This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/k2h5FlXc59wzOxM8A70YzP6iC5M.roa
File:                     k2h5FlXc59wzOxM8A70YzP6iC5M.roa (raw, json)
Hash identifier:          CefUsydLyLh/G0hNJQpjjpTbFbmieBWRGwTdLKUTmro=
Subject key identifier:   93:68:79:16:55:DC:E7:DC:33:3B:13:3C:03:BD:18:CC:FE:A2:0B:93
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019B7E38C4675CAA33CE45F0B22E00DE003A
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/k2h5FlXc59wzOxM8A70YzP6iC5M.roa
Signing time:             Fri 02 Jan 2026 10:20:08 +0000
ROA not before:           Fri 02 Jan 2026 10:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208063
IP address blocks:        109.122.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:c4:67:5c:aa:33:ce:45:f0:b2:2e:00:de:00:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jan  2 10:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9368791655dce7dc333b133c03bd18ccfea20b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0a:80:ae:25:e0:db:92:f3:00:28:64:3d:7d:
                    12:e0:30:65:15:be:0c:20:73:07:fe:ab:dc:08:21:
                    d5:cc:ff:47:9a:d6:9c:bc:c0:6a:ea:32:75:5e:ef:
                    3c:65:0c:7a:08:17:33:e8:d1:d9:06:7f:7a:e7:5a:
                    12:c1:fc:7f:f2:a2:66:85:2f:a6:61:f8:d5:e4:da:
                    ca:80:ec:38:60:43:b0:12:99:35:67:c4:b0:50:0e:
                    71:5e:8b:ac:30:6c:b1:4f:06:a6:80:7f:8d:d6:33:
                    30:c5:a2:8f:b7:d2:b8:a0:0f:7a:18:b6:c8:15:24:
                    68:f4:79:8d:74:1e:3f:a0:e9:ec:c7:93:c2:57:c4:
                    60:ba:b7:e0:fd:14:fb:58:4f:68:2c:79:75:61:dc:
                    cf:75:b1:71:54:b4:4f:54:b6:8b:d1:f9:b4:be:c7:
                    45:2f:f1:8e:11:4b:51:ff:91:b6:66:9c:95:26:a8:
                    d8:94:0d:98:96:c2:b5:0a:e4:10:6c:f8:10:2b:f5:
                    99:fa:41:8b:89:b9:ab:85:75:d2:46:d3:e1:e4:86:
                    59:81:de:2f:5f:92:41:c5:e4:82:55:64:bc:63:9c:
                    18:0a:e8:d2:4e:8d:97:1b:cb:83:8c:42:f6:da:a2:
                    30:87:8b:d9:0f:99:15:cb:92:70:4b:5c:1a:b8:6b:
                    31:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:68:79:16:55:DC:E7:DC:33:3B:13:3C:03:BD:18:CC:FE:A2:0B:93
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/k2h5FlXc59wzOxM8A70YzP6iC5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:28:7d:bd:a9:99:93:fa:0e:c1:f1:86:c0:2c:5b:ee:85:53:
         51:b4:76:7e:4f:05:d6:98:65:5f:ad:6f:fc:cc:cb:e0:5b:1d:
         5f:f8:66:93:52:9f:32:4a:f8:e1:27:1a:54:c7:e0:80:66:2d:
         69:64:48:66:80:46:57:2f:f1:05:b2:3b:36:db:da:6c:89:23:
         51:ba:29:40:9f:72:1b:93:96:80:12:b4:19:1a:10:62:b5:1b:
         ca:e6:44:6a:27:1b:6e:78:c5:15:84:aa:7c:24:ae:a8:5c:86:
         7a:43:a7:2b:d8:0c:db:4b:7c:9b:e4:e2:a9:63:19:08:ac:d9:
         34:06:97:00:ca:a8:c1:9f:fa:6d:ca:31:00:9a:d5:7b:eb:ab:
         a9:89:75:53:b2:5f:ef:4d:70:04:fa:c8:bc:c8:d6:28:e2:c8:
         17:d1:5a:be:e5:12:f4:79:22:a7:19:d3:73:d2:19:1c:aa:29:
         2e:52:63:0b:2c:b2:32:a9:83:bd:5b:a7:6c:a8:bb:2d:a0:9c:
         81:7e:9f:bc:f8:7d:11:5c:b3:f2:4f:f2:cc:e6:87:23:f5:b3:
         b6:0a:dd:97:8a:90:35:bc:11:dd:a2:b2:33:df:79:b8:80:78:
         f9:74:ae:d2:0d:07:63:fa:06:a8:c8:7a:94:f2:37:fd:ff:8c:
         9c:fe:7d:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OMRnXKozzkXwsi4A3gA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMTAyMTAyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzY4NzkxNjU1ZGNlN2RjMzMzYjEzM2MwM2JkMThjY2ZlYTIwYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQqAriXg25LzAChkPX0S4DBlFb4M
IHMH/qvcCCHVzP9HmtacvMBq6jJ1Xu88ZQx6CBcz6NHZBn9651oSwfx/8qJmhS+m
YfjV5NrKgOw4YEOwEpk1Z8SwUA5xXousMGyxTwamgH+N1jMwxaKPt9K4oA96GLbI
FSRo9HmNdB4/oOnsx5PCV8Rgurfg/RT7WE9oLHl1YdzPdbFxVLRPVLaL0fm0vsdF
L/GOEUtR/5G2ZpyVJqjYlA2YlsK1CuQQbPgQK/WZ+kGLibmrhXXSRtPh5IZZgd4v
X5JBxeSCVWS8Y5wYCujSTo2XG8uDjEL22qIwh4vZD5kVy5JwS1wauGsxvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNoeRZV3OfcMzsTPAO9GMz+oguTMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvazJoNUZsWGM1OXd6T3hNOEE3MFl6UDZpQzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo4MA0G
CSqGSIb3DQEBCwUAA4IBAQAiKH29qZmT+g7B8YbALFvuhVNRtHZ+TwXWmGVfrW/8
zMvgWx1f+GaTUp8ySvjhJxpUx+CAZi1pZEhmgEZXL/EFsjs229psiSNRuilAn3Ib
k5aAErQZGhBitRvK5kRqJxtueMUVhKp8JK6oXIZ6Q6cr2AzbS3yb5OKpYxkIrNk0
BpcAyqjBn/ptyjEAmtV766upiXVTsl/vTXAE+si8yNYo4sgX0Vq+5RL0eSKnGdNz
0hkcqikuUmMLLLIyqYO9W6dsqLstoJyBfp+8+H0RXLPyT/LM5ocj9bO2Ct2XipA1
vBHdorIz33m4gHj5dK7SDQdj+gaoyHqU8jf9/4yc/n2U
-----END CERTIFICATE-----