This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/CdethGpZm2QuoSVJ4aiwMMYTk0Y.roa
File:                     CdethGpZm2QuoSVJ4aiwMMYTk0Y.roa (raw, json)
Hash identifier:          YIGg3I4hDg7BBUgcAz3JoVCk5c+QEE4qX20+BQrMq5s=
Subject key identifier:   09:D7:AD:84:6A:59:9B:64:2E:A1:25:49:E1:A8:B0:30:C6:13:93:46
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       019B7EA52EFA3423AC0046BEA3EE9D8CA191
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/CdethGpZm2QuoSVJ4aiwMMYTk0Y.roa
Signing time:             Fri 02 Jan 2026 12:18:33 +0000
ROA not before:           Fri 02 Jan 2026 12:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42878
IP address blocks:        109.160.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:2e:fa:34:23:ac:00:46:be:a3:ee:9d:8c:a1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  2 12:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09d7ad846a599b642ea12549e1a8b030c6139346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2e:fe:04:db:d5:f2:5e:f4:53:0f:de:1c:d5:
                    c4:43:24:4d:59:46:4d:4b:50:ee:2b:50:68:d6:83:
                    ff:17:65:df:82:77:24:66:55:2f:74:1c:0f:ac:70:
                    3c:89:b5:6f:31:dd:2c:0a:ab:a4:1d:34:a7:cc:da:
                    ae:ef:00:ec:13:80:f0:f8:4e:63:a1:53:1d:07:64:
                    44:21:b0:a1:53:0e:54:2a:62:8a:3a:f2:85:0a:3c:
                    d4:65:b0:80:2f:d1:38:81:a2:fd:99:74:c4:89:7d:
                    12:8d:26:64:2f:8b:09:93:e5:30:86:41:38:0f:02:
                    6b:9b:c0:4a:16:9c:0f:fa:2f:9c:54:95:47:50:1e:
                    85:2c:08:21:4f:77:f6:ec:bc:d1:3a:9c:11:2e:81:
                    02:37:94:51:bf:04:97:de:b9:83:e2:32:5d:87:da:
                    0a:77:03:3f:5a:d4:e5:51:78:6e:75:bb:64:91:e4:
                    1e:d8:f4:f4:a1:8d:24:1a:38:b6:11:be:5c:d7:c1:
                    4b:38:2e:3d:92:6f:e9:a5:9f:aa:5d:c6:20:04:ae:
                    9d:c4:9e:27:8e:b3:34:0f:04:84:27:bc:1a:72:d6:
                    98:8a:6f:01:81:19:96:09:f5:09:0d:5f:15:c8:28:
                    39:51:08:f1:ab:36:cf:b0:51:bd:d3:d8:07:ee:2f:
                    95:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D7:AD:84:6A:59:9B:64:2E:A1:25:49:E1:A8:B0:30:C6:13:93:46
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/CdethGpZm2QuoSVJ4aiwMMYTk0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.160.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:3c:7e:4a:00:d4:25:69:58:34:e7:76:2b:70:a4:72:c7:14:
         db:11:69:12:0e:a3:da:f1:51:f1:f8:be:08:d5:0d:b7:fd:05:
         11:38:ff:a8:4d:e2:e8:94:8d:a6:83:64:e7:97:ff:7e:3d:84:
         2e:af:ec:d6:45:c3:df:8d:38:df:f3:43:d8:09:43:0e:b0:85:
         d8:4e:87:4b:ec:4b:70:be:86:ef:6e:c6:06:7c:01:f1:c2:43:
         d3:79:89:32:72:d4:6e:3d:f4:6b:e0:24:97:9c:c0:01:b3:b3:
         90:61:f4:96:33:23:81:bb:99:bc:4f:ae:a2:15:a4:10:e2:f5:
         47:cb:b3:16:ec:42:f1:8c:b2:66:ce:97:a4:6c:dd:17:97:68:
         9d:91:d8:30:1f:d8:56:fc:9d:3f:db:f8:ee:2f:be:be:87:f9:
         de:9f:33:9f:87:57:85:ee:6e:0e:be:f8:0d:40:17:4a:2c:d4:
         ac:94:dc:b7:cb:df:1e:eb:9f:0e:e6:73:5a:8c:10:9f:e8:29:
         6a:9c:40:42:65:00:79:e5:12:c3:19:61:d7:48:f5:2f:24:45:
         8a:3f:92:29:9e:40:fc:4a:56:ab:37:f3:14:63:bb:cb:6f:22:
         d5:7c:8b:45:f4:ba:a1:7e:83:df:59:aa:7b:b3:9c:06:29:d1:
         46:0e:03:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pS76NCOsAEa+o+6djKGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjYwMTAyMTIxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQ3YWQ4NDZhNTk5YjY0MmVhMTI1NDllMWE4YjAzMGM2MTM5MzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS7+BNvV8l70Uw/eHNXEQyRNWUZN
S1DuK1Bo1oP/F2XfgnckZlUvdBwPrHA8ibVvMd0sCqukHTSnzNqu7wDsE4Dw+E5j
oVMdB2REIbChUw5UKmKKOvKFCjzUZbCAL9E4gaL9mXTEiX0SjSZkL4sJk+UwhkE4
DwJrm8BKFpwP+i+cVJVHUB6FLAghT3f27LzROpwRLoECN5RRvwSX3rmD4jJdh9oK
dwM/WtTlUXhudbtkkeQe2PT0oY0kGji2Eb5c18FLOC49km/ppZ+qXcYgBK6dxJ4n
jrM0DwSEJ7wactaYim8BgRmWCfUJDV8VyCg5UQjxqzbPsFG909gH7i+VowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnXrYRqWZtkLqElSeGosDDGE5NGMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvQ2RldGhHcFptMlF1b1NWSjRhaXdNTVlUazBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbaB2MA0G
CSqGSIb3DQEBCwUAA4IBAQCSPH5KANQlaVg053YrcKRyxxTbEWkSDqPa8VHx+L4I
1Q23/QUROP+oTeLolI2mg2Tnl/9+PYQur+zWRcPfjTjf80PYCUMOsIXYTodL7Etw
vobvbsYGfAHxwkPTeYkyctRuPfRr4CSXnMABs7OQYfSWMyOBu5m8T66iFaQQ4vVH
y7MW7ELxjLJmzpekbN0Xl2idkdgwH9hW/J0/2/juL76+h/nenzOfh1eF7m4OvvgN
QBdKLNSslNy3y98e658O5nNajBCf6ClqnEBCZQB55RLDGWHXSPUvJEWKP5IpnkD8
SlarN/MUY7vLbyLVfItF9LqhfoPfWap7s5wGKdFGDgOs
-----END CERTIFICATE-----