This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nu5qc3FurPA7ene0-Ao16QprmLc.roa
File:                     nu5qc3FurPA7ene0-Ao16QprmLc.roa (raw, json)
Hash identifier:          jAdY6e3psk45qZp7fo2Mwz+KQFyicWuxyaHfYwP1ULM=
Subject key identifier:   9E:EE:6A:73:71:6E:AC:F0:3B:7A:77:B4:F8:0A:35:E9:0A:6B:98:B7
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       019B78A31A62A1BF20E5654D8057B098A27B
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nu5qc3FurPA7ene0-Ao16QprmLc.roa
Signing time:             Thu 01 Jan 2026 08:18:33 +0000
ROA not before:           Thu 01 Jan 2026 08:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210223
IP address blocks:        212.113.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:1a:62:a1:bf:20:e5:65:4d:80:57:b0:98:a2:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 08:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9eee6a73716eacf03b7a77b4f80a35e90a6b98b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8a:e1:55:30:a8:e4:cf:ed:41:21:97:6a:c6:
                    d8:49:23:3a:89:b7:bf:42:36:6e:ac:18:50:2b:ec:
                    48:25:8e:e5:78:62:49:6f:4c:46:e9:de:5a:6e:6a:
                    97:29:e7:9e:88:4d:e3:f7:bf:19:46:0f:75:d9:f6:
                    5f:1f:b7:21:eb:d9:94:3a:25:a4:a8:ea:c7:5a:68:
                    8f:f0:e6:10:08:e9:27:ab:18:12:ac:72:5c:86:a6:
                    22:9c:1c:d2:9c:2a:6b:c6:f9:fb:3d:42:66:aa:65:
                    a2:f0:76:c6:b3:1e:ae:e6:35:6a:7e:ce:1d:ed:45:
                    c3:a8:de:03:f7:78:c1:88:53:42:1d:20:a6:33:73:
                    71:58:d1:b0:65:ca:a4:2b:85:c6:29:10:53:91:a3:
                    fe:64:3f:e5:22:d7:53:42:7b:7f:92:3e:76:bd:de:
                    67:10:2a:59:87:0d:aa:df:21:d8:ef:3f:55:09:f6:
                    4f:a0:ce:c7:b0:99:93:d9:1d:b2:08:33:55:24:32:
                    5d:b0:3b:c5:6d:04:06:e7:00:07:f1:87:e1:70:c6:
                    4c:7d:37:dd:35:79:8c:11:28:fd:a5:d9:ce:f2:56:
                    03:a8:70:64:a9:67:43:20:30:7e:39:d9:cd:f0:08:
                    86:62:0a:8a:b0:7f:92:1b:4a:c7:8a:82:31:40:b5:
                    ef:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EE:6A:73:71:6E:AC:F0:3B:7A:77:B4:F8:0A:35:E9:0A:6B:98:B7
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nu5qc3FurPA7ene0-Ao16QprmLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:a6:c9:48:66:ce:cf:df:08:66:51:76:63:f1:c5:a2:ca:d7:
         ca:31:93:d8:7a:51:d9:7b:7e:b3:d9:65:a2:b0:29:c9:87:0e:
         3b:e4:1f:54:a7:cc:51:54:8e:84:fd:07:b5:50:9c:52:5f:56:
         8b:66:e6:ca:f2:b5:b0:86:9f:93:3f:00:18:34:44:38:7f:d0:
         bc:8e:c0:19:2c:31:ec:79:dc:cf:ef:f9:a9:37:69:cf:08:d1:
         72:71:ef:06:a6:27:63:12:99:77:9e:1c:ae:95:de:84:7b:9a:
         1c:a0:13:3d:eb:7f:6f:e0:c5:65:bb:e0:de:da:f8:f0:ed:2e:
         89:ce:ce:d2:65:65:a3:56:08:5a:37:97:9e:42:8c:ee:46:3e:
         18:7c:aa:8d:30:be:39:49:84:51:f3:4a:1f:59:75:c0:46:68:
         88:1f:87:cc:b0:97:6f:76:e4:7f:67:b9:31:85:c5:34:f7:44:
         48:c2:e8:ce:58:61:ae:6f:38:6a:6e:d2:16:8b:87:ad:5a:81:
         e9:e3:ff:3b:50:2e:b6:35:65:b4:92:15:b3:5c:2a:7e:f0:2a:
         ea:02:86:2b:a8:c4:14:3f:86:3c:25:7b:55:a6:a3:5a:a3:fa:
         79:f7:e0:09:24:09:b1:a5:45:9f:a3:f0:b4:5d:c2:87:c5:b9:
         c7:30:e8:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oxpiob8g5WVNgFewmKJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjYwMTAxMDgxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWVlNmE3MzcxNmVhY2YwM2I3YTc3YjRmODBhMzVlOTBhNmI5OGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4rhVTCo5M/tQSGXasbYSSM6ibe/
QjZurBhQK+xIJY7leGJJb0xG6d5abmqXKeeeiE3j978ZRg912fZfH7ch69mUOiWk
qOrHWmiP8OYQCOknqxgSrHJchqYinBzSnCprxvn7PUJmqmWi8HbGsx6u5jVqfs4d
7UXDqN4D93jBiFNCHSCmM3NxWNGwZcqkK4XGKRBTkaP+ZD/lItdTQnt/kj52vd5n
ECpZhw2q3yHY7z9VCfZPoM7HsJmT2R2yCDNVJDJdsDvFbQQG5wAH8YfhcMZMfTfd
NXmMESj9pdnO8lYDqHBkqWdDIDB+OdnN8AiGYgqKsH+SG0rHioIxQLXv6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7uanNxbqzwO3p3tPgKNekKa5i3MB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvbnU1cWMzRnVyUEE3ZW5lMC1BbzE2UXBybUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HFvMA0G
CSqGSIb3DQEBCwUAA4IBAQA6pslIZs7P3whmUXZj8cWiytfKMZPYelHZe36z2WWi
sCnJhw475B9Up8xRVI6E/Qe1UJxSX1aLZubK8rWwhp+TPwAYNEQ4f9C8jsAZLDHs
edzP7/mpN2nPCNFyce8GpidjEpl3nhyuld6Ee5ocoBM9639v4MVlu+De2vjw7S6J
zs7SZWWjVghaN5eeQozuRj4YfKqNML45SYRR80ofWXXARmiIH4fMsJdvduR/Z7kx
hcU090RIwujOWGGubzhqbtIWi4etWoHp4/87UC62NWW0khWzXCp+8CrqAoYrqMQU
P4Y8JXtVpqNao/p59+AJJAmxpUWfo/C0XcKHxbnHMOj8
-----END CERTIFICATE-----