This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/dr-r1QipWw0LMotiI3iJxXouQ30.roa
File:                     dr-r1QipWw0LMotiI3iJxXouQ30.roa (raw, json)
Hash identifier:          HeVNOeHeHWHXKC5fSmqe1FyJbFriSKjSreA8YPGVj5k=
Subject key identifier:   76:BF:AB:D5:08:A9:5B:0D:0B:32:8B:62:23:78:89:C5:7A:2E:43:7D
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019B77C6967348131ECE2623EE86CE90B60C
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/dr-r1QipWw0LMotiI3iJxXouQ30.roa
Signing time:             Thu 01 Jan 2026 04:17:41 +0000
ROA not before:           Thu 01 Jan 2026 04:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205334
IP address blocks:        109.167.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:96:73:48:13:1e:ce:26:23:ee:86:ce:90:b6:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  1 04:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76bfabd508a95b0d0b328b62237889c57a2e437d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d4:92:18:1e:6a:50:fd:f8:32:71:3e:60:13:
                    18:d2:53:b4:6a:42:ad:8f:8c:ca:05:21:25:0d:a3:
                    fb:55:cb:c7:d9:dd:d4:3a:1d:39:34:5b:9e:6e:d8:
                    c1:f8:09:2c:54:8a:a8:b0:78:12:71:b3:03:b1:e0:
                    60:4c:b8:0c:34:18:a9:bd:43:f2:e6:f8:f9:ad:2d:
                    32:16:7f:d9:bb:fd:33:30:24:db:34:f8:4b:0a:50:
                    cd:97:bc:01:a0:40:12:f2:5a:cf:49:58:12:7e:1f:
                    0c:e8:e2:4e:36:51:e3:de:e3:c5:28:8e:3f:31:bf:
                    92:2f:69:f7:8c:d4:56:90:a3:5c:90:d7:f4:61:f9:
                    2f:e4:c8:1e:6e:82:25:43:c3:2d:ab:88:ad:c7:e4:
                    cf:70:ee:98:d2:8b:63:ac:ab:9f:85:b4:4e:be:ba:
                    06:0e:77:de:8a:32:18:5f:5d:96:32:cc:0b:d7:d3:
                    31:20:93:d5:d0:79:bc:8d:b2:60:ca:1b:77:4c:ac:
                    34:07:48:55:aa:ab:1f:4c:b9:a6:b0:8e:31:b3:80:
                    ba:57:a6:13:1b:0c:b9:1f:42:ba:83:22:0b:ac:6f:
                    5c:05:cb:e1:6b:15:77:46:6f:c0:03:e4:6b:47:b3:
                    2e:fe:0c:54:68:d3:df:ce:c3:01:49:af:72:80:d0:
                    ec:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:BF:AB:D5:08:A9:5B:0D:0B:32:8B:62:23:78:89:C5:7A:2E:43:7D
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/dr-r1QipWw0LMotiI3iJxXouQ30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.167.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:41:4b:5f:be:35:39:6d:44:1b:c2:af:15:bb:ee:97:60:e2:
         13:e5:69:f5:26:de:d7:88:cd:db:d1:78:d8:2f:ee:51:64:d6:
         3d:98:51:93:cf:eb:82:e9:cc:bc:03:32:a1:ce:a5:2c:e6:4f:
         4e:b4:7b:7c:2e:1c:5d:c9:6d:d3:db:95:6f:20:bb:eb:b9:fc:
         7d:c7:90:dc:81:14:06:b6:b6:03:0a:a3:b3:c9:d2:b8:be:21:
         29:2d:05:53:49:16:63:64:60:0d:79:e0:7d:47:d3:7c:51:84:
         a9:33:60:7b:90:4a:3e:71:79:d7:0a:f2:58:6d:d3:17:2e:15:
         8a:9f:27:73:d5:0f:b9:b9:31:3c:dd:a6:e4:41:93:c6:57:22:
         41:62:75:d0:a1:d7:0a:91:a5:e9:d9:7c:6d:c9:59:9e:bb:42:
         eb:a3:d6:75:0e:f2:cb:57:eb:46:f4:4a:6c:a3:33:88:4a:21:
         9c:ec:02:49:6e:48:e5:de:13:8e:e0:7d:73:36:95:bc:1d:c7:
         e7:c6:10:19:63:56:f6:fb:17:31:55:9f:f5:10:5b:4a:77:56:
         da:94:ca:94:54:36:27:83:fc:db:f2:29:8b:65:bf:db:65:32:
         00:22:05:ab:bb:4e:3e:87:13:5c:d8:52:df:c4:37:4e:50:10:
         b0:d5:c1:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xpZzSBMeziYj7obOkLYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjYwMTAxMDQxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmJmYWJkNTA4YTk1YjBkMGIzMjhiNjIyMzc4ODljNTdhMmU0MzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNSSGB5qUP34MnE+YBMY0lO0akKt
j4zKBSElDaP7VcvH2d3UOh05NFuebtjB+AksVIqosHgScbMDseBgTLgMNBipvUPy
5vj5rS0yFn/Zu/0zMCTbNPhLClDNl7wBoEAS8lrPSVgSfh8M6OJONlHj3uPFKI4/
Mb+SL2n3jNRWkKNckNf0Yfkv5MgeboIlQ8Mtq4itx+TPcO6Y0otjrKufhbROvroG
DnfeijIYX12WMswL19MxIJPV0Hm8jbJgyht3TKw0B0hVqqsfTLmmsI4xs4C6V6YT
Gwy5H0K6gyILrG9cBcvhaxV3Rm/AA+RrR7Mu/gxUaNPfzsMBSa9ygNDsCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHa/q9UIqVsNCzKLYiN4icV6LkN9MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvZHItcjFRaXBXdzBMTW90aUkzaUp4WG91UTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbadyMA0G
CSqGSIb3DQEBCwUAA4IBAQDMQUtfvjU5bUQbwq8Vu+6XYOIT5Wn1Jt7XiM3b0XjY
L+5RZNY9mFGTz+uC6cy8AzKhzqUs5k9OtHt8LhxdyW3T25VvILvrufx9x5DcgRQG
trYDCqOzydK4viEpLQVTSRZjZGANeeB9R9N8UYSpM2B7kEo+cXnXCvJYbdMXLhWK
nydz1Q+5uTE83abkQZPGVyJBYnXQodcKkaXp2XxtyVmeu0Lro9Z1DvLLV+tG9Eps
ozOISiGc7AJJbkjl3hOO4H1zNpW8HcfnxhAZY1b2+xcxVZ/1EFtKd1balMqUVDYn
g/zb8imLZb/bZTIAIgWru04+hxNc2FLfxDdOUBCw1cF0
-----END CERTIFICATE-----