This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/fh7S3k35orygy_NxNIqp6F0-sJI.roa
File:                     fh7S3k35orygy_NxNIqp6F0-sJI.roa (raw, json)
Hash identifier:          XfQHhVDUDcNs2QAWWCjGzgrFd34jfifMCK0Ay/ulRf8=
Subject key identifier:   7E:1E:D2:DE:4D:F9:A2:BC:A0:CB:F3:71:34:8A:A9:E8:5D:3E:B0:92
Certificate issuer:       /CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
Certificate serial:       019B7DCB1FE94137842E64AACC6E6FE5969B
Authority key identifier: 43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/fh7S3k35orygy_NxNIqp6F0-sJI.roa
Signing time:             Fri 02 Jan 2026 08:20:22 +0000
ROA not before:           Fri 02 Jan 2026 08:20:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210687
IP address blocks:        5.183.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:1f:e9:41:37:84:2e:64:aa:cc:6e:6f:e5:96:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
        Validity
            Not Before: Jan  2 08:20:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e1ed2de4df9a2bca0cbf371348aa9e85d3eb092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f5:88:de:7b:6b:80:14:64:00:ef:76:a7:23:
                    a6:c8:af:43:d5:84:cb:dd:7f:46:b6:07:c5:28:9b:
                    eb:6c:51:9a:9f:27:36:af:b6:26:1f:9d:8a:f0:ea:
                    ab:23:e6:77:95:5e:34:a2:7d:ea:42:fd:67:db:40:
                    8d:b6:ea:11:e2:5c:a0:95:6f:04:16:57:81:7e:d5:
                    9f:21:53:3c:88:1b:79:f5:de:68:17:a9:0d:82:ce:
                    f8:26:76:43:eb:f1:13:2f:58:ab:7a:62:f5:eb:94:
                    ef:7e:9e:92:d0:c0:2b:a7:31:b7:bc:99:01:41:47:
                    89:b4:be:60:dd:dc:5d:bc:35:0b:87:1f:73:9e:8d:
                    53:35:51:2d:27:2c:1c:cf:68:62:6c:08:58:d6:96:
                    e2:67:76:d0:36:13:4d:b6:3b:3b:2c:8b:1c:9f:1b:
                    b5:ea:f7:cd:65:32:30:26:8b:e2:6f:7e:bb:ce:90:
                    c4:2a:ea:38:3e:5b:52:b3:4b:4e:4a:b0:63:d6:35:
                    4b:a9:08:67:26:4f:12:91:35:24:4c:6b:99:e9:2f:
                    45:16:fa:a8:25:96:1f:29:d2:72:c0:53:a3:72:a8:
                    cd:3f:3d:f6:d6:86:72:21:ef:85:f0:ed:68:8f:a2:
                    1e:f1:a3:ba:1c:52:09:f5:69:ce:08:2f:f8:88:94:
                    05:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:1E:D2:DE:4D:F9:A2:BC:A0:CB:F3:71:34:8A:A9:E8:5D:3E:B0:92
            X509v3 Authority Key Identifier:
                keyid:43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/fh7S3k35orygy_NxNIqp6F0-sJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:0d:8b:1b:76:4e:52:04:de:34:b7:3e:fa:e2:f3:dc:94:27:
         e4:5a:d6:44:c7:63:c1:20:2e:e0:93:78:6f:e3:aa:84:e3:0c:
         b6:51:e9:c2:6c:bd:3f:6d:6c:26:ea:b6:7c:ed:c2:47:35:14:
         e4:cd:9f:84:75:5c:92:a3:36:c1:19:25:a9:10:d4:46:67:3a:
         04:50:c5:9f:ac:62:45:38:75:d5:8c:9c:26:de:ce:4d:13:91:
         9e:1a:e9:ff:dc:e9:a3:bb:b2:78:58:b5:e9:38:b8:6d:d9:19:
         fe:a5:50:25:9b:8b:37:19:cc:46:a7:9e:75:72:55:08:46:01:
         5c:60:f9:2f:4e:ac:c0:fe:c6:f6:94:ed:51:19:68:3d:dc:17:
         8c:7e:67:25:9c:cb:8c:c5:ad:54:40:67:75:b9:d6:ed:c1:88:
         36:6b:2f:fe:0d:36:75:07:e0:b6:4b:97:3c:e9:e4:8b:68:2f:
         8b:e1:3a:74:ea:a7:76:26:60:6b:f1:12:d2:ed:6f:6f:e7:fb:
         c9:b9:61:c5:94:53:d1:71:9c:c4:22:87:6d:85:32:1e:56:8e:
         90:6a:21:7d:c5:05:55:78:5e:41:cd:8b:83:d1:5b:bd:c8:79:
         07:ea:8e:00:7e:5c:2a:19:01:42:fe:41:dd:03:a3:03:31:0b:
         7f:d4:1c:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yx/pQTeELmSqzG5v5ZabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzODRmNmZhNmRlY2NlZDU1NzhhODVhNTFlMGJkNjU3MDFl
YTM0ZWMwHhcNMjYwMTAyMDgyMDIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTFlZDJkZTRkZjlhMmJjYTBjYmYzNzEzNDhhYTllODVkM2ViMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvWI3ntrgBRkAO92pyOmyK9D1YTL
3X9GtgfFKJvrbFGanyc2r7YmH52K8OqrI+Z3lV40on3qQv1n20CNtuoR4lyglW8E
FleBftWfIVM8iBt59d5oF6kNgs74JnZD6/ETL1iremL165Tvfp6S0MArpzG3vJkB
QUeJtL5g3dxdvDULhx9zno1TNVEtJywcz2hibAhY1pbiZ3bQNhNNtjs7LIscnxu1
6vfNZTIwJovib367zpDEKuo4PltSs0tOSrBj1jVLqQhnJk8SkTUkTGuZ6S9FFvqo
JZYfKdJywFOjcqjNPz321oZyIe+F8O1oj6Ie8aO6HFIJ9WnOCC/4iJQFGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4e0t5N+aK8oMvzcTSKqehdPrCSMB8GA1UdIwQY
MBaAFEOE9vpt7M7VV4qFpR4L1lcB6jTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMt
MWIxM2JkNDU2NmE1LzEvZmg3UzNrMzVvcnlneV9OeE5JcXA2RjAtc0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMtMWIxM2JkNDU2NmE1
LzEvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbdtMA0G
CSqGSIb3DQEBCwUAA4IBAQB2DYsbdk5SBN40tz764vPclCfkWtZEx2PBIC7gk3hv
46qE4wy2UenCbL0/bWwm6rZ87cJHNRTkzZ+EdVySozbBGSWpENRGZzoEUMWfrGJF
OHXVjJwm3s5NE5GeGun/3Omju7J4WLXpOLht2Rn+pVAlm4s3GcxGp551clUIRgFc
YPkvTqzA/sb2lO1RGWg93BeMfmclnMuMxa1UQGd1udbtwYg2ay/+DTZ1B+C2S5c8
6eSLaC+L4Tp06qd2JmBr8RLS7W9v5/vJuWHFlFPRcZzEIodthTIeVo6QaiF9xQVV
eF5BzYuD0Vu9yHkH6o4AflwqGQFC/kHdA6MDMQt/1Bzi
-----END CERTIFICATE-----