This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/EIcG2tRM0hEnCUbXBXwn4F2K_RU.roa
File:                     EIcG2tRM0hEnCUbXBXwn4F2K_RU.roa (raw, json)
Hash identifier:          CzCHk+1EoYkn3OF7WD2BogtQF0fxYDolBFo6xDdWuh8=
Subject key identifier:   10:87:06:DA:D4:4C:D2:11:27:09:46:D7:05:7C:27:E0:5D:8A:FD:15
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019B7E38C7BF67149E33A420CB24B6865421
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/EIcG2tRM0hEnCUbXBXwn4F2K_RU.roa
Signing time:             Fri 02 Jan 2026 10:20:08 +0000
ROA not before:           Fri 02 Jan 2026 10:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214140
IP address blocks:        109.122.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:c7:bf:67:14:9e:33:a4:20:cb:24:b6:86:54:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jan  2 10:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=108706dad44cd211270946d7057c27e05d8afd15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ef:f9:de:ec:8b:b6:20:bd:9e:f3:74:a5:5b:
                    94:b7:a6:0e:7e:1e:8f:3b:0f:89:d9:d5:b6:d1:0e:
                    df:7d:2f:2f:ec:2d:37:ff:4b:01:40:3a:69:75:b0:
                    09:aa:ab:50:29:1a:f7:52:9d:41:a2:99:ba:77:21:
                    7e:91:43:fd:80:03:8b:12:61:0f:47:bd:bc:91:47:
                    52:c1:ae:42:92:64:b5:ea:6d:8e:4e:4e:f4:ea:fa:
                    1a:2a:db:2f:46:b3:11:1c:d0:b1:1e:a8:b4:4a:14:
                    a2:b1:be:52:35:f9:ab:b8:3f:f3:b4:6b:aa:99:3e:
                    f8:9a:0b:3d:c6:4f:52:68:45:53:be:11:6a:fa:18:
                    bb:f4:2e:53:2c:fe:12:a3:fc:03:70:92:91:d8:e8:
                    d1:b7:dd:8a:93:66:9b:5e:cb:98:90:3e:bb:c2:f4:
                    68:d8:f4:75:77:be:f0:d9:a0:a5:5f:86:21:fe:ba:
                    cb:5e:aa:f1:8a:53:d1:2c:64:3c:ab:93:2d:4a:14:
                    07:31:57:34:22:d7:1d:10:01:87:f2:f0:a2:20:5c:
                    74:48:a8:98:9b:be:dd:f8:2a:b0:61:5c:b0:48:36:
                    39:e4:6c:09:ac:88:59:88:5a:95:7b:fd:3b:06:24:
                    76:cc:36:15:59:a5:37:88:a1:f4:20:d5:33:86:71:
                    cb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:87:06:DA:D4:4C:D2:11:27:09:46:D7:05:7C:27:E0:5D:8A:FD:15
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/EIcG2tRM0hEnCUbXBXwn4F2K_RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:4e:63:cc:34:ca:f9:8e:a4:3a:ec:49:7b:aa:43:25:76:0a:
         c5:91:06:ef:1c:cc:00:6f:cd:f8:cf:4a:f5:f6:2c:28:b8:4d:
         d9:eb:68:30:bc:31:0e:6e:aa:b8:26:4f:d6:3e:d8:72:b7:e1:
         c0:7f:bb:66:cd:c6:5d:27:3c:4f:8b:c1:a5:4c:b1:2f:60:b6:
         06:66:f8:a2:82:04:28:75:ca:c9:cc:d2:28:2a:ac:48:d0:42:
         0b:9a:38:98:e3:c7:a2:58:8b:13:17:13:42:2e:66:f3:89:5e:
         0b:a9:e3:e4:f5:16:a4:98:fa:e0:c5:b4:56:d8:ae:3d:03:5f:
         84:e6:8e:d4:29:fa:ba:ab:77:d4:77:ca:ef:80:07:ef:e8:77:
         3d:10:6e:54:05:de:7f:64:c1:d4:42:26:59:08:70:ff:44:65:
         6f:0b:69:0a:83:bc:c4:bc:fd:f6:90:3c:af:fd:a3:73:6d:1b:
         f8:fb:98:08:eb:98:52:cc:55:1f:40:c4:f2:49:de:b2:a3:40:
         ab:14:0b:8f:30:3f:dd:a1:56:c7:1b:9b:8a:bc:fa:0d:40:fb:
         a7:1f:f6:b6:84:a4:ca:64:0b:c5:50:ad:56:a0:80:9d:18:2b:
         30:13:08:85:b3:8f:2c:ce:1b:38:71:b0:e9:a0:eb:19:0e:34:
         42:9b:78:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OMe/ZxSeM6QgyyS2hlQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMTAyMTAyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDg3MDZkYWQ0NGNkMjExMjcwOTQ2ZDcwNTdjMjdlMDVkOGFmZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAje/53uyLtiC9nvN0pVuUt6YOfh6P
Ow+J2dW20Q7ffS8v7C03/0sBQDppdbAJqqtQKRr3Up1Bopm6dyF+kUP9gAOLEmEP
R728kUdSwa5CkmS16m2OTk706voaKtsvRrMRHNCxHqi0ShSisb5SNfmruD/ztGuq
mT74mgs9xk9SaEVTvhFq+hi79C5TLP4So/wDcJKR2OjRt92Kk2abXsuYkD67wvRo
2PR1d77w2aClX4Yh/rrLXqrxilPRLGQ8q5MtShQHMVc0ItcdEAGH8vCiIFx0SKiY
m77d+CqwYVywSDY55GwJrIhZiFqVe/07BiR2zDYVWaU3iKH0INUzhnHL9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCHBtrUTNIRJwlG1wV8J+Bdiv0VMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvRUljRzJ0Uk0waEVuQ1ViWEJYd240RjJLX1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo/MA0G
CSqGSIb3DQEBCwUAA4IBAQATTmPMNMr5jqQ67El7qkMldgrFkQbvHMwAb834z0r1
9iwouE3Z62gwvDEObqq4Jk/WPthyt+HAf7tmzcZdJzxPi8GlTLEvYLYGZviiggQo
dcrJzNIoKqxI0EILmjiY48eiWIsTFxNCLmbziV4LqePk9RakmPrgxbRW2K49A1+E
5o7UKfq6q3fUd8rvgAfv6Hc9EG5UBd5/ZMHUQiZZCHD/RGVvC2kKg7zEvP32kDyv
/aNzbRv4+5gI65hSzFUfQMTySd6yo0CrFAuPMD/doVbHG5uKvPoNQPunH/a2hKTK
ZAvFUK1WoICdGCswEwiFs48szhs4cbDpoOsZDjRCm3jA
-----END CERTIFICATE-----