This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/j3qq4MvojOFaV3piUARhww5SfkI.roa
File:                     j3qq4MvojOFaV3piUARhww5SfkI.roa (raw, json)
Hash identifier:          5ZhQV4dh6a6da+ERWvVWZKdaaZu/HC8oF5bb59nJCtE=
Subject key identifier:   8F:7A:AA:E0:CB:E8:8C:E1:5A:57:7A:62:50:04:61:C3:0E:52:7E:42
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019B7E38BE4B3E6C7A4A310D75DF4E90D654
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/j3qq4MvojOFaV3piUARhww5SfkI.roa
Signing time:             Fri 02 Jan 2026 10:20:06 +0000
ROA not before:           Fri 02 Jan 2026 10:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        31.42.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:be:4b:3e:6c:7a:4a:31:0d:75:df:4e:90:d6:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jan  2 10:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f7aaae0cbe88ce15a577a62500461c30e527e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2d:05:4b:91:50:37:52:6d:88:3b:af:e7:d0:
                    88:28:08:bd:4b:38:7a:33:09:1d:25:ce:8c:fa:51:
                    03:e5:ad:3d:8a:25:ea:c3:ea:95:b2:51:a4:b0:04:
                    41:bf:99:3c:88:4b:5f:b9:70:62:24:2f:f2:dc:5a:
                    cf:39:86:4c:63:26:d1:76:03:64:6e:0a:b6:98:a5:
                    c3:68:f2:9d:f5:6a:5b:e2:99:cc:c6:ce:51:dd:50:
                    ee:17:fa:23:85:f7:0b:66:b1:59:ed:84:25:5a:61:
                    e3:38:d2:90:74:5b:10:05:6f:58:10:b3:3c:0a:5b:
                    a2:3b:99:56:fe:fb:32:ac:be:f0:19:d7:7a:07:98:
                    25:62:01:98:cd:bd:b7:b2:5c:93:44:15:72:b9:e5:
                    4b:46:c9:e6:4b:3d:32:25:c8:06:1f:82:bc:33:d8:
                    a9:1c:8e:3e:d8:3b:94:db:27:ef:9d:8f:99:fc:bd:
                    e8:5c:7c:74:14:b8:f9:72:53:8a:54:04:b4:0b:8c:
                    58:1c:b4:84:35:d3:5a:8e:fb:82:79:fa:ab:63:e9:
                    76:6d:4f:a4:2f:cf:2b:b5:7f:d0:d8:ec:3d:f4:ec:
                    c9:62:de:d0:44:1a:26:e1:08:65:7f:29:c0:bd:be:
                    fb:ac:17:9b:8f:9e:69:5f:7b:4d:5b:a9:5e:cb:08:
                    73:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7A:AA:E0:CB:E8:8C:E1:5A:57:7A:62:50:04:61:C3:0E:52:7E:42
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/j3qq4MvojOFaV3piUARhww5SfkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:a7:c3:74:eb:f0:e4:1e:77:7a:15:64:11:43:0a:7c:d0:cd:
         54:70:6c:c2:b6:da:43:18:47:ac:64:37:f7:05:a0:ad:88:99:
         9b:05:7d:0d:25:7f:37:91:b1:95:60:64:73:65:44:09:eb:6d:
         2b:5d:8f:6a:04:1d:e4:23:6a:a8:3d:a8:bc:55:f8:92:fc:80:
         1a:e2:04:86:8a:45:16:ac:97:03:7d:19:86:1c:9f:e0:c8:21:
         06:13:ce:5e:53:90:df:bb:8c:97:83:1c:e6:a9:36:19:88:ba:
         e2:8b:02:7a:97:da:f1:7a:06:0a:38:47:86:fc:31:73:52:f3:
         c6:90:72:6b:eb:b6:c8:e0:eb:7e:7b:d7:2a:f1:57:93:e9:cb:
         c7:69:6c:7d:01:81:92:6f:95:3c:e3:60:26:5e:cc:cf:98:64:
         ea:21:89:4c:1f:f9:93:db:cd:84:a0:1a:01:ee:f6:49:e2:a3:
         1a:a0:b7:17:0b:be:c6:5e:56:e6:83:23:b2:f9:1e:69:ca:66:
         f1:83:de:a4:d9:0b:c7:d5:33:6c:ff:89:72:20:9c:92:57:68:
         22:65:81:3b:b5:25:0f:92:11:09:43:12:e6:94:5f:97:0f:7b:
         5a:4c:d9:7c:2f:54:a0:02:a7:68:12:62:b0:78:f9:15:68:84:
         ca:f2:6a:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OL5LPmx6SjENdd9OkNZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMTAyMTAyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdhYWFlMGNiZTg4Y2UxNWE1NzdhNjI1MDA0NjFjMzBlNTI3ZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy0FS5FQN1JtiDuv59CIKAi9Szh6
MwkdJc6M+lED5a09iiXqw+qVslGksARBv5k8iEtfuXBiJC/y3FrPOYZMYybRdgNk
bgq2mKXDaPKd9Wpb4pnMxs5R3VDuF/ojhfcLZrFZ7YQlWmHjONKQdFsQBW9YELM8
CluiO5lW/vsyrL7wGdd6B5glYgGYzb23slyTRBVyueVLRsnmSz0yJcgGH4K8M9ip
HI4+2DuU2yfvnY+Z/L3oXHx0FLj5clOKVAS0C4xYHLSENdNajvuCefqrY+l2bU+k
L88rtX/Q2Ow99OzJYt7QRBom4QhlfynAvb77rBebj55pX3tNW6leywhzYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI96quDL6IzhWld6YlAEYcMOUn5CMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvajNxcTRNdm9qT0ZhVjNwaVVBUmh3dzVTZmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp+MA0G
CSqGSIb3DQEBCwUAA4IBAQALp8N06/DkHnd6FWQRQwp80M1UcGzCttpDGEesZDf3
BaCtiJmbBX0NJX83kbGVYGRzZUQJ620rXY9qBB3kI2qoPai8VfiS/IAa4gSGikUW
rJcDfRmGHJ/gyCEGE85eU5Dfu4yXgxzmqTYZiLriiwJ6l9rxegYKOEeG/DFzUvPG
kHJr67bI4Ot+e9cq8VeT6cvHaWx9AYGSb5U842AmXszPmGTqIYlMH/mT282EoBoB
7vZJ4qMaoLcXC77GXlbmgyOy+R5pymbxg96k2QvH1TNs/4lyIJySV2giZYE7tSUP
khEJQxLmlF+XD3taTNl8L1SgAqdoEmKwePkVaITK8mqw
-----END CERTIFICATE-----
Generated at Mon Jan 19 11:23:47 2026 by rpki-client