This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/DTUiseBlEHrYRRybhJZtYkO70ow.roa
File:                     DTUiseBlEHrYRRybhJZtYkO70ow.roa (raw, json)
Hash identifier:          K4NadvqyyWrb4LEKIBSE6MBJgfXoW77DQt6TglV6X0U=
Subject key identifier:   0D:35:22:B1:E0:65:10:7A:D8:45:1C:9B:84:96:6D:62:43:BB:D2:8C
Certificate issuer:       /CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
Certificate serial:       019B7C7FB91DA0BAA2A8AFECDE347047FCD8
Authority key identifier: 5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/DTUiseBlEHrYRRybhJZtYkO70ow.roa
Signing time:             Fri 02 Jan 2026 02:18:23 +0000
ROA not before:           Fri 02 Jan 2026 02:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50602
IP address blocks:        109.205.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:b9:1d:a0:ba:a2:a8:af:ec:de:34:70:47:fc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
        Validity
            Not Before: Jan  2 02:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d3522b1e065107ad8451c9b84966d6243bbd28c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fb:f3:9b:e6:33:ae:2d:39:25:a2:b0:8d:4e:
                    b7:d8:69:22:24:e5:57:85:cc:50:26:e8:75:1f:b1:
                    c7:dc:bc:00:69:34:d6:0c:a5:60:27:d5:23:41:90:
                    5b:94:27:b1:4b:64:6e:75:e8:1e:ec:04:f5:8e:1f:
                    19:03:6e:3f:81:5b:b7:70:2b:41:4f:f3:c7:e9:2e:
                    b8:80:96:f7:c0:17:cc:fd:8a:49:ec:df:f6:db:ae:
                    91:a8:f0:0f:01:52:a2:f4:c6:cb:90:da:57:e8:ee:
                    0d:02:90:1f:92:92:ee:c5:d8:64:d3:d9:48:99:60:
                    f5:e9:bd:05:71:d5:33:96:40:c7:08:56:73:be:b2:
                    bd:5f:eb:e9:6e:2d:c2:d8:45:1c:a6:41:40:00:96:
                    ba:79:5d:f6:f5:aa:8e:1c:b3:05:d9:69:a0:9c:f1:
                    b4:50:20:41:0d:99:52:14:8e:20:9d:f9:5d:82:81:
                    8a:7a:b6:26:41:90:ec:67:cd:f2:09:33:f5:88:03:
                    d1:12:7d:8c:23:32:6a:8b:ec:79:88:82:72:e3:5e:
                    19:e9:25:14:65:bc:6a:c0:dd:04:5e:54:0a:74:60:
                    b1:89:06:8f:18:de:77:cf:ed:09:04:40:13:b8:15:
                    82:e2:74:be:98:a0:52:8d:58:57:81:4b:1c:b6:ec:
                    b3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:35:22:B1:E0:65:10:7A:D8:45:1C:9B:84:96:6D:62:43:BB:D2:8C
            X509v3 Authority Key Identifier:
                keyid:5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/DTUiseBlEHrYRRybhJZtYkO70ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:50:ab:09:d8:65:a5:fb:8e:50:e5:6a:73:b7:b0:34:0c:a5:
         ea:e2:3b:da:03:5b:0b:5d:87:7a:51:ba:65:4e:76:4b:11:c9:
         37:e6:90:d8:58:ac:32:38:67:a3:b3:8e:81:ed:fd:dd:95:0b:
         b8:e4:70:25:5b:f9:eb:3d:f1:b8:03:dd:a1:78:05:c7:18:28:
         f0:95:2f:a3:4b:27:ea:d6:28:1f:bf:ca:da:71:4b:0b:02:e8:
         1a:9d:50:f7:63:16:ed:bf:f3:86:48:41:ae:35:a7:f9:0e:db:
         73:e3:f9:c8:d6:74:e4:57:66:ee:b1:88:5e:1c:9b:73:c7:39:
         7c:83:62:62:ad:2e:02:e3:3a:66:16:d1:96:9b:cd:2d:56:f1:
         18:1f:3c:87:eb:62:31:8b:75:27:0d:c3:8e:4e:67:1b:6e:c6:
         c1:d0:8d:f3:19:7d:a0:c7:5f:64:8a:d6:76:85:1f:bc:eb:a0:
         c5:03:78:ee:59:af:dd:44:8c:29:9e:01:30:cc:b9:74:47:d4:
         9a:e1:94:09:9e:cd:69:33:5c:fd:8d:48:b1:d4:65:ac:a5:61:
         09:20:b0:ef:51:e2:12:70:1b:0f:ba:5b:3a:18:62:36:7f:1a:
         fb:8d:a5:93:db:a7:5c:ef:e8:6b:45:56:c3:38:3e:ff:f4:d2:
         53:cf:d6:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f7kdoLqiqK/s3jRwR/zYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGE0N2Q1ODJiYjBlOTY4MGY4OTI1OGFiOTZkMDU4Njdk
MzUyZWYwHhcNMjYwMTAyMDIxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDM1MjJiMWUwNjUxMDdhZDg0NTFjOWI4NDk2NmQ2MjQzYmJkMjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfvzm+Yzri05JaKwjU632GkiJOVX
hcxQJuh1H7HH3LwAaTTWDKVgJ9UjQZBblCexS2Rudege7AT1jh8ZA24/gVu3cCtB
T/PH6S64gJb3wBfM/YpJ7N/2266RqPAPAVKi9MbLkNpX6O4NApAfkpLuxdhk09lI
mWD16b0FcdUzlkDHCFZzvrK9X+vpbi3C2EUcpkFAAJa6eV329aqOHLMF2WmgnPG0
UCBBDZlSFI4gnfldgoGKerYmQZDsZ83yCTP1iAPREn2MIzJqi+x5iIJy414Z6SUU
ZbxqwN0EXlQKdGCxiQaPGN53z+0JBEATuBWC4nS+mKBSjVhXgUsctuyzwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA01IrHgZRB62EUcm4SWbWJDu9KMMB8GA1UdIwQY
MBaAFFpKR9WCuw6WgPiSWKuW0Fhn01LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTct
NmIwMDY1NTA4OTk2LzEvRFRVaXNlQmxFSHJZUlJ5YmhKWnRZa083MG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTctNmIwMDY1NTA4OTk2
LzEvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc0fMA0G
CSqGSIb3DQEBCwUAA4IBAQCrUKsJ2GWl+45Q5Wpzt7A0DKXq4jvaA1sLXYd6Ubpl
TnZLEck35pDYWKwyOGejs46B7f3dlQu45HAlW/nrPfG4A92heAXHGCjwlS+jSyfq
1igfv8racUsLAuganVD3Yxbtv/OGSEGuNaf5Dttz4/nI1nTkV2busYheHJtzxzl8
g2JirS4C4zpmFtGWm80tVvEYHzyH62Ixi3UnDcOOTmcbbsbB0I3zGX2gx19kitZ2
hR+866DFA3juWa/dRIwpngEwzLl0R9Sa4ZQJns1pM1z9jUix1GWspWEJILDvUeIS
cBsPuls6GGI2fxr7jaWT26dc7+hrRVbDOD7/9NJTz9Y/
-----END CERTIFICATE-----