This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/XWBsB_cZ5qidLCmlV0HYPquJmRY.roa
File:                     XWBsB_cZ5qidLCmlV0HYPquJmRY.roa (raw, json)
Hash identifier:          K9lGKjaA0sTZUshIhYC2Vc0Nnn9645Zh7HW4fKMC9/I=
Subject key identifier:   5D:60:6C:07:F7:19:E6:A8:9D:2C:29:A5:57:41:D8:3E:AB:89:99:16
Certificate issuer:       /CN=1e80c5a70a236384054f3584915092c41714eed7
Certificate serial:       019B79ED26C9701713466252D70CFA6E9A07
Authority key identifier: 1E:80:C5:A7:0A:23:63:84:05:4F:35:84:91:50:92:C4:17:14:EE:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HoDFpwojY4QFTzWEkVCSxBcU7tc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/XWBsB_cZ5qidLCmlV0HYPquJmRY.roa
Signing time:             Thu 01 Jan 2026 14:19:03 +0000
ROA not before:           Thu 01 Jan 2026 14:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56624
IP address blocks:        31.133.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/HoDFpwojY4QFTzWEkVCSxBcU7tc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/HoDFpwojY4QFTzWEkVCSxBcU7tc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HoDFpwojY4QFTzWEkVCSxBcU7tc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:26:c9:70:17:13:46:62:52:d7:0c:fa:6e:9a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e80c5a70a236384054f3584915092c41714eed7
        Validity
            Not Before: Jan  1 14:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d606c07f719e6a89d2c29a55741d83eab899916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:6e:40:53:49:b4:ea:0c:bd:8f:a3:30:7f:91:
                    74:de:bb:82:99:fe:4f:3f:23:be:17:6c:01:cf:7c:
                    8e:2e:fb:93:04:46:e6:32:2a:cd:9d:d3:8c:a4:9d:
                    12:c1:6d:50:cc:95:95:9d:fc:a5:45:da:3b:66:1f:
                    94:8e:a9:a9:92:ec:3e:e9:6a:d0:5a:d1:4a:b9:2f:
                    c5:40:bc:c3:1e:ca:1a:cc:cd:9a:35:63:4f:f7:93:
                    6c:f8:6d:11:73:06:53:7c:bf:93:b6:db:c8:bc:ac:
                    51:bf:6f:e3:7e:61:a6:78:5f:59:21:33:7b:67:67:
                    9a:87:94:63:57:ed:57:8a:32:a4:8d:54:de:a4:29:
                    cb:ed:fd:11:4b:2b:22:1a:e4:6e:86:82:e3:8b:72:
                    c5:e9:95:38:9a:99:8c:47:a7:f1:1a:66:4a:9c:d4:
                    18:55:97:7d:90:9d:9c:8f:64:2e:10:3a:74:66:05:
                    a4:f6:45:16:3d:4a:76:11:80:e9:72:fc:90:55:e9:
                    02:56:51:6f:21:7c:a4:40:dd:7a:f1:ed:d9:94:47:
                    7d:42:b2:bd:f6:81:4e:f9:20:de:c3:d5:d0:7c:79:
                    d6:16:23:ab:d3:0b:89:f1:00:6d:a9:4f:06:6e:bc:
                    8d:ac:db:48:24:6c:64:a6:1d:7c:2a:8e:cb:dc:b6:
                    ab:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:60:6C:07:F7:19:E6:A8:9D:2C:29:A5:57:41:D8:3E:AB:89:99:16
            X509v3 Authority Key Identifier:
                keyid:1E:80:C5:A7:0A:23:63:84:05:4F:35:84:91:50:92:C4:17:14:EE:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HoDFpwojY4QFTzWEkVCSxBcU7tc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/XWBsB_cZ5qidLCmlV0HYPquJmRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/cfcb09-0f50-4f1b-873e-661631bba953/1/HoDFpwojY4QFTzWEkVCSxBcU7tc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:c3:ac:ac:66:90:0e:86:d3:d1:ad:c4:73:9d:2a:56:94:ad:
         d1:53:57:09:ef:a6:ab:22:06:41:18:7c:6c:b8:56:c9:38:da:
         d0:46:b4:76:9e:1f:64:a7:dd:fc:84:1b:bc:0e:4a:bb:2e:69:
         9c:0e:91:a0:29:fe:90:27:5a:4d:d9:b3:60:2e:7c:2a:ea:8c:
         15:31:71:42:66:38:58:b2:72:dd:0a:83:23:ab:9b:62:15:62:
         8d:fc:64:2e:82:ca:a5:f2:9f:4c:50:a1:ec:a8:9b:b7:76:5f:
         35:51:06:b9:90:f4:32:a1:2a:2d:f8:b0:9a:ce:d2:94:bf:5c:
         bb:8e:7b:ad:d1:0c:2d:89:00:a1:50:ca:a6:d9:eb:f0:1d:cf:
         af:c7:94:07:3b:37:14:b0:1c:37:10:76:10:6a:7a:1f:00:6b:
         b7:72:d7:e5:2f:3a:4b:d5:00:72:c4:76:76:75:33:07:7e:17:
         80:4d:04:ac:a6:b6:9f:ac:66:ab:b4:bc:e7:ca:a7:4c:f4:a9:
         67:84:d8:25:a8:6e:32:d1:82:ca:8c:d2:f0:0b:f5:03:b5:c6:
         dc:ee:df:5a:05:f7:69:32:4d:45:c4:6d:60:ff:b2:8b:ba:b4:
         b0:c4:b3:b4:fc:dd:64:fd:82:cf:40:99:40:04:6e:a7:85:d6:
         44:df:55:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57SbJcBcTRmJS1wz6bpoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlODBjNWE3MGEyMzYzODQwNTRmMzU4NDkxNTA5MmM0MTcx
NGVlZDcwHhcNMjYwMTAxMTQxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDYwNmMwN2Y3MTllNmE4OWQyYzI5YTU1NzQxZDgzZWFiODk5OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7m5AU0m06gy9j6Mwf5F03ruCmf5P
PyO+F2wBz3yOLvuTBEbmMirNndOMpJ0SwW1QzJWVnfylRdo7Zh+Ujqmpkuw+6WrQ
WtFKuS/FQLzDHsoazM2aNWNP95Ns+G0RcwZTfL+TttvIvKxRv2/jfmGmeF9ZITN7
Z2eah5RjV+1XijKkjVTepCnL7f0RSysiGuRuhoLji3LF6ZU4mpmMR6fxGmZKnNQY
VZd9kJ2cj2QuEDp0ZgWk9kUWPUp2EYDpcvyQVekCVlFvIXykQN168e3ZlEd9QrK9
9oFO+SDew9XQfHnWFiOr0wuJ8QBtqU8GbryNrNtIJGxkph18Ko7L3LarmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1gbAf3GeaonSwppVdB2D6riZkWMB8GA1UdIwQY
MBaAFB6AxacKI2OEBU81hJFQksQXFO7XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG9ERnB3b2pZNFFGVHpXRWtWQ1N4QmNVN3RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9jZmNiMDktMGY1MC00ZjFiLTg3M2Ut
NjYxNjMxYmJhOTUzLzEvWFdCc0JfY1o1cWlkTENtbFYwSFlQcXVKbVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9jZmNiMDktMGY1MC00ZjFiLTg3M2UtNjYxNjMxYmJhOTUz
LzEvSG9ERnB3b2pZNFFGVHpXRWtWQ1N4QmNVN3RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH4UIMA0G
CSqGSIb3DQEBCwUAA4IBAQBnw6ysZpAOhtPRrcRznSpWlK3RU1cJ76arIgZBGHxs
uFbJONrQRrR2nh9kp938hBu8Dkq7LmmcDpGgKf6QJ1pN2bNgLnwq6owVMXFCZjhY
snLdCoMjq5tiFWKN/GQugsql8p9MUKHsqJu3dl81UQa5kPQyoSot+LCaztKUv1y7
jnut0QwtiQChUMqm2evwHc+vx5QHOzcUsBw3EHYQanofAGu3ctflLzpL1QByxHZ2
dTMHfheATQSsprafrGartLznyqdM9KlnhNglqG4y0YLKjNLwC/UDtcbc7t9aBfdp
Mk1FxG1g/7KLurSwxLO0/N1k/YLPQJlABG6nhdZE31UB
-----END CERTIFICATE-----