This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/jKCgpxt1ADjjHAE5Am2jfuifPn8.roa
File:                     jKCgpxt1ADjjHAE5Am2jfuifPn8.roa (raw, json)
Hash identifier:          XeGQ/DX/ECCSWySWuH3BuJMwUzvEFlXF4fBqBfaoS58=
Subject key identifier:   8C:A0:A0:A7:1B:75:00:38:E3:1C:01:39:02:6D:A3:7E:E8:9F:3E:7F
Certificate issuer:       /CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Certificate serial:       019B79EBB8E25756E26BDEBB9E27591ACA43
Authority key identifier: 9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/jKCgpxt1ADjjHAE5Am2jfuifPn8.roa
Signing time:             Thu 01 Jan 2026 14:17:29 +0000
ROA not before:           Thu 01 Jan 2026 14:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60334
IP address blocks:        31.128.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:b8:e2:57:56:e2:6b:de:bb:9e:27:59:1a:ca:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ff1503210fe06ed35490b0231dbdb5967e12987
        Validity
            Not Before: Jan  1 14:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ca0a0a71b750038e31c0139026da37ee89f3e7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4a:36:d7:6a:f7:7e:52:63:6c:1b:18:63:1a:
                    b8:fb:b6:23:ea:2f:58:c6:43:c5:51:e8:92:00:01:
                    20:16:1c:4c:88:80:53:fc:b8:f2:4c:fb:9d:58:82:
                    ca:a4:c0:f3:b5:cd:46:ea:b8:ce:27:5b:0b:7e:4c:
                    2e:5b:b2:66:d8:16:9f:00:4c:9d:bb:16:f3:0b:f4:
                    b1:c3:86:82:39:d8:c4:4b:34:85:6f:8e:37:4e:f8:
                    29:a8:e6:08:72:45:f1:56:ae:59:10:98:61:35:d5:
                    c8:9c:6f:b1:d9:0c:46:ab:a5:ce:f7:8b:bb:f9:fe:
                    8a:96:f2:6c:1e:19:e1:b2:41:6a:4e:cf:65:d3:2d:
                    07:81:38:fe:b2:0d:d6:f7:2e:95:0f:eb:ef:46:26:
                    62:97:34:c7:27:7e:3e:22:a9:51:3f:f0:d2:c9:b4:
                    e7:de:f2:84:50:12:11:33:4c:52:77:0d:c9:82:0b:
                    68:a6:e3:88:0e:ae:87:cc:24:16:d5:cd:00:6b:63:
                    d6:c8:7c:6b:2c:36:c0:a1:a6:a4:e1:b7:4e:43:32:
                    a4:3d:8d:16:c7:31:ab:76:12:16:a9:5f:fd:2c:f2:
                    9b:6d:a1:26:03:4c:4a:92:96:ee:49:b2:d8:3d:6c:
                    5c:7d:0b:32:c8:84:fa:a5:5e:b4:0c:63:ad:25:d9:
                    1a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A0:A0:A7:1B:75:00:38:E3:1C:01:39:02:6D:A3:7E:E8:9F:3E:7F
            X509v3 Authority Key Identifier:
                keyid:9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/jKCgpxt1ADjjHAE5Am2jfuifPn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:93:d7:4a:7e:d5:b7:8a:bb:0a:06:34:c3:ef:2f:35:67:e3:
         94:7e:0b:fa:02:2e:f4:7c:e5:75:e2:63:47:b3:e9:68:45:56:
         96:13:e6:eb:d5:db:6c:37:9b:5d:68:1c:fc:08:94:8c:c1:47:
         dd:2b:f9:23:5b:d3:66:6b:15:c8:c4:09:ef:9c:9c:80:51:26:
         84:eb:88:12:ef:3c:5f:36:a0:25:0a:c8:31:f3:0b:e0:e5:c0:
         59:37:9d:fb:3f:55:a8:3d:09:15:72:11:a7:d2:33:88:93:b1:
         d8:46:0d:58:93:8a:13:d3:9b:8a:f4:23:e1:9b:c0:f0:2b:7a:
         6d:21:f9:d2:5b:c8:3b:53:d2:52:9a:19:1a:b2:50:99:56:f1:
         1c:4a:cc:76:af:7a:32:31:2d:04:e3:54:87:2b:48:14:1e:af:
         ef:91:06:97:46:c9:32:3c:b1:d7:70:d4:65:f5:f9:d1:c9:34:
         cd:9f:13:a7:1b:71:d9:f6:c4:7d:83:22:fb:b3:8a:3b:51:43:
         53:c9:70:fe:19:da:58:80:29:03:c6:c5:44:da:4a:c3:75:35:
         ab:64:79:ca:b2:54:06:2f:b6:83:9d:cb:68:9d:5d:4d:ce:4d:
         1d:5b:d2:c9:3f:d5:a4:67:24:6d:f7:0f:a3:62:69:c7:cc:5c:
         32:3b:27:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt567jiV1bia967nidZGspDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjE1MDMyMTBmZTA2ZWQzNTQ5MGIwMjMxZGJkYjU5Njdl
MTI5ODcwHhcNMjYwMTAxMTQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2EwYTBhNzFiNzUwMDM4ZTMxYzAxMzkwMjZkYTM3ZWU4OWYzZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Eo212r3flJjbBsYYxq4+7Yj6i9Y
xkPFUeiSAAEgFhxMiIBT/LjyTPudWILKpMDztc1G6rjOJ1sLfkwuW7Jm2BafAEyd
uxbzC/Sxw4aCOdjESzSFb443TvgpqOYIckXxVq5ZEJhhNdXInG+x2QxGq6XO94u7
+f6KlvJsHhnhskFqTs9l0y0HgTj+sg3W9y6VD+vvRiZilzTHJ34+IqlRP/DSybTn
3vKEUBIRM0xSdw3JggtopuOIDq6HzCQW1c0Aa2PWyHxrLDbAoaak4bdOQzKkPY0W
xzGrdhIWqV/9LPKbbaEmA0xKkpbuSbLYPWxcfQsyyIT6pV60DGOtJdkaBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIygoKcbdQA44xwBOQJto37onz5/MB8GA1UdIwQY
MBaAFJ/xUDIQ/gbtNUkLAjHb21ln4SmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAt
NDYzMjJlMDJmMDhkLzEvaktDZ3B4dDFBRGpqSEFFNUFtMmpmdWlmUG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAtNDYzMjJlMDJmMDhk
LzEvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4C3MA0G
CSqGSIb3DQEBCwUAA4IBAQDAk9dKftW3irsKBjTD7y81Z+OUfgv6Ai70fOV14mNH
s+loRVaWE+br1dtsN5tdaBz8CJSMwUfdK/kjW9NmaxXIxAnvnJyAUSaE64gS7zxf
NqAlCsgx8wvg5cBZN537P1WoPQkVchGn0jOIk7HYRg1Yk4oT05uK9CPhm8DwK3pt
IfnSW8g7U9JSmhkaslCZVvEcSsx2r3oyMS0E41SHK0gUHq/vkQaXRskyPLHXcNRl
9fnRyTTNnxOnG3HZ9sR9gyL7s4o7UUNTyXD+GdpYgCkDxsVE2krDdTWrZHnKslQG
L7aDnctonV1Nzk0dW9LJP9WkZyRt9w+jYmnHzFwyOydh
-----END CERTIFICATE-----