This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/CFRA8brf5sE4J0Vi_mv81svugxI.roa
File:                     CFRA8brf5sE4J0Vi_mv81svugxI.roa (raw, json)
Hash identifier:          uvljp7f/z0E6aDzdRUCbiXg1uxB0BXMPXZAh/OfcnR8=
Subject key identifier:   08:54:40:F1:BA:DF:E6:C1:38:27:45:62:FE:6B:FC:D6:CB:EE:83:12
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       019B7EA693DA3D4002D0BFACD8F548555E65
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/CFRA8brf5sE4J0Vi_mv81svugxI.roa
Signing time:             Fri 02 Jan 2026 12:20:04 +0000
ROA not before:           Fri 02 Jan 2026 12:20:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41745
IP address blocks:        46.20.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:93:da:3d:40:02:d0:bf:ac:d8:f5:48:55:5e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jan  2 12:20:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=085440f1badfe6c138274562fe6bfcd6cbee8312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ed:ef:bb:e9:e8:a8:5e:98:e4:a9:7e:1e:e7:
                    9f:7d:dd:eb:82:2e:3c:e4:a7:26:c2:de:48:8d:65:
                    22:80:f7:3a:59:8d:54:60:ac:51:4a:82:74:05:3b:
                    d4:bd:19:14:e4:f8:40:2c:ff:d7:e3:b4:84:7d:b8:
                    62:45:6d:77:f5:48:83:8e:ca:59:1a:bf:42:29:3b:
                    25:be:52:f5:81:41:34:e5:1d:5b:e2:21:bc:f2:81:
                    7a:81:1e:0f:83:bb:2d:0a:8b:2e:c6:28:e7:8d:ad:
                    d3:f5:97:4b:01:13:1c:c5:0d:1c:f3:9e:4d:b3:23:
                    0f:a2:8e:6d:f4:f4:27:76:f4:a0:88:50:2d:ee:e3:
                    f0:f6:01:54:50:6b:d4:5c:d8:6f:6a:95:a1:1c:09:
                    34:65:ef:db:56:04:e1:bf:d7:3a:c6:8e:6d:a1:dd:
                    9b:95:e0:f2:c0:58:90:ba:f7:e9:48:16:e8:ef:00:
                    70:a1:86:00:29:a8:06:dc:78:7a:88:1d:b4:8c:39:
                    3a:09:14:36:10:6b:50:51:63:be:71:2f:06:8b:1b:
                    62:bb:bb:05:ff:0d:2a:fa:e2:d2:7f:1d:62:a3:75:
                    f1:50:91:8a:4e:9e:42:18:ee:71:fe:05:f6:6f:d5:
                    11:3b:2c:fc:af:46:e2:1c:42:0d:a9:65:eb:24:af:
                    ff:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:54:40:F1:BA:DF:E6:C1:38:27:45:62:FE:6B:FC:D6:CB:EE:83:12
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/CFRA8brf5sE4J0Vi_mv81svugxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:09:88:af:d5:fd:a5:00:8b:f3:a5:71:10:a6:cd:77:08:83:
         bd:80:f0:ad:6b:2c:07:4c:0a:e4:98:d0:5c:94:dc:1e:3d:19:
         5f:2f:33:f8:ae:55:57:5d:a7:bd:90:d9:34:05:c3:23:55:d7:
         6b:ab:3b:69:fc:52:2e:d6:9e:72:30:8b:61:8d:01:a8:c6:70:
         39:ce:71:9a:7e:54:2b:6b:f2:0f:26:0e:b9:a6:d5:f3:bc:9e:
         5a:2a:0e:01:fe:28:23:06:3f:f9:1c:1f:4a:fd:cb:31:7b:60:
         35:1d:72:74:e5:4b:95:11:12:f4:28:ed:0d:76:22:da:84:b4:
         4f:11:76:9d:25:02:2a:75:3c:a1:39:41:ff:99:20:46:d0:34:
         61:64:af:b5:72:73:fe:08:87:15:5e:1b:25:dd:4d:a3:03:a8:
         df:f4:32:09:c6:21:d8:e7:ce:e1:e4:74:c0:35:ab:80:76:8a:
         e3:b4:a6:d2:0b:16:99:2a:74:56:53:a5:72:25:05:e1:2b:7c:
         6e:8d:24:16:c2:b4:a8:ff:6e:92:f2:b8:0a:13:03:af:e8:0d:
         96:fd:d6:a7:b9:e4:15:ec:f2:d2:52:72:fb:54:b3:1a:cb:3f:
         92:46:cb:0b:c6:e2:97:49:d4:60:fe:fe:98:1f:c2:91:52:9f:
         ed:04:ca:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ppPaPUAC0L+s2PVIVV5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjYwMTAyMTIyMDA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU0NDBmMWJhZGZlNmMxMzgyNzQ1NjJmZTZiZmNkNmNiZWU4MzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAke3vu+noqF6Y5Kl+Hueffd3rgi48
5Kcmwt5IjWUigPc6WY1UYKxRSoJ0BTvUvRkU5PhALP/X47SEfbhiRW139UiDjspZ
Gr9CKTslvlL1gUE05R1b4iG88oF6gR4Pg7stCosuxijnja3T9ZdLARMcxQ0c855N
syMPoo5t9PQndvSgiFAt7uPw9gFUUGvUXNhvapWhHAk0Ze/bVgThv9c6xo5tod2b
leDywFiQuvfpSBbo7wBwoYYAKagG3Hh6iB20jDk6CRQ2EGtQUWO+cS8Gixtiu7sF
/w0q+uLSfx1io3XxUJGKTp5CGO5x/gX2b9UROyz8r0biHEINqWXrJK//VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhUQPG63+bBOCdFYv5r/NbL7oMSMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvQ0ZSQThicmY1c0U0SjBWaV9tdjgxc3Z1Z3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRqMA0G
CSqGSIb3DQEBCwUAA4IBAQCaCYiv1f2lAIvzpXEQps13CIO9gPCtaywHTArkmNBc
lNwePRlfLzP4rlVXXae9kNk0BcMjVddrqztp/FIu1p5yMIthjQGoxnA5znGaflQr
a/IPJg65ptXzvJ5aKg4B/igjBj/5HB9K/csxe2A1HXJ05UuVERL0KO0NdiLahLRP
EXadJQIqdTyhOUH/mSBG0DRhZK+1cnP+CIcVXhsl3U2jA6jf9DIJxiHY587h5HTA
NauAdorjtKbSCxaZKnRWU6VyJQXhK3xujSQWwrSo/26S8rgKEwOv6A2W/danueQV
7PLSUnL7VLMayz+SRssLxuKXSdRg/v6YH8KRUp/tBMrk
-----END CERTIFICATE-----