This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CJa3MhpjRD_9kjNUR_6m3Y-jnrk.roa
File:                     CJa3MhpjRD_9kjNUR_6m3Y-jnrk.roa (raw, json)
Hash identifier:          HvGHPPGd+sMLyZ/hG1hqUZqEQ68Ao+110QD6+vH2fY8=
Subject key identifier:   08:96:B7:32:1A:63:44:3F:FD:92:33:54:47:FE:A6:DD:8F:A3:9E:B9
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019B7EA6F3E5941F74B8B6A2507FC8DEAB5C
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CJa3MhpjRD_9kjNUR_6m3Y-jnrk.roa
Signing time:             Fri 02 Jan 2026 12:20:29 +0000
ROA not before:           Fri 02 Jan 2026 12:20:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205418
IP address blocks:        109.111.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:f3:e5:94:1f:74:b8:b6:a2:50:7f:c8:de:ab:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  2 12:20:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0896b7321a63443ffd92335447fea6dd8fa39eb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5c:ec:7e:7c:dd:98:77:63:be:0a:82:d7:c3:
                    2d:ec:a1:65:3c:d5:dc:d6:32:2f:c9:6d:58:ff:0e:
                    7d:b3:42:59:60:4a:b5:3e:c3:3c:75:64:62:39:14:
                    23:ff:10:dc:60:36:39:24:da:06:51:60:21:a9:08:
                    6f:23:32:d5:3f:da:e2:6f:72:40:4b:37:1e:d7:fb:
                    bb:9b:ec:52:12:d1:01:45:e9:6c:9d:4b:d0:b7:bc:
                    1b:e0:85:32:85:6e:4b:89:98:ce:fb:87:c6:42:50:
                    7f:8d:58:90:4a:a4:0d:b1:9c:1a:a6:c2:8c:5e:9b:
                    0b:e1:89:25:53:d9:f0:af:a1:8c:c2:f9:bc:f1:4a:
                    be:3f:5e:60:50:4a:96:ab:7e:99:9f:0b:10:54:bf:
                    43:ac:16:fc:e5:d6:75:9c:2c:65:86:29:53:c1:14:
                    3b:c0:e3:79:aa:24:15:bf:a5:9a:71:32:92:2e:12:
                    ec:91:c9:7c:55:8a:8b:ad:57:7c:0b:ef:41:61:7b:
                    5a:20:e8:45:64:2f:c3:9f:39:80:16:fe:3e:4b:97:
                    7a:ed:87:44:9e:28:07:fe:f3:7c:67:4d:3b:3e:85:
                    f5:2e:1f:a6:cd:23:af:2b:0f:38:99:23:fa:d2:43:
                    3d:35:aa:3c:aa:27:0e:64:bd:15:c9:fc:0d:fc:ac:
                    43:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:96:B7:32:1A:63:44:3F:FD:92:33:54:47:FE:A6:DD:8F:A3:9E:B9
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CJa3MhpjRD_9kjNUR_6m3Y-jnrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a7:2b:49:74:16:c2:71:47:9c:ad:ac:b5:65:db:3f:98:01:
         a5:78:1f:b2:ae:07:7d:29:d0:ac:f3:8e:7e:e1:b0:ce:77:ed:
         d2:0a:9f:74:f9:82:29:aa:2b:25:3c:81:f9:d3:b8:7d:08:ec:
         60:2b:4d:c3:55:12:c8:cc:37:5a:02:72:17:4c:65:b5:a4:21:
         b5:03:43:75:43:cf:6f:68:f4:33:d1:64:82:24:0a:be:54:3b:
         c3:af:31:7f:d1:37:53:d4:4a:4d:16:c5:62:2c:5e:45:3e:e8:
         9a:89:0a:9c:d3:f2:4f:31:50:b5:d9:a4:26:64:75:2e:78:8a:
         bd:90:ef:dc:2e:f4:1a:b8:0c:ac:31:a3:e2:cb:58:58:59:16:
         51:e7:c5:92:ce:67:92:71:e2:fe:41:54:2a:0e:f3:1b:7b:d3:
         d2:1a:ad:d8:d0:5d:ec:bc:d7:27:43:59:93:34:5f:e9:a9:1d:
         04:bd:28:d7:16:ff:08:97:94:8d:46:90:f8:30:f0:f9:58:f4:
         aa:f1:09:92:7d:66:e5:2a:7e:0e:bd:78:e3:a6:91:f6:f0:44:
         29:0f:f0:cf:00:17:18:62:2a:db:9a:b0:14:2b:f8:1b:fe:2e:
         b0:24:a1:76:ce:12:3a:e8:76:bc:16:e0:c4:4d:d8:78:f7:e9:
         55:83:4d:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pvPllB90uLaiUH/I3qtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMTAyMTIyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODk2YjczMjFhNjM0NDNmZmQ5MjMzNTQ0N2ZlYTZkZDhmYTM5ZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFzsfnzdmHdjvgqC18Mt7KFlPNXc
1jIvyW1Y/w59s0JZYEq1PsM8dWRiORQj/xDcYDY5JNoGUWAhqQhvIzLVP9rib3JA
Szce1/u7m+xSEtEBRelsnUvQt7wb4IUyhW5LiZjO+4fGQlB/jViQSqQNsZwapsKM
XpsL4YklU9nwr6GMwvm88Uq+P15gUEqWq36ZnwsQVL9DrBb85dZ1nCxlhilTwRQ7
wON5qiQVv6WacTKSLhLskcl8VYqLrVd8C+9BYXtaIOhFZC/DnzmAFv4+S5d67YdE
nigH/vN8Z007PoX1Lh+mzSOvKw84mSP60kM9Nao8qicOZL0VyfwN/KxDHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiWtzIaY0Q//ZIzVEf+pt2Po565MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvQ0phM01ocGpSRF85a2pOVVJfNm0zWS1qbnJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbW//MA0G
CSqGSIb3DQEBCwUAA4IBAQAgpytJdBbCcUecray1Zds/mAGleB+yrgd9KdCs845+
4bDOd+3SCp90+YIpqislPIH507h9COxgK03DVRLIzDdaAnIXTGW1pCG1A0N1Q89v
aPQz0WSCJAq+VDvDrzF/0TdT1EpNFsViLF5FPuiaiQqc0/JPMVC12aQmZHUueIq9
kO/cLvQauAysMaPiy1hYWRZR58WSzmeSceL+QVQqDvMbe9PSGq3Y0F3svNcnQ1mT
NF/pqR0EvSjXFv8Il5SNRpD4MPD5WPSq8QmSfWblKn4OvXjjppH28EQpD/DPABcY
YirbmrAUK/gb/i6wJKF2zhI66Ha8FuDETdh49+lVg01R
-----END CERTIFICATE-----