This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/zVSX18y8o4KRMFIOaBGobLqrbvA.roa
File:                     zVSX18y8o4KRMFIOaBGobLqrbvA.roa (raw, json)
Hash identifier:          zvGv7P9a7DP9g0eTnYWOdSqXm1zetmk1xuEUE1VYzlg=
Subject key identifier:   CD:54:97:D7:CC:BC:A3:82:91:30:52:0E:68:11:A8:6C:BA:AB:6E:F0
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       019B7BA3C50E30B29B31926BF8AA287642E3
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/zVSX18y8o4KRMFIOaBGobLqrbvA.roa
Signing time:             Thu 01 Jan 2026 22:18:08 +0000
ROA not before:           Thu 01 Jan 2026 22:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215826
IP address blocks:        109.107.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 10:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:c5:0e:30:b2:9b:31:92:6b:f8:aa:28:76:42:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 22:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd5497d7ccbca3829130520e6811a86cbaab6ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:93:93:79:b0:78:44:21:86:e7:8a:85:13:35:
                    bf:ae:a5:a2:5c:46:97:b0:d5:b3:04:d3:e7:bd:64:
                    bf:9a:89:ec:f9:08:ef:86:ae:e2:b9:37:f0:55:8f:
                    2e:51:04:99:a2:8e:d1:8f:06:f9:bb:06:b5:09:c1:
                    73:5b:cd:20:57:e8:25:52:eb:ef:72:c5:df:4b:cb:
                    8f:42:dd:3b:56:e2:61:1c:6c:58:87:7e:40:3b:11:
                    d7:f6:5c:81:0d:69:53:63:19:36:06:2f:a6:9f:19:
                    08:77:22:27:da:4e:e8:5b:84:34:14:e7:36:53:e8:
                    67:d5:13:5e:55:64:ca:68:79:bf:a4:53:8c:3b:d2:
                    1e:97:fc:40:06:a5:3f:fc:d0:c2:8a:b7:2a:36:72:
                    14:2e:e6:c2:ea:0f:1c:db:80:29:09:8d:b8:17:91:
                    55:1f:c3:8c:ae:d1:dd:ee:f8:c1:61:72:31:ec:d4:
                    dd:2e:22:a8:fb:6c:d2:b6:db:58:15:3f:d1:cd:53:
                    ef:fb:d6:ce:35:3e:56:8a:e4:4a:ff:63:5e:ff:ec:
                    42:cd:e1:e8:82:d8:6d:8f:60:17:da:d6:04:bc:49:
                    53:c4:c3:a7:2e:80:95:ae:0d:79:2d:6d:e1:9b:ab:
                    e5:17:42:9e:ed:3c:92:ba:33:75:f9:58:2d:28:f2:
                    7a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:54:97:D7:CC:BC:A3:82:91:30:52:0E:68:11:A8:6C:BA:AB:6E:F0
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/zVSX18y8o4KRMFIOaBGobLqrbvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:de:6e:60:e6:52:82:41:b1:47:59:42:98:3d:e7:cd:77:a3:
         c1:9a:ab:e8:55:95:46:ce:da:e0:d2:52:03:31:c2:f5:59:0d:
         67:2b:60:28:ec:77:52:64:c8:42:b2:74:ff:b1:99:c9:f4:e7:
         a9:8b:73:00:bb:e1:ea:63:2d:e0:01:4c:1e:96:3f:9a:86:af:
         05:0e:c2:7b:de:95:de:f7:f2:5b:ba:fc:a6:ec:73:bd:c1:40:
         57:76:02:24:cb:fb:49:ce:54:08:f0:b7:a1:77:e7:46:b1:a8:
         77:62:c5:ce:ea:2c:ea:f8:8f:15:6a:2d:74:a9:c2:f5:5d:81:
         fc:ac:82:d9:1a:b0:a2:9f:00:d0:80:26:81:bb:ce:d8:86:6c:
         cd:37:2a:4f:59:d4:f6:d1:dc:a4:47:95:8a:7f:20:e2:e1:a9:
         3c:38:8e:8b:17:45:e3:20:a8:0c:fe:a3:42:35:c4:80:c1:60:
         07:e2:db:fa:f7:59:41:22:95:53:35:e2:d7:86:46:30:49:a4:
         d1:4c:d8:71:fd:09:44:e6:e7:6f:34:67:43:7e:77:ea:b0:37:
         6e:8a:43:e0:cc:49:de:59:36:73:18:e7:50:7a:38:64:2a:74:
         ff:37:aa:56:e8:de:00:c1:7c:82:73:40:51:e0:15:1a:66:14:
         a8:1e:bd:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o8UOMLKbMZJr+KoodkLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjYwMTAxMjIxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDU0OTdkN2NjYmNhMzgyOTEzMDUyMGU2ODExYTg2Y2JhYWI2ZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZOTebB4RCGG54qFEzW/rqWiXEaX
sNWzBNPnvWS/mons+Qjvhq7iuTfwVY8uUQSZoo7Rjwb5uwa1CcFzW80gV+glUuvv
csXfS8uPQt07VuJhHGxYh35AOxHX9lyBDWlTYxk2Bi+mnxkIdyIn2k7oW4Q0FOc2
U+hn1RNeVWTKaHm/pFOMO9Iel/xABqU//NDCircqNnIULubC6g8c24ApCY24F5FV
H8OMrtHd7vjBYXIx7NTdLiKo+2zStttYFT/RzVPv+9bONT5WiuRK/2Ne/+xCzeHo
gthtj2AX2tYEvElTxMOnLoCVrg15LW3hm6vlF0Ke7TySujN1+VgtKPJ6kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1Ul9fMvKOCkTBSDmgRqGy6q27wMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvelZTWDE4eThvNEtSTUZJT2FCR29iTHFyYnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuoMA0G
CSqGSIb3DQEBCwUAA4IBAQCE3m5g5lKCQbFHWUKYPefNd6PBmqvoVZVGztrg0lID
McL1WQ1nK2Ao7HdSZMhCsnT/sZnJ9Oepi3MAu+HqYy3gAUwelj+ahq8FDsJ73pXe
9/Jbuvym7HO9wUBXdgIky/tJzlQI8Lehd+dGsah3YsXO6izq+I8Vai10qcL1XYH8
rILZGrCinwDQgCaBu87YhmzNNypPWdT20dykR5WKfyDi4ak8OI6LF0XjIKgM/qNC
NcSAwWAH4tv691lBIpVTNeLXhkYwSaTRTNhx/QlE5udvNGdDfnfqsDduikPgzEne
WTZzGOdQejhkKnT/N6pW6N4AwXyCc0BR4BUaZhSoHr27
-----END CERTIFICATE-----