This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/hgRpqZ2KOS323eozORSKiQE9Z94.roa
File:                     hgRpqZ2KOS323eozORSKiQE9Z94.roa (raw, json)
Hash identifier:          hP+sdpPk2yVwSObZGoP+owD8CyfACxZocdC0caF3780=
Subject key identifier:   86:04:69:A9:9D:8A:39:2D:F6:DD:EA:33:39:14:8A:89:01:3D:67:DE
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       019B78A26ED3A28B0EBA6EB79A48D37D877C
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/hgRpqZ2KOS323eozORSKiQE9Z94.roa
Signing time:             Thu 01 Jan 2026 08:17:49 +0000
ROA not before:           Thu 01 Jan 2026 08:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215677
IP address blocks:        109.207.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:6e:d3:a2:8b:0e:ba:6e:b7:9a:48:d3:7d:87:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: Jan  1 08:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=860469a99d8a392df6ddea3339148a89013d67de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:07:2f:fa:9f:2b:1b:70:d6:b1:13:65:9f:4e:
                    63:89:8f:8b:ae:6d:6c:2a:a1:0d:8c:9e:c9:db:cb:
                    cd:97:7a:e3:30:61:1c:d6:b2:e6:38:e3:37:6e:a3:
                    04:dc:20:7c:00:90:e0:0d:4a:c8:03:7a:4e:94:e9:
                    a4:70:4b:a7:73:f5:1b:b1:5d:0a:a5:8d:d0:bb:7c:
                    4b:cc:56:78:f1:96:8a:f8:60:4c:4e:6d:87:37:1f:
                    68:ec:bb:7e:32:3b:6b:43:24:9f:03:d1:d8:30:8b:
                    0a:c8:2e:56:8f:3e:43:c5:bc:f4:50:ad:00:34:0a:
                    10:b4:d6:fb:ba:87:e5:1a:3b:0c:66:e7:a5:57:91:
                    87:13:b4:81:19:65:c5:ec:2f:90:cc:51:3d:1f:92:
                    f3:27:97:51:08:a6:4b:c2:b8:f5:6b:79:55:f8:94:
                    16:ca:d9:61:87:4b:09:50:1b:86:03:90:65:78:a0:
                    77:26:a7:55:33:31:9b:04:6c:48:d5:3d:7f:6b:c8:
                    0b:4c:14:b8:4b:4d:45:9e:b1:37:ff:7e:3d:d0:c4:
                    0e:22:d9:83:f3:ab:67:fa:b4:16:02:d6:f8:19:1f:
                    77:7d:01:af:19:a0:0f:cf:64:c7:3e:f1:b6:12:84:
                    68:8f:0d:72:16:7f:f2:d0:65:4c:ee:75:3a:fa:e0:
                    60:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:04:69:A9:9D:8A:39:2D:F6:DD:EA:33:39:14:8A:89:01:3D:67:DE
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/hgRpqZ2KOS323eozORSKiQE9Z94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.207.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:6c:98:fc:13:9d:b4:aa:62:72:e6:e0:25:36:d6:2d:be:8e:
         7c:6e:ff:e8:99:5f:9a:bf:25:5d:d2:dd:24:48:9e:9a:0c:74:
         78:66:61:1c:7f:da:f2:a7:07:c7:41:dd:f7:11:93:f1:ea:8d:
         b6:7c:c3:23:3c:7e:6d:b1:b2:37:59:a3:ed:39:ec:41:ca:a6:
         87:2c:41:2b:a9:34:09:a2:e3:06:6f:8a:b0:69:0c:2b:9b:19:
         3f:5a:a1:29:1e:d8:11:57:8e:df:19:36:fd:71:57:4d:ef:62:
         37:9d:79:7f:7d:78:b9:ec:e6:7f:b7:5c:ff:bd:c5:97:8e:d3:
         7a:e4:60:a6:3b:9a:00:9f:62:26:93:2f:d9:58:82:0e:a6:b3:
         1f:83:cd:40:6c:84:ee:35:70:d8:b7:ae:aa:4c:b5:e9:20:3d:
         f8:e9:e4:ad:f6:28:b4:3c:dc:b3:90:0f:bf:d6:07:14:de:53:
         52:c9:b6:e2:f5:9a:d2:21:85:37:c6:5d:52:55:4c:cd:dc:ed:
         9d:6e:ac:ad:7e:a4:20:aa:2b:ee:37:6d:51:63:1b:7c:8d:bc:
         78:64:a7:5b:72:ec:a5:e0:61:68:59:c7:df:f3:46:84:76:6f:
         47:f3:82:c7:2c:c6:08:91:2c:2a:ab:e0:25:24:03:38:94:27:
         84:c9:fe:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4om7ToosOum63mkjTfYd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjRhOGI5M2FmOWVhOWNmMThhYWNhNGU3M2YxMTZlYzI2
ZWIzNTcwHhcNMjYwMTAxMDgxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjA0NjlhOTlkOGEzOTJkZjZkZGVhMzMzOTE0OGE4OTAxM2Q2N2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQcv+p8rG3DWsRNln05jiY+Lrm1s
KqENjJ7J28vNl3rjMGEc1rLmOOM3bqME3CB8AJDgDUrIA3pOlOmkcEunc/UbsV0K
pY3Qu3xLzFZ48ZaK+GBMTm2HNx9o7Lt+MjtrQySfA9HYMIsKyC5Wjz5Dxbz0UK0A
NAoQtNb7uoflGjsMZuelV5GHE7SBGWXF7C+QzFE9H5LzJ5dRCKZLwrj1a3lV+JQW
ytlhh0sJUBuGA5BleKB3JqdVMzGbBGxI1T1/a8gLTBS4S01FnrE3/3490MQOItmD
86tn+rQWAtb4GR93fQGvGaAPz2THPvG2EoRojw1yFn/y0GVM7nU6+uBgbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYEaamdijkt9t3qMzkUiokBPWfeMB8GA1UdIwQY
MBaAFJ+0qLk6+eqc8YqspOc/EW7CbrNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYt
OGQ2OGViMjBmYmRkLzEvaGdScHFaMktPUzMyM2Vvek9SU0tpUUU5Wjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYtOGQ2OGViMjBmYmRk
LzEvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc/wMA0G
CSqGSIb3DQEBCwUAA4IBAQCvbJj8E520qmJy5uAlNtYtvo58bv/omV+avyVd0t0k
SJ6aDHR4ZmEcf9rypwfHQd33EZPx6o22fMMjPH5tsbI3WaPtOexByqaHLEErqTQJ
ouMGb4qwaQwrmxk/WqEpHtgRV47fGTb9cVdN72I3nXl/fXi57OZ/t1z/vcWXjtN6
5GCmO5oAn2Imky/ZWIIOprMfg81AbITuNXDYt66qTLXpID346eSt9ii0PNyzkA+/
1gcU3lNSybbi9ZrSIYU3xl1SVUzN3O2dbqytfqQgqivuN21RYxt8jbx4ZKdbcuyl
4GFoWcff80aEdm9H84LHLMYIkSwqq+AlJAM4lCeEyf5b
-----END CERTIFICATE-----