This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/fu5IU6WPn0sEdH25PEGyzdNdz6I.roa
File:                     fu5IU6WPn0sEdH25PEGyzdNdz6I.roa (raw, json)
Hash identifier:          rpHbI6eXYfZK0TKPt9cYIkKp4IE4pJ5rN76FJYrTRkc=
Subject key identifier:   7E:EE:48:53:A5:8F:9F:4B:04:74:7D:B9:3C:41:B2:CD:D3:5D:CF:A2
Certificate issuer:       /CN=92d9089a8e328d32d6de16d7da257b811b05239d
Certificate serial:       019B78354BE61680A4F10EC5A1E515AAC0A5
Authority key identifier: 92:D9:08:9A:8E:32:8D:32:D6:DE:16:D7:DA:25:7B:81:1B:05:23:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/fu5IU6WPn0sEdH25PEGyzdNdz6I.roa
Signing time:             Thu 01 Jan 2026 06:18:37 +0000
ROA not before:           Thu 01 Jan 2026 06:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        31.14.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:4b:e6:16:80:a4:f1:0e:c5:a1:e5:15:aa:c0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d9089a8e328d32d6de16d7da257b811b05239d
        Validity
            Not Before: Jan  1 06:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7eee4853a58f9f4b04747db93c41b2cdd35dcfa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b9:f3:59:09:85:3e:f8:56:9f:2e:eb:55:09:
                    65:b6:73:54:69:59:6b:de:63:78:2f:17:7d:ee:48:
                    e0:d6:48:e3:1d:d2:69:e8:2c:68:fc:89:89:95:16:
                    dd:5d:d4:5c:e0:89:91:9a:48:5e:d1:92:7f:6b:94:
                    1e:18:e3:5e:2f:37:90:b0:bb:59:4a:5e:c4:56:97:
                    0c:95:b7:2f:12:74:f4:10:30:a4:aa:b6:48:10:bd:
                    bf:83:ee:67:a7:03:07:37:87:3b:b2:7f:bb:26:66:
                    67:0c:af:f9:06:c6:63:f5:c9:bd:ff:5c:4f:bd:4a:
                    0f:6d:60:00:1d:7e:e1:70:2c:fb:0b:22:01:2c:81:
                    f1:02:93:70:04:a9:89:30:e8:21:a5:60:66:94:de:
                    e7:b7:eb:32:61:a9:6b:ef:b0:1d:51:d3:8c:d7:0d:
                    9f:4b:06:aa:e1:cf:e3:c1:c9:9d:e7:15:ba:4c:bf:
                    f4:6f:c6:11:3b:27:d6:18:d6:53:88:6d:c4:4b:8e:
                    63:4f:49:be:de:db:3e:2f:25:10:b5:2d:a5:6e:8d:
                    8e:50:44:0e:55:76:7f:42:7c:c7:7b:7c:27:d5:44:
                    63:8d:30:1b:54:6f:8f:84:5d:7f:fd:82:5f:4e:26:
                    30:70:61:4b:a8:28:5c:e0:ae:22:c9:ab:fc:e8:fe:
                    81:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:EE:48:53:A5:8F:9F:4B:04:74:7D:B9:3C:41:B2:CD:D3:5D:CF:A2
            X509v3 Authority Key Identifier:
                keyid:92:D9:08:9A:8E:32:8D:32:D6:DE:16:D7:DA:25:7B:81:1B:05:23:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/fu5IU6WPn0sEdH25PEGyzdNdz6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:38:b2:85:6c:8c:5f:7e:bf:11:86:51:47:43:3b:42:aa:6e:
         17:fc:81:12:68:d6:25:1e:17:4b:aa:62:d3:a0:44:df:e3:64:
         ca:13:03:db:ef:2b:f1:32:1f:ba:40:a4:df:9f:e1:2f:44:aa:
         eb:ba:a4:ca:40:c8:d2:19:ed:13:58:b6:ba:04:37:16:6b:0c:
         fe:52:e3:72:cb:dd:a3:ac:88:dc:f9:c1:f0:f3:dd:51:62:04:
         f1:cc:99:f0:ad:0a:f7:14:77:4a:f5:26:f0:fd:62:c1:93:b8:
         0a:51:19:e4:5a:d4:15:74:96:b0:f3:80:d6:c2:35:f1:23:10:
         ef:ea:44:eb:f4:42:32:da:7d:63:07:be:6c:1f:2b:ca:08:af:
         f7:43:d1:c5:51:5e:6e:f0:b4:f2:ee:12:44:a3:6b:75:9d:a1:
         25:31:b7:bf:17:23:c4:12:71:e4:de:76:16:7c:0d:17:5c:7b:
         0c:0d:3c:90:c3:13:43:fc:5b:0a:9a:a7:52:ae:0e:1f:e6:34:
         de:14:21:d4:e4:04:4c:95:63:7e:7c:e4:98:90:32:0b:cd:92:
         8a:48:31:e6:90:05:b6:93:bb:eb:90:68:f2:49:5b:fd:8b:bb:
         5d:ca:15:42:6a:0e:3a:22:26:0c:97:30:12:04:89:fb:ad:8e:
         68:22:84:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUvmFoCk8Q7FoeUVqsClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDkwODlhOGUzMjhkMzJkNmRlMTZkN2RhMjU3YjgxMWIw
NTIzOWQwHhcNMjYwMTAxMDYxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWVlNDg1M2E1OGY5ZjRiMDQ3NDdkYjkzYzQxYjJjZGQzNWRjZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7nzWQmFPvhWny7rVQlltnNUaVlr
3mN4Lxd97kjg1kjjHdJp6Cxo/ImJlRbdXdRc4ImRmkhe0ZJ/a5QeGONeLzeQsLtZ
Sl7EVpcMlbcvEnT0EDCkqrZIEL2/g+5npwMHN4c7sn+7JmZnDK/5BsZj9cm9/1xP
vUoPbWAAHX7hcCz7CyIBLIHxApNwBKmJMOghpWBmlN7nt+syYalr77AdUdOM1w2f
Swaq4c/jwcmd5xW6TL/0b8YROyfWGNZTiG3ES45jT0m+3ts+LyUQtS2lbo2OUEQO
VXZ/QnzHe3wn1URjjTAbVG+PhF1//YJfTiYwcGFLqChc4K4iyav86P6BMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7uSFOlj59LBHR9uTxBss3TXc+iMB8GA1UdIwQY
MBaAFJLZCJqOMo0y1t4W19ole4EbBSOdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RrSW1vNHlqVExXM2hiWDJpVjdnUnNGSTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC80MzE2MzQtMzVjYi00NTQ1LTg3N2It
ZGYzYzA3ZjM0MTFlLzEvZnU1SVU2V1BuMHNFZEgyNVBFR3l6ZE5kejZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC80MzE2MzQtMzVjYi00NTQ1LTg3N2ItZGYzYzA3ZjM0MTFl
LzEva3RrSW1vNHlqVExXM2hiWDJpVjdnUnNGSTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw4fMA0G
CSqGSIb3DQEBCwUAA4IBAQA2OLKFbIxffr8RhlFHQztCqm4X/IESaNYlHhdLqmLT
oETf42TKEwPb7yvxMh+6QKTfn+EvRKrruqTKQMjSGe0TWLa6BDcWawz+UuNyy92j
rIjc+cHw891RYgTxzJnwrQr3FHdK9Sbw/WLBk7gKURnkWtQVdJaw84DWwjXxIxDv
6kTr9EIy2n1jB75sHyvKCK/3Q9HFUV5u8LTy7hJEo2t1naElMbe/FyPEEnHk3nYW
fA0XXHsMDTyQwxND/FsKmqdSrg4f5jTeFCHU5ARMlWN+fOSYkDILzZKKSDHmkAW2
k7vrkGjySVv9i7tdyhVCag46IiYMlzASBIn7rY5oIoQv
-----END CERTIFICATE-----