This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/8d3c3b-6069-4cd1-89b1-cec35c453c5e/1/xE7QTqbNdhn5gknQPHHkIzofK-E.roa
File:                     xE7QTqbNdhn5gknQPHHkIzofK-E.roa (raw, json)
Hash identifier:          llDvi2taRSF2NctjRtmwTyGFIoc+gbx6y6MnqNFwqu8=
Subject key identifier:   C4:4E:D0:4E:A6:CD:76:19:F9:82:49:D0:3C:71:E4:23:3A:1F:2B:E1
Certificate issuer:       /CN=2eb9709ef31b75d68e2208aabf2a2c3c3d876fc1
Certificate serial:       019B7EA527038815351A688D70E116F44CFD
Authority key identifier: 2E:B9:70:9E:F3:1B:75:D6:8E:22:08:AA:BF:2A:2C:3C:3D:87:6F:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LrlwnvMbddaOIgiqvyosPD2Hb8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/8d3c3b-6069-4cd1-89b1-cec35c453c5e/1/xE7QTqbNdhn5gknQPHHkIzofK-E.roa
Signing time:             Fri 02 Jan 2026 12:18:31 +0000
ROA not before:           Fri 02 Jan 2026 12:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44806
IP address blocks:        31.24.112.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/8d3c3b-6069-4cd1-89b1-cec35c453c5e/1/LrlwnvMbddaOIgiqvyosPD2Hb8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/8d3c3b-6069-4cd1-89b1-cec35c453c5e/1/LrlwnvMbddaOIgiqvyosPD2Hb8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LrlwnvMbddaOIgiqvyosPD2Hb8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:27:03:88:15:35:1a:68:8d:70:e1:16:f4:4c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eb9709ef31b75d68e2208aabf2a2c3c3d876fc1
        Validity
            Not Before: Jan  2 12:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c44ed04ea6cd7619f98249d03c71e4233a1f2be1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d5:f5:2b:4c:05:a7:21:b1:d2:5d:9d:74:f1:
                    f3:91:86:0f:53:03:fb:29:e9:be:e4:de:98:51:b7:
                    97:eb:58:10:65:b6:dc:10:17:ad:77:77:8f:d8:c1:
                    13:0b:80:6d:44:55:02:b6:f9:e7:94:8d:32:4e:ee:
                    aa:04:a1:40:4e:d8:06:54:7b:b0:a6:f2:95:13:3c:
                    94:38:89:db:56:1f:3a:79:96:08:f8:4c:ce:19:b3:
                    e8:a7:44:01:30:65:f8:48:16:99:75:2a:c4:36:12:
                    30:1c:37:4e:76:2c:1d:8f:a6:b8:22:77:79:03:3e:
                    ff:4f:58:ea:19:f6:fc:30:17:29:79:35:19:61:f2:
                    32:d2:70:f8:7c:a7:46:30:9a:06:96:66:01:7a:2e:
                    5c:a6:3f:d3:7a:c6:e5:ee:46:9c:11:00:95:25:15:
                    21:45:f2:05:39:e8:5b:6e:e0:71:e6:d7:98:71:20:
                    c1:e3:33:6a:a6:0f:48:8b:21:04:c5:64:7a:37:80:
                    3d:bd:85:12:34:77:f2:91:58:21:f8:d2:96:19:60:
                    05:5d:9f:e1:bb:6b:6b:85:d8:97:18:99:f2:ab:62:
                    6b:2d:7f:f1:78:c6:cc:fd:90:52:b2:a5:e1:1b:11:
                    46:3a:bd:0f:a0:63:ff:2e:d8:26:29:17:e6:4c:e4:
                    a5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:4E:D0:4E:A6:CD:76:19:F9:82:49:D0:3C:71:E4:23:3A:1F:2B:E1
            X509v3 Authority Key Identifier:
                keyid:2E:B9:70:9E:F3:1B:75:D6:8E:22:08:AA:BF:2A:2C:3C:3D:87:6F:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LrlwnvMbddaOIgiqvyosPD2Hb8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8d3c3b-6069-4cd1-89b1-cec35c453c5e/1/xE7QTqbNdhn5gknQPHHkIzofK-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8d3c3b-6069-4cd1-89b1-cec35c453c5e/1/LrlwnvMbddaOIgiqvyosPD2Hb8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:3a:7d:d8:22:3e:43:c6:e0:4c:34:0a:13:0d:2d:7c:8f:a0:
         c8:e4:95:40:e5:b0:ac:9c:75:8d:90:ed:e6:cb:58:97:31:f2:
         e5:e2:19:14:01:d5:fb:4f:ca:ad:d0:12:5d:06:7c:02:86:1e:
         09:d7:b9:ff:fe:28:15:7e:c0:d4:c9:7d:8c:12:92:7d:24:e3:
         e9:19:2e:20:24:cc:57:de:2d:64:ba:b3:f1:e1:e7:c2:d7:cd:
         02:5e:3a:29:65:29:50:48:f9:41:ba:54:96:8c:ed:5e:d9:10:
         45:88:b6:2c:62:e2:9c:45:2b:9f:9a:39:b2:af:43:75:d3:4c:
         59:84:e6:02:6b:26:bf:3b:73:0b:65:cd:ee:1c:de:d5:53:2e:
         77:6d:76:52:c9:ef:51:2f:6f:00:e2:07:5d:97:02:50:fc:96:
         c7:46:a3:38:34:19:09:b1:7a:3e:93:30:21:a4:39:f0:f4:90:
         6f:f2:eb:83:64:2d:37:0a:76:51:ab:08:1b:b4:1d:3e:cc:0e:
         3f:1f:35:66:04:4a:7c:7b:af:77:9f:f0:22:77:38:a9:89:0b:
         71:e9:96:07:77:c0:e4:c9:47:fc:a1:10:3a:70:6e:ce:71:a1:
         6b:e1:3c:1f:90:59:93:30:47:f4:f1:4b:ca:04:64:0e:87:e6:
         ad:71:c7:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pScDiBU1GmiNcOEW9Ez9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYjk3MDllZjMxYjc1ZDY4ZTIyMDhhYWJmMmEyYzNjM2Q4
NzZmYzEwHhcNMjYwMTAyMTIxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRlZDA0ZWE2Y2Q3NjE5Zjk4MjQ5ZDAzYzcxZTQyMzNhMWYyYmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9X1K0wFpyGx0l2ddPHzkYYPUwP7
Kem+5N6YUbeX61gQZbbcEBetd3eP2METC4BtRFUCtvnnlI0yTu6qBKFATtgGVHuw
pvKVEzyUOInbVh86eZYI+EzOGbPop0QBMGX4SBaZdSrENhIwHDdOdiwdj6a4Ind5
Az7/T1jqGfb8MBcpeTUZYfIy0nD4fKdGMJoGlmYBei5cpj/Tesbl7kacEQCVJRUh
RfIFOehbbuBx5teYcSDB4zNqpg9IiyEExWR6N4A9vYUSNHfykVgh+NKWGWAFXZ/h
u2trhdiXGJnyq2JrLX/xeMbM/ZBSsqXhGxFGOr0PoGP/LtgmKRfmTOSlYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRO0E6mzXYZ+YJJ0Dxx5CM6HyvhMB8GA1UdIwQY
MBaAFC65cJ7zG3XWjiIIqr8qLDw9h2/BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHJsd252TWJkZGFPSWdpcXZ5b3NQRDJIYjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84ZDNjM2ItNjA2OS00Y2QxLTg5YjEt
Y2VjMzVjNDUzYzVlLzEveEU3UVRxYk5kaG41Z2tuUVBISGtJem9mSy1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84ZDNjM2ItNjA2OS00Y2QxLTg5YjEtY2VjMzVjNDUzYzVl
LzEvTHJsd252TWJkZGFPSWdpcXZ5b3NQRDJIYjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDHxhwMA0G
CSqGSIb3DQEBCwUAA4IBAQBkOn3YIj5DxuBMNAoTDS18j6DI5JVA5bCsnHWNkO3m
y1iXMfLl4hkUAdX7T8qt0BJdBnwChh4J17n//igVfsDUyX2MEpJ9JOPpGS4gJMxX
3i1kurPx4efC180CXjopZSlQSPlBulSWjO1e2RBFiLYsYuKcRSufmjmyr0N100xZ
hOYCaya/O3MLZc3uHN7VUy53bXZSye9RL28A4gddlwJQ/JbHRqM4NBkJsXo+kzAh
pDnw9JBv8uuDZC03CnZRqwgbtB0+zA4/HzVmBEp8e693n/AidzipiQtx6ZYHd8Dk
yUf8oRA6cG7OcaFr4TwfkFmTMEf08UvKBGQOh+atcces
-----END CERTIFICATE-----