This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/nYvqn5kV5F9eabpIomemvJsL_Qg.roa
File:                     nYvqn5kV5F9eabpIomemvJsL_Qg.roa (raw, json)
Hash identifier:          V5VSGZcEQmaqLWAdKNhlKguBGH4P4kr/kPeIkQ2hxfM=
Subject key identifier:   9D:8B:EA:9F:99:15:E4:5F:5E:69:BA:48:A2:67:A6:BC:9B:0B:FD:08
Certificate issuer:       /CN=606d37cf87f12f2ab2def31380c386b826c19d65
Certificate serial:       019B7B3622835795F67387DF7E4EFDE10B34
Authority key identifier: 60:6D:37:CF:87:F1:2F:2A:B2:DE:F3:13:80:C3:86:B8:26:C1:9D:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YG03z4fxLyqy3vMTgMOGuCbBnWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/nYvqn5kV5F9eabpIomemvJsL_Qg.roa
Signing time:             Thu 01 Jan 2026 20:18:23 +0000
ROA not before:           Thu 01 Jan 2026 20:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199936
IP address blocks:        31.131.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/YG03z4fxLyqy3vMTgMOGuCbBnWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/YG03z4fxLyqy3vMTgMOGuCbBnWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YG03z4fxLyqy3vMTgMOGuCbBnWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:22:83:57:95:f6:73:87:df:7e:4e:fd:e1:0b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606d37cf87f12f2ab2def31380c386b826c19d65
        Validity
            Not Before: Jan  1 20:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d8bea9f9915e45f5e69ba48a267a6bc9b0bfd08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b2:c5:a6:31:af:eb:ca:22:b6:0f:47:59:e2:
                    77:7b:32:e7:2f:8c:89:7f:7e:03:ae:a6:a5:af:df:
                    01:d7:e4:fc:45:12:78:d1:c9:4c:99:24:75:72:76:
                    b1:e8:b9:7e:3e:87:fb:41:88:d8:9e:af:ae:a1:22:
                    1f:e9:9b:09:aa:f0:9d:6a:94:e7:59:10:8f:a1:ad:
                    84:cb:f9:90:2d:9f:f2:bc:0a:32:8b:58:29:d7:f5:
                    8a:92:ce:58:dd:37:fa:00:ea:ae:d6:cd:f2:bc:17:
                    9f:c0:75:56:12:c7:77:4e:32:f7:41:e4:97:68:d5:
                    ac:5a:97:e0:93:a3:61:8f:ac:64:9d:c1:be:f5:fa:
                    bd:3c:e7:b0:c1:0b:9c:07:eb:de:65:a2:2e:49:90:
                    79:96:6e:42:6b:b4:52:72:86:53:cf:06:65:81:d6:
                    f9:52:ef:1d:c3:cf:92:76:af:43:b6:25:2d:7d:8b:
                    21:13:11:0c:29:c6:fc:c0:51:fb:ca:e0:9a:d1:0f:
                    19:73:36:8e:a1:7b:35:09:08:f7:56:3f:5a:03:8b:
                    17:9e:16:34:88:71:29:f0:84:9c:2b:62:ec:87:bb:
                    30:d0:c0:e4:be:e2:1a:5d:d2:03:7a:e5:fa:d2:b0:
                    0f:3e:21:a1:90:0a:e7:aa:74:01:93:85:4a:dd:ef:
                    ce:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:8B:EA:9F:99:15:E4:5F:5E:69:BA:48:A2:67:A6:BC:9B:0B:FD:08
            X509v3 Authority Key Identifier:
                keyid:60:6D:37:CF:87:F1:2F:2A:B2:DE:F3:13:80:C3:86:B8:26:C1:9D:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YG03z4fxLyqy3vMTgMOGuCbBnWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/nYvqn5kV5F9eabpIomemvJsL_Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/YG03z4fxLyqy3vMTgMOGuCbBnWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         d7:72:8b:65:2f:c0:ea:48:f5:7f:40:09:f6:47:1a:a1:e2:1f:
         06:17:fa:81:a3:bd:72:3f:7f:ed:61:8b:9e:cb:bd:d7:ae:7d:
         e8:ce:63:bd:37:a1:7b:e0:15:60:66:7b:3d:bf:cd:71:a4:31:
         a0:77:25:1e:cb:25:6f:6a:68:dc:b0:2f:1a:e4:40:87:35:81:
         71:1e:ca:66:19:36:fe:50:23:1f:b7:35:1e:98:44:73:cb:e4:
         1b:87:8b:86:d1:1c:ab:23:60:60:76:a5:0a:4c:b1:88:03:20:
         c1:08:11:32:c0:63:1e:c4:2e:d1:2a:51:b1:ed:51:c8:30:0b:
         5f:63:70:2b:5c:3f:62:33:85:80:cf:81:bc:0b:03:13:c6:72:
         9c:c2:d0:c6:da:b9:a0:6c:55:b4:60:db:75:39:19:47:02:77:
         99:9f:ec:8e:64:d5:82:82:6f:ff:90:c6:5b:eb:1d:b8:20:3d:
         dc:c1:f0:74:d5:d5:8e:25:19:99:e9:e8:1a:ee:b7:49:f0:2f:
         38:c9:30:40:66:f8:cc:38:9d:ef:51:ce:f8:5a:dc:0a:e5:e6:
         37:4b:91:e5:8b:ca:e0:10:58:d3:09:31:fb:7a:da:e4:d1:99:
         ae:d1:a0:7e:48:19:90:de:4e:f5:27:a0:60:4b:a0:5a:95:ba:
         7b:88:2a:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NiKDV5X2c4fffk794Qs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNmQzN2NmODdmMTJmMmFiMmRlZjMxMzgwYzM4NmI4MjZj
MTlkNjUwHhcNMjYwMTAxMjAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDhiZWE5Zjk5MTVlNDVmNWU2OWJhNDhhMjY3YTZiYzliMGJmZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLLFpjGv68oitg9HWeJ3ezLnL4yJ
f34Drqalr98B1+T8RRJ40clMmSR1cnax6Ll+Pof7QYjYnq+uoSIf6ZsJqvCdapTn
WRCPoa2Ey/mQLZ/yvAoyi1gp1/WKks5Y3Tf6AOqu1s3yvBefwHVWEsd3TjL3QeSX
aNWsWpfgk6Nhj6xkncG+9fq9POewwQucB+veZaIuSZB5lm5Ca7RScoZTzwZlgdb5
Uu8dw8+Sdq9DtiUtfYshExEMKcb8wFH7yuCa0Q8ZczaOoXs1CQj3Vj9aA4sXnhY0
iHEp8IScK2Lsh7sw0MDkvuIaXdIDeuX60rAPPiGhkArnqnQBk4VK3e/OuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2L6p+ZFeRfXmm6SKJnprybC/0IMB8GA1UdIwQY
MBaAFGBtN8+H8S8qst7zE4DDhrgmwZ1lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUcwM3o0ZnhMeXF5M3ZNVGdNT0d1Q2JCbldVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hMjBkNmEtOTFiYS00NDJmLTg5Mjct
ZGMwMDQzZTliYjRkLzEvbll2cW41a1Y1RjllYWJwSW9tZW12SnNMX1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hMjBkNmEtOTFiYS00NDJmLTg5MjctZGMwMDQzZTliYjRk
LzEvWUcwM3o0ZnhMeXF5M3ZNVGdNT0d1Q2JCbldVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEH4MwMA0G
CSqGSIb3DQEBCwUAA4IBAQDXcotlL8DqSPV/QAn2Rxqh4h8GF/qBo71yP3/tYYue
y73Xrn3ozmO9N6F74BVgZns9v81xpDGgdyUeyyVvamjcsC8a5ECHNYFxHspmGTb+
UCMftzUemERzy+Qbh4uG0RyrI2BgdqUKTLGIAyDBCBEywGMexC7RKlGx7VHIMAtf
Y3ArXD9iM4WAz4G8CwMTxnKcwtDG2rmgbFW0YNt1ORlHAneZn+yOZNWCgm//kMZb
6x24ID3cwfB01dWOJRmZ6ega7rdJ8C84yTBAZvjMOJ3vUc74WtwK5eY3S5Hli8rg
EFjTCTH7etrk0Zmu0aB+SBmQ3k71J6BgS6Balbp7iCqf
-----END CERTIFICATE-----