This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/Af_5rqEWBhs_t_5t3ubsN4ME7qQ.roa
File:                     Af_5rqEWBhs_t_5t3ubsN4ME7qQ.roa (raw, json)
Hash identifier:          US3yyitysBySkBj1duM7uaT/kHoh5Ro/nrveWTewP9E=
Subject key identifier:   01:FF:F9:AE:A1:16:06:1B:3F:B7:FE:6D:DE:E6:EC:37:83:04:EE:A4
Certificate issuer:       /CN=89d6a49d23007fbb1247192fbb7bd982eb37335f
Certificate serial:       019B7F14B945FA469A4D80CC8963C36FC657
Authority key identifier: 89:D6:A4:9D:23:00:7F:BB:12:47:19:2F:BB:7B:D9:82:EB:37:33:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/idaknSMAf7sSRxkvu3vZgus3M18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/Af_5rqEWBhs_t_5t3ubsN4ME7qQ.roa
Signing time:             Fri 02 Jan 2026 14:20:23 +0000
ROA not before:           Fri 02 Jan 2026 14:20:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        109.70.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/idaknSMAf7sSRxkvu3vZgus3M18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/idaknSMAf7sSRxkvu3vZgus3M18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/idaknSMAf7sSRxkvu3vZgus3M18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:b9:45:fa:46:9a:4d:80:cc:89:63:c3:6f:c6:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89d6a49d23007fbb1247192fbb7bd982eb37335f
        Validity
            Not Before: Jan  2 14:20:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01fff9aea116061b3fb7fe6ddee6ec378304eea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:34:fc:ab:3d:3d:89:1e:f5:95:72:03:43:01:
                    94:6c:11:f1:53:37:9c:37:de:10:02:64:11:00:16:
                    00:85:72:34:65:df:cb:05:c5:c6:ca:de:a3:5c:5e:
                    dc:56:f8:cb:40:f3:6e:d9:6c:78:22:c3:0f:d0:4d:
                    29:fd:0d:e3:46:4c:d6:53:0a:bc:46:8b:eb:25:d1:
                    d7:8d:20:d2:e5:a1:7f:a6:81:60:39:28:93:58:65:
                    21:e2:9c:19:1c:bd:c3:9a:f0:6f:9d:9e:fe:0d:e1:
                    ef:63:3f:46:37:d0:d8:64:ce:2b:a9:be:df:e4:14:
                    4b:80:51:f5:0a:91:29:74:71:ba:c4:dd:81:ec:56:
                    5a:92:e3:99:f6:f9:9f:2d:f7:8b:15:24:03:55:ea:
                    af:6a:ec:50:d8:35:95:08:6e:f6:bf:8d:01:da:e3:
                    bc:83:be:b7:21:e8:a5:ab:b2:e1:8c:f5:44:f7:b6:
                    92:c2:83:1b:26:e8:c0:33:d1:03:10:a9:4b:c2:59:
                    a6:6c:fc:e6:91:31:82:34:8a:70:2a:58:f7:ca:c8:
                    36:76:5e:d9:fd:a2:a4:19:58:02:b2:65:35:dc:e1:
                    30:01:f8:50:d0:c9:db:bf:16:c1:27:6b:2d:e4:a9:
                    38:2c:01:a7:2f:50:85:fe:9b:25:a3:bf:a0:4a:a0:
                    b4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:FF:F9:AE:A1:16:06:1B:3F:B7:FE:6D:DE:E6:EC:37:83:04:EE:A4
            X509v3 Authority Key Identifier:
                keyid:89:D6:A4:9D:23:00:7F:BB:12:47:19:2F:BB:7B:D9:82:EB:37:33:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/idaknSMAf7sSRxkvu3vZgus3M18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/Af_5rqEWBhs_t_5t3ubsN4ME7qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/idaknSMAf7sSRxkvu3vZgus3M18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:42:23:78:8a:3c:8c:5d:b2:97:0c:02:86:14:2a:a6:c0:d1:
         6c:0c:95:93:b7:0b:d0:7a:12:43:5d:42:02:cf:1b:bb:65:2f:
         bd:3e:ec:fd:b0:f9:fd:14:87:d5:ad:d7:42:6a:b8:11:2a:3f:
         7f:f0:30:b0:14:0c:ff:a6:c8:8f:72:fd:05:57:6e:8d:a0:3e:
         5f:4e:20:a6:0a:6f:7d:7b:48:d7:f7:ad:2e:ae:b1:48:10:2e:
         aa:fe:e9:14:8e:17:83:cf:de:e8:28:e1:96:6f:03:b7:a5:aa:
         58:00:59:4c:cf:a3:2a:ce:99:3c:07:a9:d6:47:d0:8e:eb:2a:
         33:cc:7f:00:7c:ed:c9:ff:7e:af:76:3e:3b:48:0f:3c:83:87:
         c7:80:cb:c9:db:f5:89:f9:32:6a:a4:c3:e8:16:08:da:cf:cf:
         d7:17:3c:1b:db:c0:11:ca:2c:8c:bf:4d:9c:f0:24:1c:2b:ab:
         de:87:83:07:df:f9:d8:e8:54:6c:8c:30:10:b5:8a:b8:89:b7:
         16:cf:04:56:08:bf:b9:54:99:7b:37:cc:1e:91:a5:ec:52:df:
         e8:ee:2f:5c:b3:8a:2b:6e:92:6b:ab:34:de:5e:b7:6b:68:2c:
         49:77:fb:c8:61:79:d3:5f:3b:7b:2f:ec:15:82:c1:c6:58:34:
         15:84:3d:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FLlF+kaaTYDMiWPDb8ZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZDZhNDlkMjMwMDdmYmIxMjQ3MTkyZmJiN2JkOTgyZWIz
NzMzNWYwHhcNMjYwMTAyMTQyMDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWZmZjlhZWExMTYwNjFiM2ZiN2ZlNmRkZWU2ZWMzNzgzMDRlZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjT8qz09iR71lXIDQwGUbBHxUzec
N94QAmQRABYAhXI0Zd/LBcXGyt6jXF7cVvjLQPNu2Wx4IsMP0E0p/Q3jRkzWUwq8
RovrJdHXjSDS5aF/poFgOSiTWGUh4pwZHL3DmvBvnZ7+DeHvYz9GN9DYZM4rqb7f
5BRLgFH1CpEpdHG6xN2B7FZakuOZ9vmfLfeLFSQDVeqvauxQ2DWVCG72v40B2uO8
g763Ieilq7LhjPVE97aSwoMbJujAM9EDEKlLwlmmbPzmkTGCNIpwKlj3ysg2dl7Z
/aKkGVgCsmU13OEwAfhQ0MnbvxbBJ2st5Kk4LAGnL1CF/pslo7+gSqC0YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAH/+a6hFgYbP7f+bd7m7DeDBO6kMB8GA1UdIwQY
MBaAFInWpJ0jAH+7EkcZL7t72YLrNzNfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWRha25TTUFmN3NTUnhrdnUzdlpndXMzTTE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xNDA5OWEtZTJkYS00ZjZhLWI1YzQt
NmZkNzUxZGU3MTdhLzEvQWZfNXJxRVdCaHNfdF81dDN1YnNONE1FN3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xNDA5OWEtZTJkYS00ZjZhLWI1YzQtNmZkNzUxZGU3MTdh
LzEvaWRha25TTUFmN3NTUnhrdnUzdlpndXMzTTE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUZMMA0G
CSqGSIb3DQEBCwUAA4IBAQBQQiN4ijyMXbKXDAKGFCqmwNFsDJWTtwvQehJDXUIC
zxu7ZS+9Puz9sPn9FIfVrddCargRKj9/8DCwFAz/psiPcv0FV26NoD5fTiCmCm99
e0jX960urrFIEC6q/ukUjheDz97oKOGWbwO3papYAFlMz6Mqzpk8B6nWR9CO6yoz
zH8AfO3J/36vdj47SA88g4fHgMvJ2/WJ+TJqpMPoFgjaz8/XFzwb28ARyiyMv02c
8CQcK6veh4MH3/nY6FRsjDAQtYq4ibcWzwRWCL+5VJl7N8wekaXsUt/o7i9cs4or
bpJrqzTeXrdraCxJd/vIYXnTXzt7L+wVgsHGWDQVhD38
-----END CERTIFICATE-----