This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/icBjslH5ERqmqpU1USzkMdhkEjI.roa
File:                     icBjslH5ERqmqpU1USzkMdhkEjI.roa (raw, json)
Hash identifier:          wMYjLB/rE9ycsdnG1IDtuH3D8/HkxmDfxjH3cnkuOvM=
Subject key identifier:   89:C0:63:B2:51:F9:11:1A:A6:AA:95:35:51:2C:E4:31:D8:64:12:32
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       019B7AC78FDAD53AF8D714F3AE2F52064094
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/icBjslH5ERqmqpU1USzkMdhkEjI.roa
Signing time:             Thu 01 Jan 2026 18:17:37 +0000
ROA not before:           Thu 01 Jan 2026 18:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49433
IP address blocks:        109.232.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:8f:da:d5:3a:f8:d7:14:f3:ae:2f:52:06:40:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 18:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89c063b251f9111aa6aa9535512ce431d8641232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7b:10:64:31:50:13:5d:30:db:8d:f5:9e:ef:
                    12:46:4b:ed:db:cf:87:cf:66:74:b2:95:7d:88:19:
                    73:6a:b1:8c:92:09:7f:dc:d6:d7:b6:68:48:82:01:
                    13:bc:34:66:ca:b1:fc:75:17:c0:22:86:1d:a1:bf:
                    71:d6:7b:bb:96:b1:73:22:82:be:79:9f:fc:4a:d1:
                    ec:fa:ad:db:06:81:fd:aa:b7:8a:ac:f6:f6:a6:55:
                    f8:55:8a:4e:e1:21:7c:d6:1d:a8:26:83:13:53:2e:
                    c4:c0:5e:98:51:bd:7c:3c:2c:2a:b4:65:54:c9:97:
                    61:e7:cc:42:5d:5d:e9:d5:cc:0f:5d:c0:91:23:5d:
                    bd:1e:50:e6:b1:44:fa:bb:25:11:ba:14:01:f3:ec:
                    48:18:85:9d:7a:23:31:42:b8:fd:bf:5d:c1:96:c5:
                    33:83:f1:39:28:9f:32:a0:c9:1c:71:6e:62:b7:e4:
                    e0:7f:d6:40:fa:66:89:72:2a:a6:dc:0c:63:7c:bd:
                    53:71:f1:74:2f:67:4d:10:2c:f6:39:bc:a8:88:a1:
                    51:1b:d5:4c:90:0d:53:82:9e:9a:5b:48:08:b3:4a:
                    86:90:ed:cf:74:ab:bd:bf:22:95:5f:89:c4:13:c2:
                    0e:1f:fb:64:ba:2d:8b:be:4a:aa:5b:cd:71:c4:a4:
                    15:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:C0:63:B2:51:F9:11:1A:A6:AA:95:35:51:2C:E4:31:D8:64:12:32
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/icBjslH5ERqmqpU1USzkMdhkEjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:0e:38:04:b6:a6:90:36:37:33:96:86:8c:90:30:7d:38:68:
         bb:7b:69:45:30:52:6c:e5:47:9b:5a:8a:de:52:79:ab:2e:ce:
         32:9c:78:72:19:00:27:fd:65:bf:f4:fb:41:87:e6:66:e4:c0:
         b0:e5:82:ba:5a:f7:05:18:a5:ec:3d:52:00:be:e3:19:d2:30:
         5d:14:41:77:f8:fc:87:87:cd:ef:1b:88:7d:cd:45:cd:21:d4:
         2a:d6:85:74:43:41:66:22:58:37:c8:d9:ca:0b:7d:01:0a:b9:
         11:72:e0:62:a9:e2:fc:f9:12:bb:15:db:74:ee:74:7c:ac:0b:
         13:2d:5f:e4:4d:de:da:af:72:32:72:d5:7c:00:e8:b8:87:37:
         ad:45:3e:ad:81:82:3b:82:b7:49:5d:5b:1e:33:15:28:08:65:
         84:74:a7:c1:70:3d:1c:06:a1:b9:04:d0:46:0b:db:52:d7:4d:
         79:4d:25:41:49:2e:0c:11:00:85:37:7b:31:ec:7e:f5:9d:e7:
         43:78:c4:2e:b3:a5:5e:c9:0d:e6:de:8b:2f:24:2c:2b:3f:9f:
         d7:21:fd:65:de:ac:27:81:ba:79:79:4e:70:0e:e1:97:36:f8:
         31:f3:c4:2a:f0:19:99:e1:ac:ad:01:33:82:d9:16:d5:9b:3e:
         37:5c:d4:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x4/a1Tr41xTzri9SBkCUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjYwMTAxMTgxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWMwNjNiMjUxZjkxMTFhYTZhYTk1MzU1MTJjZTQzMWQ4NjQxMjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXsQZDFQE10w2431nu8SRkvt28+H
z2Z0spV9iBlzarGMkgl/3NbXtmhIggETvDRmyrH8dRfAIoYdob9x1nu7lrFzIoK+
eZ/8StHs+q3bBoH9qreKrPb2plX4VYpO4SF81h2oJoMTUy7EwF6YUb18PCwqtGVU
yZdh58xCXV3p1cwPXcCRI129HlDmsUT6uyURuhQB8+xIGIWdeiMxQrj9v13BlsUz
g/E5KJ8yoMkccW5it+Tgf9ZA+maJciqm3AxjfL1TcfF0L2dNECz2ObyoiKFRG9VM
kA1Tgp6aW0gIs0qGkO3PdKu9vyKVX4nEE8IOH/tkui2LvkqqW81xxKQVsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInAY7JR+REapqqVNVEs5DHYZBIyMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvaWNCanNsSDVFUnFtcXBVMVVTemtNZGhrRWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbegFMA0G
CSqGSIb3DQEBCwUAA4IBAQA4DjgEtqaQNjczloaMkDB9OGi7e2lFMFJs5UebWore
UnmrLs4ynHhyGQAn/WW/9PtBh+Zm5MCw5YK6WvcFGKXsPVIAvuMZ0jBdFEF3+PyH
h83vG4h9zUXNIdQq1oV0Q0FmIlg3yNnKC30BCrkRcuBiqeL8+RK7Fdt07nR8rAsT
LV/kTd7ar3IyctV8AOi4hzetRT6tgYI7grdJXVseMxUoCGWEdKfBcD0cBqG5BNBG
C9tS1015TSVBSS4MEQCFN3sx7H71nedDeMQus6VeyQ3m3osvJCwrP5/XIf1l3qwn
gbp5eU5wDuGXNvgx88Qq8BmZ4aytATOC2RbVmz43XNR+
-----END CERTIFICATE-----