86URne26Eak3U8tn/gtMo
MvrAuuAE3/qpL2QTyqaTm+wl641FM7UJC/7U/umD7+d+eKMVVT6efTEbqiC7n7QD
Is1haPFDkVdPLYQA/HaHR8+jzCKah43zBlQJuV7jZ0l4flhT1xQS2/67kQwirCFs
EMDgaigrXLiIvv3/AwDt9b3MC/GMedJ3mqqvh8NE7Ju9
-----END CERTIFICATE-----