This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/x38hfjMhE7QMmpysnJOCL1icUGM.roa
File:                     x38hfjMhE7QMmpysnJOCL1icUGM.roa (raw, json)
Hash identifier:          cdSuSeUF0GI/gSSljf1+08ZBB62UkoY9MdWgKAiiX5s=
Subject key identifier:   C7:7F:21:7E:33:21:13:B4:0C:9A:9C:AC:9C:93:82:2F:58:9C:50:63
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C6A763FEDC52158AC48D7F583D6E76
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/x38hfjMhE7QMmpysnJOCL1icUGM.roa
Signing time:             Thu 01 Jan 2026 04:17:46 +0000
ROA not before:           Thu 01 Jan 2026 04:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200734
IP address blocks:        109.248.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:a7:63:fe:dc:52:15:8a:c4:8d:7f:58:3d:6e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c77f217e332113b40c9a9cac9c93822f589c5063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:10:a0:80:bd:f0:2e:ca:9f:a0:fd:df:90:44:
                    42:b6:5f:42:40:ff:8c:59:e7:f5:4a:50:30:b6:67:
                    be:a3:ce:be:49:cb:1c:e8:47:b7:85:85:65:28:2b:
                    fa:a9:9c:d0:e9:13:a1:d9:44:67:7b:21:7e:5d:10:
                    7a:f2:58:46:88:f7:c0:51:53:e8:50:9a:24:8c:1e:
                    93:93:6d:ac:74:f7:e5:42:40:b0:1c:b6:e4:7c:2a:
                    f8:fc:c0:0e:42:bf:09:64:dc:18:f5:b7:31:19:33:
                    bb:56:9c:80:30:4b:da:7e:97:d4:d6:cc:41:76:4e:
                    1c:72:bc:d1:b8:d9:7b:d5:f6:03:7c:9e:42:63:4d:
                    9e:45:03:71:59:be:58:7c:9c:4a:30:7c:cd:72:2d:
                    a6:07:3e:81:3e:04:3e:64:46:3c:93:74:9c:45:d9:
                    94:12:f9:0d:2a:8f:59:30:75:92:b6:73:50:55:8a:
                    da:bf:51:59:05:2f:f9:c8:81:14:6c:25:f8:45:bb:
                    26:29:b1:d1:fc:6b:5a:ba:49:0e:8c:e5:41:fb:ac:
                    3e:21:c0:08:14:12:7c:43:ff:90:f4:2a:78:d8:77:
                    19:a0:5f:06:76:8f:59:25:a4:c7:28:7e:30:26:e8:
                    00:31:9e:36:a6:de:74:a4:04:ef:b4:22:ea:10:58:
                    76:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:7F:21:7E:33:21:13:B4:0C:9A:9C:AC:9C:93:82:2F:58:9C:50:63
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/x38hfjMhE7QMmpysnJOCL1icUGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:72:a4:72:98:e4:e3:06:a6:c1:8f:13:d9:e9:71:51:54:0f:
         83:39:1f:5b:45:04:b1:96:15:26:97:e2:a5:d2:9c:ff:a2:be:
         38:e5:42:f6:d7:72:86:9b:49:f3:62:47:59:55:98:81:e1:26:
         22:d1:26:5d:c9:83:a3:bd:64:63:aa:04:ca:0c:e2:a4:79:8a:
         e5:f8:54:7d:10:f9:30:6d:92:e3:eb:bd:68:af:ec:4d:80:51:
         bf:61:c7:97:3b:7a:d0:0c:28:a4:8e:0d:61:cb:7d:8b:ca:84:
         7b:c2:da:e1:a4:3d:10:b9:6a:07:7d:31:f2:9b:5d:c1:f4:46:
         23:59:ab:00:31:57:b1:e1:54:3d:10:eb:4f:5a:52:5c:ea:0c:
         97:3f:93:10:a7:62:bf:1c:6c:fe:f6:47:be:9e:52:4d:4c:cb:
         58:22:ab:0e:9e:1d:64:49:38:20:b3:29:e4:bd:d4:ad:d4:6c:
         26:ba:9a:b8:fb:c0:37:8d:2a:fb:dd:fe:fd:7e:57:5a:06:ef:
         10:30:23:5a:ce:69:ca:18:c2:b6:7a:87:91:2f:ee:23:19:09:
         65:c7:4b:f5:8f:77:85:53:16:25:f1:ea:14:45:fe:e9:af:f4:
         df:49:f8:6b:54:10:a7:ec:56:2d:eb:6c:16:65:33:81:b4:12:
         ea:ed:5f:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xqdj/txSFYrEjX9YPW52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzdmMjE3ZTMzMjExM2I0MGM5YTljYWM5YzkzODIyZjU4OWM1MDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxCggL3wLsqfoP3fkERCtl9CQP+M
Wef1SlAwtme+o86+Scsc6Ee3hYVlKCv6qZzQ6ROh2URneyF+XRB68lhGiPfAUVPo
UJokjB6Tk22sdPflQkCwHLbkfCr4/MAOQr8JZNwY9bcxGTO7VpyAMEvafpfU1sxB
dk4ccrzRuNl71fYDfJ5CY02eRQNxWb5YfJxKMHzNci2mBz6BPgQ+ZEY8k3ScRdmU
EvkNKo9ZMHWStnNQVYrav1FZBS/5yIEUbCX4RbsmKbHR/GtaukkOjOVB+6w+IcAI
FBJ8Q/+Q9Cp42HcZoF8Gdo9ZJaTHKH4wJugAMZ42pt50pATvtCLqEFh2AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMd/IX4zIRO0DJqcrJyTgi9YnFBjMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEveDM4aGZqTWhFN1FNbXB5c25KT0NMMWljVUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfj2MA0G
CSqGSIb3DQEBCwUAA4IBAQAfcqRymOTjBqbBjxPZ6XFRVA+DOR9bRQSxlhUml+Kl
0pz/or445UL213KGm0nzYkdZVZiB4SYi0SZdyYOjvWRjqgTKDOKkeYrl+FR9EPkw
bZLj671or+xNgFG/YceXO3rQDCikjg1hy32LyoR7wtrhpD0QuWoHfTHym13B9EYj
WasAMVex4VQ9EOtPWlJc6gyXP5MQp2K/HGz+9ke+nlJNTMtYIqsOnh1kSTggsynk
vdSt1Gwmupq4+8A3jSr73f79fldaBu8QMCNazmnKGMK2eoeRL+4jGQllx0v1j3eF
UxYl8eoURf7pr/TfSfhrVBCn7FYt62wWZTOBtBLq7V8b
-----END CERTIFICATE-----