This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/QNm4qXfmUyEs6AgWVoAd3p7xDto.roa
File:                     QNm4qXfmUyEs6AgWVoAd3p7xDto.roa (raw, json)
Hash identifier:          5WxbazwI9YUcD8mk4Tz0dUwbVJ0crE/g/cMT5agZZgM=
Subject key identifier:   40:D9:B8:A9:77:E6:53:21:2C:E8:08:16:56:80:1D:DE:9E:F1:0E:DA
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       019B791028A451FC635D69A0E0B1EC4C7773
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/QNm4qXfmUyEs6AgWVoAd3p7xDto.roa
Signing time:             Thu 01 Jan 2026 10:17:40 +0000
ROA not before:           Thu 01 Jan 2026 10:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        31.223.192.0/21 maxlen: 24
                          31.223.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 11:15:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:28:a4:51:fc:63:5d:69:a0:e0:b1:ec:4c:77:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Jan  1 10:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40d9b8a977e653212ce8081656801dde9ef10eda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:52:50:31:59:ef:75:5f:4c:24:24:d2:3c:11:
                    b5:23:8a:59:03:01:6a:ce:11:ab:bd:e4:2e:53:f3:
                    be:7a:a0:fb:b5:85:1d:d7:8a:00:53:a0:22:cd:92:
                    39:ab:12:2a:0b:5a:a7:54:25:c8:67:39:0c:eb:30:
                    c0:87:14:5d:e9:98:ad:9d:dd:51:2c:cf:5b:00:21:
                    b8:ac:8b:d8:de:7b:b6:c4:25:2e:cf:8e:2e:89:87:
                    3e:e0:11:59:6a:e5:33:3e:35:3b:bf:87:b3:1b:2d:
                    68:63:30:f8:dc:fb:87:79:9b:e9:20:74:69:4d:72:
                    3a:ce:0b:97:cb:85:3a:bd:e1:16:21:e1:41:d6:62:
                    eb:22:c0:eb:9f:23:33:9c:ef:96:25:40:60:3c:18:
                    b9:3c:36:0f:13:2f:c8:73:f9:3d:3a:ea:bb:c3:62:
                    72:dd:dc:dc:61:60:dc:c9:a2:5b:79:52:22:3d:1f:
                    8a:a7:a4:96:3e:b9:87:d8:c7:93:8d:2d:4f:fc:d7:
                    89:25:f7:79:db:81:bb:fd:a6:ba:76:40:7c:37:7c:
                    02:c9:2d:cc:f3:36:a3:43:02:4a:ff:db:f7:70:cf:
                    d2:4e:ca:2e:df:3f:5c:91:68:46:41:73:d9:b5:20:
                    66:67:3e:26:db:3a:bb:84:85:4a:52:99:df:33:d6:
                    5a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D9:B8:A9:77:E6:53:21:2C:E8:08:16:56:80:1D:DE:9E:F1:0E:DA
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/QNm4qXfmUyEs6AgWVoAd3p7xDto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         96:7f:ca:60:0d:8c:47:9a:70:0b:43:fe:a3:7d:e0:bf:49:55:
         50:32:34:f2:fa:66:ef:8c:13:2a:61:86:af:59:53:74:32:e5:
         0a:9f:66:d5:df:f5:62:3e:ee:3a:8e:16:94:90:2a:be:ff:e3:
         a5:20:3b:5b:bd:82:77:9c:00:ab:3c:54:e0:80:f7:c0:82:33:
         fe:4b:a9:47:c2:0e:8b:0c:c2:e5:37:50:d5:a8:d4:83:5f:96:
         e3:23:97:4f:2b:df:ef:c2:ee:ff:b5:64:1b:d1:61:79:5a:82:
         68:6e:bf:2f:15:ff:77:b5:15:d6:34:d4:3d:31:be:1c:7b:a2:
         59:09:29:f9:47:7f:1d:48:ad:54:62:18:59:c8:74:45:b1:9c:
         14:ee:a3:25:f5:9e:84:b2:2a:fe:e7:54:bc:2a:bc:4d:dc:f2:
         3e:04:d0:02:09:7b:8c:39:65:cd:66:4f:6a:64:50:23:24:d5:
         67:14:73:fa:33:ec:2e:ad:2b:bf:3a:73:96:1a:71:cf:72:59:
         0f:f5:16:3d:33:3a:c6:69:83:08:2a:61:1e:ab:86:b7:e3:df:
         fb:25:f6:5b:cb:f3:36:8d:8e:ea:23:83:12:50:d5:cc:a2:5d:
         85:de:11:6d:df:f2:5b:b8:bf:fb:61:14:71:ea:d5:1d:c4:1a:
         7b:ab:fb:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECikUfxjXWmg4LHsTHdzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjYwMTAxMTAxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQ5YjhhOTc3ZTY1MzIxMmNlODA4MTY1NjgwMWRkZTllZjEwZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVJQMVnvdV9MJCTSPBG1I4pZAwFq
zhGrveQuU/O+eqD7tYUd14oAU6AizZI5qxIqC1qnVCXIZzkM6zDAhxRd6Zitnd1R
LM9bACG4rIvY3nu2xCUuz44uiYc+4BFZauUzPjU7v4ezGy1oYzD43PuHeZvpIHRp
TXI6zguXy4U6veEWIeFB1mLrIsDrnyMznO+WJUBgPBi5PDYPEy/Ic/k9Ouq7w2Jy
3dzcYWDcyaJbeVIiPR+Kp6SWPrmH2MeTjS1P/NeJJfd524G7/aa6dkB8N3wCyS3M
8zajQwJK/9v3cM/STsou3z9ckWhGQXPZtSBmZz4m2zq7hIVKUpnfM9ZaQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDZuKl35lMhLOgIFlaAHd6e8Q7aMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvUU5tNHFYZm1VeUVzNkFnV1ZvQWQzcDd4RHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEH9/AMA0G
CSqGSIb3DQEBCwUAA4IBAQCWf8pgDYxHmnALQ/6jfeC/SVVQMjTy+mbvjBMqYYav
WVN0MuUKn2bV3/ViPu46jhaUkCq+/+OlIDtbvYJ3nACrPFTggPfAgjP+S6lHwg6L
DMLlN1DVqNSDX5bjI5dPK9/vwu7/tWQb0WF5WoJobr8vFf93tRXWNNQ9Mb4ce6JZ
CSn5R38dSK1UYhhZyHRFsZwU7qMl9Z6Esir+51S8KrxN3PI+BNACCXuMOWXNZk9q
ZFAjJNVnFHP6M+wurSu/OnOWGnHPclkP9RY9MzrGaYMIKmEeq4a349/7JfZby/M2
jY7qI4MSUNXMol2F3hFt3/JbuL/7YRRx6tUdxBp7q/vq
-----END CERTIFICATE-----