This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/aRuPqNH6CePYonZXCvJpNhdLTq4.roa
File:                     aRuPqNH6CePYonZXCvJpNhdLTq4.roa (raw, json)
Hash identifier:          sDab1uY8COS+SQpx2FBlz4C/BxfEX3Pxl+YkMtnLT5w=
Subject key identifier:   69:1B:8F:A8:D1:FA:09:E3:D8:A2:76:57:0A:F2:69:36:17:4B:4E:AE
Certificate issuer:       /CN=08b3eb5fb3ba7656e11357834829eecaf441212e
Certificate serial:       019B7AC7962EC16AD848429DCEF494DF8280
Authority key identifier: 08:B3:EB:5F:B3:BA:76:56:E1:13:57:83:48:29:EE:CA:F4:41:21:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/aRuPqNH6CePYonZXCvJpNhdLTq4.roa
Signing time:             Thu 01 Jan 2026 18:17:39 +0000
ROA not before:           Thu 01 Jan 2026 18:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43885
IP address blocks:        109.70.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:96:2e:c1:6a:d8:48:42:9d:ce:f4:94:df:82:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08b3eb5fb3ba7656e11357834829eecaf441212e
        Validity
            Not Before: Jan  1 18:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=691b8fa8d1fa09e3d8a276570af26936174b4eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:19:1d:77:2f:2e:51:48:0e:1b:f2:0d:52:c6:
                    85:04:59:b0:b7:d5:c1:51:9e:fc:93:8c:3d:9f:87:
                    87:35:ae:72:2b:79:81:86:75:1a:24:a6:42:53:2b:
                    9f:78:67:c6:16:3e:39:3f:e8:f7:d7:7e:62:2e:32:
                    9f:c4:1f:6c:80:4c:e4:06:01:1e:11:5f:5b:73:93:
                    54:73:77:c0:6c:b0:bc:b5:51:11:d8:60:f1:0f:0e:
                    a9:31:28:c2:53:66:79:39:53:4e:9a:34:35:03:29:
                    2a:fa:21:58:7d:ec:9d:b8:b5:0d:b0:8e:56:8e:ad:
                    d2:87:24:f2:0f:77:73:00:36:ff:21:1f:8d:bb:af:
                    39:37:98:d9:e1:07:9d:6c:5d:3a:44:39:84:dc:64:
                    1f:50:2f:9d:8b:de:a6:6d:88:fa:a3:e0:17:35:64:
                    c3:9d:57:aa:b8:a5:2f:94:0f:04:41:6a:70:8a:45:
                    99:ed:7a:fd:90:56:97:39:2c:d3:95:58:d6:b1:92:
                    46:17:62:11:2b:db:77:69:b6:4a:c9:b1:c5:f4:b9:
                    c4:c4:55:95:01:eb:3f:08:5a:3e:54:a4:18:b0:5b:
                    43:f9:b3:6d:39:ef:37:1a:bd:78:02:fa:23:1a:23:
                    97:ec:56:c3:1b:56:ef:d1:ac:ab:9f:15:ef:43:e4:
                    78:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:1B:8F:A8:D1:FA:09:E3:D8:A2:76:57:0A:F2:69:36:17:4B:4E:AE
            X509v3 Authority Key Identifier:
                keyid:08:B3:EB:5F:B3:BA:76:56:E1:13:57:83:48:29:EE:CA:F4:41:21:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/aRuPqNH6CePYonZXCvJpNhdLTq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:f5:91:82:38:c1:1f:20:07:e4:47:d7:4a:0b:54:7c:36:56:
         61:c3:f7:52:76:c6:c4:d9:55:a1:85:84:40:f4:a3:5f:5b:e4:
         e6:c8:4a:0d:48:69:d5:3b:95:01:35:63:4c:09:a2:7f:37:16:
         1f:df:2f:98:89:6e:7c:af:30:09:c6:06:ff:8e:44:c7:b4:13:
         2f:7e:db:d8:77:e0:69:23:2d:bc:42:93:82:13:a3:67:59:aa:
         74:17:e5:70:11:9d:f5:05:fb:d3:e6:3b:97:2b:5e:5e:94:1e:
         ba:82:bd:2f:4f:9d:54:21:f5:f3:f2:22:d2:b6:78:ed:8c:53:
         bb:5c:e3:4e:28:77:ff:3f:c9:33:9d:8c:f8:9f:d0:32:68:eb:
         1c:8a:6f:dc:1a:8e:96:6c:fe:01:16:53:51:b8:7f:b2:71:da:
         6f:9c:8f:5f:7f:3e:84:ae:2b:d3:31:1c:97:20:ee:a8:a7:fd:
         1f:6f:ea:3c:7b:13:60:b6:36:fe:0c:bd:06:5f:a7:8c:de:37:
         10:a0:67:91:ee:e6:09:4e:c0:04:29:36:e6:63:31:e2:42:5e:
         c4:dc:f6:45:bc:26:ed:58:50:30:d6:e7:e5:d5:3c:17:ed:7b:
         9e:24:2d:35:36:0f:25:b5:de:47:72:eb:31:cf:c5:6f:2b:e6:
         62:e9:ba:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5YuwWrYSEKdzvSU34KAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YjNlYjVmYjNiYTc2NTZlMTEzNTc4MzQ4MjllZWNhZjQ0
MTIxMmUwHhcNMjYwMTAxMTgxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTFiOGZhOGQxZmEwOWUzZDhhMjc2NTcwYWYyNjkzNjE3NGI0ZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRkddy8uUUgOG/INUsaFBFmwt9XB
UZ78k4w9n4eHNa5yK3mBhnUaJKZCUyufeGfGFj45P+j3135iLjKfxB9sgEzkBgEe
EV9bc5NUc3fAbLC8tVER2GDxDw6pMSjCU2Z5OVNOmjQ1Aykq+iFYfeyduLUNsI5W
jq3ShyTyD3dzADb/IR+Nu685N5jZ4QedbF06RDmE3GQfUC+di96mbYj6o+AXNWTD
nVequKUvlA8EQWpwikWZ7Xr9kFaXOSzTlVjWsZJGF2IRK9t3abZKybHF9LnExFWV
Aes/CFo+VKQYsFtD+bNtOe83Gr14AvojGiOX7FbDG1bv0ayrnxXvQ+R4KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkbj6jR+gnj2KJ2VwryaTYXS06uMB8GA1UdIwQY
MBaAFAiz61+zunZW4RNXg0gp7sr0QSEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0xQclg3TzZkbGJoRTFlRFNDbnV5dlJCSVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xNmM4OTAtMTdlNy00YTUxLWEzODct
M2U4ZGYzMzEwMjMyLzEvYVJ1UHFOSDZDZVBZb25aWEN2SnBOaGRMVHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xNmM4OTAtMTdlNy00YTUxLWEzODctM2U4ZGYzMzEwMjMy
LzEvQ0xQclg3TzZkbGJoRTFlRFNDbnV5dlJCSVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUbrMA0G
CSqGSIb3DQEBCwUAA4IBAQCO9ZGCOMEfIAfkR9dKC1R8NlZhw/dSdsbE2VWhhYRA
9KNfW+TmyEoNSGnVO5UBNWNMCaJ/NxYf3y+YiW58rzAJxgb/jkTHtBMvftvYd+Bp
Iy28QpOCE6NnWap0F+VwEZ31BfvT5juXK15elB66gr0vT51UIfXz8iLStnjtjFO7
XONOKHf/P8kznYz4n9AyaOscim/cGo6WbP4BFlNRuH+ycdpvnI9ffz6ErivTMRyX
IO6op/0fb+o8exNgtjb+DL0GX6eM3jcQoGeR7uYJTsAEKTbmYzHiQl7E3PZFvCbt
WFAw1ufl1TwX7XueJC01Ng8ltd5Hcusxz8VvK+Zi6br2
-----END CERTIFICATE-----