This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/X7bd6lhwCTS9gshWbVNBD-T1x7E.roa
File:                     X7bd6lhwCTS9gshWbVNBD-T1x7E.roa (raw, json)
Hash identifier:          OdFNs5uEDNlf80PtTDUu5XNrjiIU+VK7u1fw+Wm4wjc=
Subject key identifier:   5F:B6:DD:EA:58:70:09:34:BD:82:C8:56:6D:53:41:0F:E4:F5:C7:B1
Certificate issuer:       /CN=cfae461188ffc1ef2f3a1474571a9439a55374ac
Certificate serial:       019B797F4CF1C333719BC6C34568580F6715
Authority key identifier: CF:AE:46:11:88:FF:C1:EF:2F:3A:14:74:57:1A:94:39:A5:53:74:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z65GEYj_we8vOhR0VxqUOaVTdKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/X7bd6lhwCTS9gshWbVNBD-T1x7E.roa
Signing time:             Thu 01 Jan 2026 12:19:04 +0000
ROA not before:           Thu 01 Jan 2026 12:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51247
IP address blocks:        109.172.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/z65GEYj_we8vOhR0VxqUOaVTdKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/z65GEYj_we8vOhR0VxqUOaVTdKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z65GEYj_we8vOhR0VxqUOaVTdKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:4c:f1:c3:33:71:9b:c6:c3:45:68:58:0f:67:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfae461188ffc1ef2f3a1474571a9439a55374ac
        Validity
            Not Before: Jan  1 12:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fb6ddea58700934bd82c8566d53410fe4f5c7b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5d:9d:21:af:fc:b4:85:3d:81:60:f3:1e:96:
                    9c:30:70:25:8f:4a:4b:c5:2a:c1:c5:58:51:2a:ad:
                    5f:cd:60:8a:33:49:fb:f0:28:c2:58:a4:c4:50:82:
                    d5:01:fd:a2:c6:18:f2:e7:de:43:59:6e:bb:e6:c6:
                    97:0e:26:0e:ad:58:de:63:f6:0f:62:85:6d:37:a8:
                    d9:22:a8:af:5b:14:14:59:7d:4f:25:78:f3:6b:0a:
                    0f:81:19:98:eb:dd:37:02:16:a3:32:3a:47:12:6e:
                    52:1b:99:b3:9d:ab:ce:d9:06:92:98:97:8b:c2:e4:
                    d0:87:31:6b:cc:97:1e:84:02:e2:ae:16:35:92:23:
                    99:f5:4b:df:ee:70:52:e1:da:3f:62:b4:9c:7a:43:
                    76:5b:09:27:b5:3c:b6:1b:88:b0:02:4c:34:80:9d:
                    00:4b:6c:1e:e5:05:bb:16:f2:41:16:6d:a5:7d:00:
                    77:da:08:4c:86:1e:fd:14:37:92:30:62:e5:a2:27:
                    22:30:38:ed:fa:21:b3:03:41:0e:eb:8d:39:a5:4e:
                    a2:41:d5:0f:ff:1d:11:c3:e1:f7:8d:0a:60:b9:42:
                    0c:14:da:31:96:e3:d4:15:ca:7b:a7:2d:93:0f:5f:
                    95:72:d3:83:de:ec:8b:09:4a:d9:ee:6c:b4:51:b6:
                    1a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B6:DD:EA:58:70:09:34:BD:82:C8:56:6D:53:41:0F:E4:F5:C7:B1
            X509v3 Authority Key Identifier:
                keyid:CF:AE:46:11:88:FF:C1:EF:2F:3A:14:74:57:1A:94:39:A5:53:74:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z65GEYj_we8vOhR0VxqUOaVTdKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/X7bd6lhwCTS9gshWbVNBD-T1x7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/z65GEYj_we8vOhR0VxqUOaVTdKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.172.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:47:95:5b:c0:12:ba:b8:00:43:c9:3f:07:a9:61:d1:72:14:
         9d:a6:32:f1:28:e6:40:c4:7d:3f:b4:62:1f:ff:8e:06:2e:17:
         fd:a3:d4:03:18:8c:54:1a:9f:f7:cc:8c:f0:85:b4:42:7a:ec:
         4c:1f:02:c3:b2:f4:ab:ae:cf:2b:2e:f7:db:1f:10:d1:f9:2e:
         17:ff:a3:38:f0:5b:21:b9:02:5f:dc:cb:88:48:a9:ce:93:31:
         18:18:ea:a7:76:e4:b4:a0:e6:13:6b:ab:80:76:7c:14:57:cc:
         8b:88:fd:10:fa:d2:65:ba:5f:d1:0b:fa:cc:7c:98:bb:38:82:
         bc:ec:c2:2d:3b:89:07:1b:74:c2:fa:ca:77:bd:ae:5d:dd:85:
         20:31:0c:b3:89:6b:84:18:53:cc:6a:fe:e4:13:47:00:1d:b4:
         89:41:75:ed:d5:19:e0:9f:64:8e:80:8d:2a:f3:bc:bc:34:56:
         f1:23:70:68:2c:6d:09:0b:f6:e1:ec:a1:0f:59:30:f6:5b:42:
         16:04:43:ab:3a:ab:79:8f:2f:6c:8f:26:e4:47:ba:47:d3:e9:
         98:b0:6f:88:da:67:b1:56:b2:a2:bc:f4:10:ad:af:dc:54:cd:
         07:2b:37:27:63:f8:f3:de:28:da:7d:58:e6:29:c8:c7:c6:8f:
         72:68:2f:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5f0zxwzNxm8bDRWhYD2cVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYWU0NjExODhmZmMxZWYyZjNhMTQ3NDU3MWE5NDM5YTU1
Mzc0YWMwHhcNMjYwMTAxMTIxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI2ZGRlYTU4NzAwOTM0YmQ4MmM4NTY2ZDUzNDEwZmU0ZjVjN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwl2dIa/8tIU9gWDzHpacMHAlj0pL
xSrBxVhRKq1fzWCKM0n78CjCWKTEUILVAf2ixhjy595DWW675saXDiYOrVjeY/YP
YoVtN6jZIqivWxQUWX1PJXjzawoPgRmY6903AhajMjpHEm5SG5mznavO2QaSmJeL
wuTQhzFrzJcehALirhY1kiOZ9Uvf7nBS4do/YrScekN2WwkntTy2G4iwAkw0gJ0A
S2we5QW7FvJBFm2lfQB32ghMhh79FDeSMGLloiciMDjt+iGzA0EO6405pU6iQdUP
/x0Rw+H3jQpguUIMFNoxluPUFcp7py2TD1+VctOD3uyLCUrZ7my0UbYaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+23epYcAk0vYLIVm1TQQ/k9cexMB8GA1UdIwQY
MBaAFM+uRhGI/8HvLzoUdFcalDmlU3SsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejY1R0VZal93ZTh2T2hSMFZ4cVVPYVZUZEt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yMDc4NzYtODBiNy00NDQzLTlmMGMt
NTVmMDZmMDYyY2UwLzEvWDdiZDZsaHdDVFM5Z3NoV2JWTkJELVQxeDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yMDc4NzYtODBiNy00NDQzLTlmMGMtNTVmMDZmMDYyY2Uw
LzEvejY1R0VZal93ZTh2T2hSMFZ4cVVPYVZUZEt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbaxcMA0G
CSqGSIb3DQEBCwUAA4IBAQCER5VbwBK6uABDyT8HqWHRchSdpjLxKOZAxH0/tGIf
/44GLhf9o9QDGIxUGp/3zIzwhbRCeuxMHwLDsvSrrs8rLvfbHxDR+S4X/6M48Fsh
uQJf3MuISKnOkzEYGOqnduS0oOYTa6uAdnwUV8yLiP0Q+tJlul/RC/rMfJi7OIK8
7MItO4kHG3TC+sp3va5d3YUgMQyziWuEGFPMav7kE0cAHbSJQXXt1Rngn2SOgI0q
87y8NFbxI3BoLG0JC/bh7KEPWTD2W0IWBEOrOqt5jy9sjybkR7pH0+mYsG+I2mex
VrKivPQQra/cVM0HKzcnY/jz3ijafVjmKcjHxo9yaC+Y
-----END CERTIFICATE-----