This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/cZdoFIof6I27GQcjytPY0R3i3js.roa
File:                     cZdoFIof6I27GQcjytPY0R3i3js.roa (raw, json)
Hash identifier:          pRv2+sxETB2uUE4tr3TfMEgzvPUHUWoGW9QMt9CyFD4=
Subject key identifier:   71:97:68:14:8A:1F:E8:8D:BB:19:07:23:CA:D3:D8:D1:1D:E2:DE:3B
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019B7E38CA533783838FD906B2121AA03F97
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/cZdoFIof6I27GQcjytPY0R3i3js.roa
Signing time:             Fri 02 Jan 2026 10:20:09 +0000
ROA not before:           Fri 02 Jan 2026 10:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399073
IP address blocks:        31.42.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 15:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:ca:53:37:83:83:8f:d9:06:b2:12:1a:a0:3f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jan  2 10:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=719768148a1fe88dbb190723cad3d8d11de2de3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:12:49:b6:f0:1e:25:bf:2a:33:10:04:aa:30:
                    ee:ab:e1:15:ee:8b:10:57:eb:0f:00:39:79:63:c0:
                    b8:0e:91:cc:34:e0:3f:8a:81:fc:ed:42:a5:72:f1:
                    dd:6d:87:c0:d1:54:8f:a7:66:15:0f:5e:dc:a8:e4:
                    e7:9b:66:7e:0d:ed:11:a3:a8:18:d2:ea:f9:9c:44:
                    49:1c:e3:75:64:97:d2:b0:13:60:34:b4:2f:1f:6f:
                    bb:3d:a0:ba:3d:33:7b:a7:9c:9d:06:42:44:0d:a2:
                    9d:65:ef:06:af:74:29:13:09:ef:24:92:a5:13:b0:
                    82:ff:e1:fa:81:01:03:73:2e:47:88:ca:48:e4:60:
                    f8:63:9b:cf:2d:b2:8e:5c:af:c1:77:18:92:08:7f:
                    16:6a:33:5f:c2:1c:2d:09:06:f5:d7:74:8b:6a:81:
                    7d:dc:b8:08:3f:74:d0:df:ed:c6:c9:fb:bb:93:8b:
                    31:76:23:3f:59:38:a5:e9:9d:bb:92:96:f7:02:52:
                    4a:16:41:ea:0d:ac:ee:fa:61:c3:d3:a9:a9:ec:4f:
                    37:6c:56:79:e0:37:4c:e3:94:b3:48:ac:20:e2:c9:
                    2a:94:46:1f:7a:0c:03:4c:77:44:61:f7:dc:26:a8:
                    f3:c5:4f:5f:95:fa:27:fb:7f:26:d1:b9:b8:df:9d:
                    dc:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:97:68:14:8A:1F:E8:8D:BB:19:07:23:CA:D3:D8:D1:1D:E2:DE:3B
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/cZdoFIof6I27GQcjytPY0R3i3js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:7e:98:a4:dc:be:f2:6f:0f:42:5c:3b:d4:84:f7:d8:8b:08:
         02:3c:29:e0:78:15:65:36:91:8c:83:16:2f:16:71:af:a8:cd:
         20:bb:53:4b:4c:ed:0e:bc:4f:0c:59:a9:ba:d5:35:9c:eb:c0:
         25:7b:4f:86:94:bb:4f:f1:72:de:35:f4:9b:fa:45:d6:08:cb:
         93:c3:61:21:e1:42:8f:89:b2:ee:3e:e2:77:9c:88:89:68:bb:
         85:a7:37:c1:f0:f4:5b:76:23:28:79:a9:6b:33:0c:79:94:16:
         bd:95:2c:61:1b:84:b0:61:b4:cf:48:53:9d:0d:69:0d:06:bb:
         5d:d7:e3:26:7f:27:4d:e9:10:b3:2b:76:22:b5:c5:3c:1c:da:
         e5:57:af:fb:1d:62:90:c5:69:cf:4f:47:99:37:de:c4:f8:a0:
         d4:6b:39:b7:fb:98:e3:c3:90:10:31:53:8a:ca:31:e9:9a:9c:
         7a:11:68:2f:f1:53:f0:71:55:d0:9d:f5:f3:4b:ac:17:7f:23:
         e9:29:a9:74:a9:a5:af:e0:25:99:1c:45:13:82:59:e7:23:8f:
         d8:06:2c:39:99:c1:0e:3e:7c:90:3b:9c:ab:fc:4a:34:77:89:
         52:73:a6:22:b1:bf:6e:43:bf:57:57:c0:7e:ee:d3:19:36:03:
         86:75:53:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OMpTN4ODj9kGshIaoD+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMTAyMTAyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTk3NjgxNDhhMWZlODhkYmIxOTA3MjNjYWQzZDhkMTFkZTJkZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhJJtvAeJb8qMxAEqjDuq+EV7osQ
V+sPADl5Y8C4DpHMNOA/ioH87UKlcvHdbYfA0VSPp2YVD17cqOTnm2Z+De0Ro6gY
0ur5nERJHON1ZJfSsBNgNLQvH2+7PaC6PTN7p5ydBkJEDaKdZe8Gr3QpEwnvJJKl
E7CC/+H6gQEDcy5HiMpI5GD4Y5vPLbKOXK/BdxiSCH8WajNfwhwtCQb113SLaoF9
3LgIP3TQ3+3Gyfu7k4sxdiM/WTil6Z27kpb3AlJKFkHqDazu+mHD06mp7E83bFZ5
4DdM45SzSKwg4skqlEYfegwDTHdEYffcJqjzxU9flfon+38m0bm4353cDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGXaBSKH+iNuxkHI8rT2NEd4t47MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvY1pkb0ZJb2Y2STI3R1Fjanl0UFkwUjNpM2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp8MA0G
CSqGSIb3DQEBCwUAA4IBAQAdfpik3L7ybw9CXDvUhPfYiwgCPCngeBVlNpGMgxYv
FnGvqM0gu1NLTO0OvE8MWam61TWc68Ale0+GlLtP8XLeNfSb+kXWCMuTw2Eh4UKP
ibLuPuJ3nIiJaLuFpzfB8PRbdiMoealrMwx5lBa9lSxhG4SwYbTPSFOdDWkNBrtd
1+MmfydN6RCzK3YitcU8HNrlV6/7HWKQxWnPT0eZN97E+KDUazm3+5jjw5AQMVOK
yjHpmpx6EWgv8VPwcVXQnfXzS6wXfyPpKal0qaWv4CWZHEUTglnnI4/YBiw5mcEO
PnyQO5yr/Eo0d4lSc6Yisb9uQ79XV8B+7tMZNgOGdVNI
-----END CERTIFICATE-----