This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/i9fWfsMwXgnYDiaMjktQ-IknIyw.roa
File:                     i9fWfsMwXgnYDiaMjktQ-IknIyw.roa (raw, json)
Hash identifier:          M+2mYEKMJN/SYEZm8zNzj6//9PpUwRXWmI5lDNpnbSY=
Subject key identifier:   8B:D7:D6:7E:C3:30:5E:09:D8:0E:26:8C:8E:4B:50:F8:89:27:23:2C
Certificate issuer:       /CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
Certificate serial:       019B7AC8FE6B88C1D03B78D28D7CF322A416
Authority key identifier: 31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/i9fWfsMwXgnYDiaMjktQ-IknIyw.roa
Signing time:             Thu 01 Jan 2026 18:19:11 +0000
ROA not before:           Thu 01 Jan 2026 18:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        202.22.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:fe:6b:88:c1:d0:3b:78:d2:8d:7c:f3:22:a4:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
        Validity
            Not Before: Jan  1 18:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bd7d67ec3305e09d80e268c8e4b50f88927232c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e7:dc:27:53:a4:7d:15:7c:cd:85:98:ab:87:
                    aa:c7:ae:a7:fc:73:bc:d8:60:ba:78:95:fc:73:8a:
                    d8:08:61:e1:fc:c4:49:34:0f:ab:1d:da:84:61:ff:
                    a3:10:ff:8d:04:b8:d0:4c:20:f5:4b:6e:4f:17:5f:
                    24:fd:1d:1c:0a:94:01:1c:b1:bb:32:30:a2:95:5f:
                    e3:d3:0e:9f:33:53:15:b0:46:66:85:ab:39:44:ff:
                    3e:83:9f:57:cf:33:b4:17:4b:f2:5d:b6:d7:99:33:
                    93:c1:0d:55:55:2c:ef:33:2f:53:d7:24:aa:b5:a9:
                    40:45:74:f2:41:90:4e:1e:69:f4:f0:ee:ca:ec:7a:
                    4d:45:58:a2:3d:f2:c4:aa:c0:15:f6:12:fc:c8:6c:
                    9e:93:13:4e:ec:4f:c8:14:8e:02:fa:8d:0c:dc:c1:
                    01:18:f9:da:dc:ca:1c:2f:64:ed:40:39:48:35:34:
                    b0:df:50:78:d8:0c:90:69:1f:0b:65:4d:cb:4c:1a:
                    48:82:b4:39:89:19:02:45:22:41:a9:fc:3d:fb:a3:
                    9b:0f:4f:5e:61:ba:a0:7c:0d:e8:6d:7d:48:28:b7:
                    04:63:a0:9d:35:5f:4b:86:94:b2:01:0a:ba:81:0a:
                    53:75:ed:59:ab:f8:4b:04:26:9d:e4:4e:7e:9b:04:
                    ac:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D7:D6:7E:C3:30:5E:09:D8:0E:26:8C:8E:4B:50:F8:89:27:23:2C
            X509v3 Authority Key Identifier:
                keyid:31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/i9fWfsMwXgnYDiaMjktQ-IknIyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.22.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:25:d3:59:58:1a:0d:5f:5a:36:ee:91:c7:ae:a3:d4:29:96:
         eb:38:c8:c4:c1:68:86:56:fc:68:43:57:13:e0:6c:22:f6:6c:
         cf:6d:21:b2:bb:c2:97:0a:0f:ea:77:fc:90:0e:14:91:8f:a1:
         5f:8d:b8:0f:55:fe:18:27:0d:09:8a:58:c9:92:72:2e:de:95:
         d5:a6:b6:78:e1:4d:1a:47:85:46:47:0e:1d:4e:76:ff:c7:24:
         b0:33:ac:5b:84:48:25:0f:f4:eb:08:b2:02:37:bc:08:0a:96:
         b3:15:00:59:21:0f:8f:13:d8:c5:51:5e:ad:76:64:13:19:64:
         da:a3:6d:c2:63:49:a8:fa:70:e6:20:58:4c:73:53:59:18:a2:
         68:1c:01:5e:87:b8:44:16:84:03:53:ad:25:5a:a1:5c:04:25:
         89:ab:1c:27:bc:a2:f7:b9:41:83:18:1e:36:ed:d4:28:f5:9c:
         7e:11:8a:ee:fa:44:47:b7:dc:ad:6c:d8:e4:0f:eb:70:33:d6:
         c6:46:fe:e2:72:93:b8:ac:21:c8:7d:d5:4a:f7:9e:39:1e:74:
         63:c3:8d:41:f0:15:6e:b8:54:04:0f:bb:ab:be:3b:40:34:8e:
         0c:f2:42:88:63:56:5f:c9:e9:32:f0:9b:e2:c5:56:ae:17:cc:
         1a:ec:d9:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yP5riMHQO3jSjXzzIqQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZWI5YjJkYjRhM2JkZGY4YzkyZmM1MGI5NzEzMDQzZGQ1
NmRjMzgwHhcNMjYwMTAxMTgxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmQ3ZDY3ZWMzMzA1ZTA5ZDgwZTI2OGM4ZTRiNTBmODg5MjcyMzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2efcJ1OkfRV8zYWYq4eqx66n/HO8
2GC6eJX8c4rYCGHh/MRJNA+rHdqEYf+jEP+NBLjQTCD1S25PF18k/R0cCpQBHLG7
MjCilV/j0w6fM1MVsEZmhas5RP8+g59XzzO0F0vyXbbXmTOTwQ1VVSzvMy9T1ySq
talARXTyQZBOHmn08O7K7HpNRViiPfLEqsAV9hL8yGyekxNO7E/IFI4C+o0M3MEB
GPna3MocL2TtQDlINTSw31B42AyQaR8LZU3LTBpIgrQ5iRkCRSJBqfw9+6ObD09e
YbqgfA3obX1IKLcEY6CdNV9LhpSyAQq6gQpTde1Zq/hLBCad5E5+mwSsIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvX1n7DMF4J2A4mjI5LUPiJJyMsMB8GA1UdIwQY
MBaAFDHrmy20o73fjJL8ULlxMEPdVtw4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgt
YmQyNGYwMDM1NzhmLzEvaTlmV2ZzTXdYZ25ZRGlhTWprdFEtSWtuSXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgtYmQyNGYwMDM1Nzhm
LzEvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyhaqMA0G
CSqGSIb3DQEBCwUAA4IBAQAtJdNZWBoNX1o27pHHrqPUKZbrOMjEwWiGVvxoQ1cT
4Gwi9mzPbSGyu8KXCg/qd/yQDhSRj6FfjbgPVf4YJw0JiljJknIu3pXVprZ44U0a
R4VGRw4dTnb/xySwM6xbhEglD/TrCLICN7wICpazFQBZIQ+PE9jFUV6tdmQTGWTa
o23CY0mo+nDmIFhMc1NZGKJoHAFeh7hEFoQDU60lWqFcBCWJqxwnvKL3uUGDGB42
7dQo9Zx+EYru+kRHt9ytbNjkD+twM9bGRv7icpO4rCHIfdVK9545HnRjw41B8BVu
uFQED7urvjtANI4M8kKIY1Zfyeky8JvixVauF8wa7NlV
-----END CERTIFICATE-----