This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/tHZ2V0iu4GQ4u8dz3d-vezyr63U.roa
File:                     tHZ2V0iu4GQ4u8dz3d-vezyr63U.roa (raw, json)
Hash identifier:          9IDxOxYubxzmonVtgFknYFCwSEpnGviE8ZLmSqdhW0c=
Subject key identifier:   B4:76:76:57:48:AE:E0:64:38:BB:C7:73:DD:DF:AF:7B:3C:AB:EB:75
Certificate issuer:       /CN=607e13578c680ee98fdaad202370f10e3c282afc
Certificate serial:       019B7F1361DFA7F45F63F90D819A63BE1F81
Authority key identifier: 60:7E:13:57:8C:68:0E:E9:8F:DA:AD:20:23:70:F1:0E:3C:28:2A:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YH4TV4xoDumP2q0gI3DxDjwoKvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/tHZ2V0iu4GQ4u8dz3d-vezyr63U.roa
Signing time:             Fri 02 Jan 2026 14:18:55 +0000
ROA not before:           Fri 02 Jan 2026 14:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44066
IP address blocks:        109.232.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/YH4TV4xoDumP2q0gI3DxDjwoKvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/YH4TV4xoDumP2q0gI3DxDjwoKvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YH4TV4xoDumP2q0gI3DxDjwoKvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:61:df:a7:f4:5f:63:f9:0d:81:9a:63:be:1f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607e13578c680ee98fdaad202370f10e3c282afc
        Validity
            Not Before: Jan  2 14:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b476765748aee06438bbc773dddfaf7b3cabeb75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:87:89:e3:2e:37:ec:24:d2:7d:84:af:4e:5b:
                    05:8c:d1:d3:9b:51:79:4a:ae:d5:97:3f:3e:bd:65:
                    93:30:1e:de:61:2f:c7:4e:64:43:ea:ad:5c:ec:2a:
                    89:54:81:b3:44:4e:3b:fe:41:d1:c4:fa:07:23:a1:
                    6a:6f:26:a6:14:56:d0:f0:97:be:07:a6:7c:00:46:
                    1c:80:c6:47:c4:6f:2a:53:93:c8:dc:c6:6b:d3:dc:
                    91:4b:98:61:b5:b4:06:c5:c6:40:39:89:bd:3f:26:
                    47:a4:67:b2:15:e1:73:d8:94:9f:de:a1:5e:26:94:
                    dd:1a:ce:a9:8d:4c:f4:3e:63:dd:cc:0c:07:b5:4d:
                    79:83:04:08:7d:67:c0:b2:83:44:c0:e0:58:36:d8:
                    47:e2:2b:c8:d5:31:c9:9c:78:e8:42:02:1a:99:4c:
                    06:c9:70:ec:50:d7:46:a4:68:62:01:d2:95:ba:74:
                    be:40:d9:3e:04:2b:43:41:3f:89:9a:63:8d:ef:3a:
                    01:47:21:05:3f:9e:90:6d:46:16:4a:1d:66:a7:6f:
                    a4:85:1b:05:6b:8c:69:a2:54:e5:e4:d0:a9:df:98:
                    1f:86:70:db:96:62:0f:c1:d3:31:9d:74:4d:a2:76:
                    e8:a1:72:c9:ba:7c:1a:18:8b:32:75:48:ea:dc:c1:
                    68:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:76:76:57:48:AE:E0:64:38:BB:C7:73:DD:DF:AF:7B:3C:AB:EB:75
            X509v3 Authority Key Identifier:
                keyid:60:7E:13:57:8C:68:0E:E9:8F:DA:AD:20:23:70:F1:0E:3C:28:2A:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YH4TV4xoDumP2q0gI3DxDjwoKvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/tHZ2V0iu4GQ4u8dz3d-vezyr63U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/YH4TV4xoDumP2q0gI3DxDjwoKvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:08:a7:90:01:26:7b:e7:97:72:bc:27:01:65:de:d0:92:bc:
         ff:5e:2e:56:81:5e:7a:b4:ce:fd:69:30:e3:6e:50:4e:6a:d4:
         c4:85:4f:5c:b1:3e:d9:3d:96:20:ce:35:42:56:30:a7:fe:f2:
         b6:90:1a:1f:91:da:b7:bf:0a:f3:7a:ea:12:f4:9b:b6:d4:a8:
         9f:cf:97:67:7b:86:95:24:ab:d0:25:96:8a:c4:b0:a6:77:ea:
         ef:98:5b:e1:c6:6f:25:65:40:1d:e5:b4:e3:e3:a5:57:6c:3b:
         47:25:5f:4d:db:53:4c:ea:21:6f:af:d0:55:6d:ec:a2:dd:b5:
         ff:50:c5:e4:10:ec:7f:97:de:d3:89:bf:d8:8a:c9:1e:fe:00:
         18:00:99:c4:34:8e:76:45:f6:72:a0:a7:14:9f:78:4d:23:b9:
         2a:fc:fb:fc:2e:cf:75:f4:05:44:ed:75:de:a4:3a:b5:84:7a:
         4e:dc:16:ee:55:58:6f:52:f1:5e:3d:34:2d:71:b7:2f:ee:ff:
         26:cc:33:3a:12:54:3f:30:bb:33:1d:24:d5:e0:50:e7:f8:6b:
         48:db:a2:0c:9c:42:c2:69:c7:97:21:16:d7:75:aa:95:c7:6c:
         44:d4:f8:fa:ae:d1:a5:d0:39:1b:54:56:71:47:83:e6:18:31:
         98:b2:e0:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E2Hfp/RfY/kNgZpjvh+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2UxMzU3OGM2ODBlZTk4ZmRhYWQyMDIzNzBmMTBlM2My
ODJhZmMwHhcNMjYwMTAyMTQxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDc2NzY1NzQ4YWVlMDY0MzhiYmM3NzNkZGRmYWY3YjNjYWJlYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoeJ4y437CTSfYSvTlsFjNHTm1F5
Sq7Vlz8+vWWTMB7eYS/HTmRD6q1c7CqJVIGzRE47/kHRxPoHI6FqbyamFFbQ8Je+
B6Z8AEYcgMZHxG8qU5PI3MZr09yRS5hhtbQGxcZAOYm9PyZHpGeyFeFz2JSf3qFe
JpTdGs6pjUz0PmPdzAwHtU15gwQIfWfAsoNEwOBYNthH4ivI1THJnHjoQgIamUwG
yXDsUNdGpGhiAdKVunS+QNk+BCtDQT+JmmON7zoBRyEFP56QbUYWSh1mp2+khRsF
a4xpolTl5NCp35gfhnDblmIPwdMxnXRNonbooXLJunwaGIsydUjq3MFoywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLR2dldIruBkOLvHc93fr3s8q+t1MB8GA1UdIwQY
MBaAFGB+E1eMaA7pj9qtICNw8Q48KCr8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUg0VFY0eG9EdW1QMnEwZ0kzRHhEandvS3Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9hMjFiYmUtYmE0ZC00ZTAzLWJlZjgt
YmFmZmUzYjY3N2RmLzEvdEhaMlYwaXU0R1E0dThkejNkLXZlenlyNjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9hMjFiYmUtYmE0ZC00ZTAzLWJlZjgtYmFmZmUzYjY3N2Rm
LzEvWUg0VFY0eG9EdW1QMnEwZ0kzRHhEandvS3Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbeh4MA0G
CSqGSIb3DQEBCwUAA4IBAQBXCKeQASZ755dyvCcBZd7Qkrz/Xi5WgV56tM79aTDj
blBOatTEhU9csT7ZPZYgzjVCVjCn/vK2kBofkdq3vwrzeuoS9Ju21Kifz5dne4aV
JKvQJZaKxLCmd+rvmFvhxm8lZUAd5bTj46VXbDtHJV9N21NM6iFvr9BVbeyi3bX/
UMXkEOx/l97Tib/Yiske/gAYAJnENI52RfZyoKcUn3hNI7kq/Pv8Ls919AVE7XXe
pDq1hHpO3BbuVVhvUvFePTQtcbcv7v8mzDM6ElQ/MLszHSTV4FDn+GtI26IMnELC
aceXIRbXdaqVx2xE1Pj6rtGl0DkbVFZxR4PmGDGYsuAs
-----END CERTIFICATE-----