This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/0h3cR23S4efs_gf8sSPOmC1RZ-I.roa
File:                     0h3cR23S4efs_gf8sSPOmC1RZ-I.roa (raw, json)
Hash identifier:          v9fdqk0MhdX64pVApOvP6pHzFRFCpS7Dq8FFnISgIyU=
Subject key identifier:   D2:1D:DC:47:6D:D2:E1:E7:EC:FE:07:FC:B1:23:CE:98:2D:51:67:E2
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019C09AD2E540BDE602E7D8C83958A53F82A
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/0h3cR23S4efs_gf8sSPOmC1RZ-I.roa
Signing time:             Thu 29 Jan 2026 12:14:30 +0000
ROA not before:           Thu 29 Jan 2026 12:14:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50959
IP address blocks:        31.171.64.0/24 maxlen: 24
                          31.171.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:ad:2e:54:0b:de:60:2e:7d:8c:83:95:8a:53:f8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jan 29 12:14:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d21ddc476dd2e1e7ecfe07fcb123ce982d5167e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ca:0b:64:9c:e5:8c:d9:cc:cd:c2:7e:cc:d9:
                    f7:51:37:2c:a1:98:61:ad:f3:21:9e:cb:5d:68:21:
                    30:58:22:c5:a9:29:6e:26:bd:fb:28:85:b0:ff:d9:
                    ca:e5:bc:78:62:1a:f3:95:35:9d:f5:e5:71:76:35:
                    23:5a:a7:63:7c:16:c8:dc:73:c0:d4:c7:b3:6c:d0:
                    94:e0:4a:3d:f5:ef:d9:99:3c:c3:d1:92:c8:77:c6:
                    6f:a6:5c:6a:f8:de:54:37:e5:3d:cd:d9:2a:d5:34:
                    86:b9:b6:a7:4a:0a:50:a3:8a:5e:4e:16:80:d8:36:
                    dc:f5:5f:e5:b1:30:66:0e:33:93:fe:93:2d:98:10:
                    4e:d8:cd:92:1c:4d:bd:90:30:b4:1b:8d:33:a2:7d:
                    81:e7:1f:54:36:37:33:7c:79:60:49:52:5a:b7:eb:
                    20:cf:49:b4:28:8a:af:9b:e6:17:61:6d:0f:3c:99:
                    ae:34:3c:29:39:83:ff:bc:4b:27:86:b4:2e:da:ee:
                    e9:ad:19:14:6e:5a:d1:43:50:f0:03:1f:e7:bf:6c:
                    fd:57:27:7e:7c:7c:1d:0f:97:e8:f4:80:2e:45:0a:
                    b8:45:4a:2e:80:55:ac:7e:63:dd:e5:ae:46:5a:71:
                    b1:6d:88:06:dd:09:36:fb:bf:27:39:a3:7d:b3:ad:
                    83:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:1D:DC:47:6D:D2:E1:E7:EC:FE:07:FC:B1:23:CE:98:2D:51:67:E2
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/0h3cR23S4efs_gf8sSPOmC1RZ-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:3c:db:b4:4b:ad:03:91:33:c2:4d:87:35:96:49:2a:7a:cf:
         5d:f1:57:e0:5b:a9:52:da:b6:dd:51:c3:91:d5:99:2f:9f:77:
         7a:ea:93:ca:5d:97:7e:fa:6d:da:44:55:9a:bb:ee:f4:6e:98:
         97:69:99:74:8f:83:a0:02:14:2b:11:d1:f4:cd:46:38:23:16:
         d4:12:6c:c8:76:64:93:79:eb:a9:1f:f3:fb:5c:d7:29:26:30:
         85:af:60:6d:f6:b6:9c:17:88:8e:22:06:e5:4a:5d:f0:81:18:
         9b:65:88:85:85:e8:4f:4c:d8:b3:a1:6b:ef:76:52:a1:db:3f:
         25:75:a0:de:37:d1:82:69:fa:8e:a6:08:c0:a2:5f:a7:73:57:
         7f:ce:79:ca:6b:3f:d6:aa:f4:76:76:58:f7:51:a9:25:ca:99:
         32:b3:d6:68:df:1c:22:81:59:0d:58:b6:2b:b6:02:e2:86:6f:
         06:6e:b5:36:a0:2e:c5:ab:12:01:fe:ac:80:12:e1:00:9b:9c:
         10:e3:c2:41:09:6f:47:28:d0:19:34:bf:d7:6b:39:35:47:0d:
         f4:64:da:f4:a8:b8:0f:f7:65:47:48:4f:4a:c3:f3:56:52:27:
         25:34:93:d0:81:ed:60:e4:f7:cd:7d:25:dd:2e:49:05:de:a3:
         e2:c1:2e:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwJrS5UC95gLn2Mg5WKU/gqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwMTI5MTIxNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjFkZGM0NzZkZDJlMWU3ZWNmZTA3ZmNiMTIzY2U5ODJkNTE2N2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcoLZJzljNnMzcJ+zNn3UTcsoZhh
rfMhnstdaCEwWCLFqSluJr37KIWw/9nK5bx4YhrzlTWd9eVxdjUjWqdjfBbI3HPA
1MezbNCU4Eo99e/ZmTzD0ZLId8Zvplxq+N5UN+U9zdkq1TSGubanSgpQo4peThaA
2Dbc9V/lsTBmDjOT/pMtmBBO2M2SHE29kDC0G40zon2B5x9UNjczfHlgSVJat+sg
z0m0KIqvm+YXYW0PPJmuNDwpOYP/vEsnhrQu2u7prRkUblrRQ1DwAx/nv2z9Vyd+
fHwdD5fo9IAuRQq4RUougFWsfmPd5a5GWnGxbYgG3Qk2+78nOaN9s62D0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNId3Edt0uHn7P4H/LEjzpgtUWfiMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvMGgzY1IyM1M0ZWZzX2dmOHNTUE9tQzFSWi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH6tAMA0G
CSqGSIb3DQEBCwUAA4IBAQBVPNu0S60DkTPCTYc1lkkqes9d8VfgW6lS2rbdUcOR
1Zkvn3d66pPKXZd++m3aRFWau+70bpiXaZl0j4OgAhQrEdH0zUY4IxbUEmzIdmST
eeupH/P7XNcpJjCFr2Bt9racF4iOIgblSl3wgRibZYiFhehPTNizoWvvdlKh2z8l
daDeN9GCafqOpgjAol+nc1d/znnKaz/WqvR2dlj3Uaklypkys9Zo3xwigVkNWLYr
tgLihm8GbrU2oC7FqxIB/qyAEuEAm5wQ48JBCW9HKNAZNL/Xazk1Rw30ZNr0qLgP
92VHSE9Kw/NWUiclNJPQge1g5PfNfSXdLkkF3qPiwS5w
-----END CERTIFICATE-----