This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sQn2oGBeZndDAtk3sgQsnijeiNw.roa
File:                     sQn2oGBeZndDAtk3sgQsnijeiNw.roa (raw, json)
Hash identifier:          ez2RBjFxOlUCm+oMoBB+RuUMYBuAFUykglwJbIySuNg=
Subject key identifier:   B1:09:F6:A0:60:5E:66:77:43:02:D9:37:B2:04:2C:9E:28:DE:88:DC
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019B78A2566FAE26FF9FD5BDE207A525C7AB
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sQn2oGBeZndDAtk3sgQsnijeiNw.roa
Signing time:             Thu 01 Jan 2026 08:17:43 +0000
ROA not before:           Thu 01 Jan 2026 08:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142132
IP address blocks:        212.135.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:56:6f:ae:26:ff:9f:d5:bd:e2:07:a5:25:c7:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jan  1 08:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b109f6a0605e66774302d937b2042c9e28de88dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d5:dd:c5:98:18:47:69:d2:e4:2a:89:47:47:
                    7a:de:a8:0d:63:b2:44:43:64:f6:01:f3:53:68:31:
                    4d:84:9f:64:63:97:74:9f:ea:cb:08:49:64:17:9a:
                    e1:3e:4e:88:fa:a0:e8:1f:8d:a3:7d:1b:c3:84:45:
                    67:93:7b:27:fb:8c:a7:a3:39:cc:3e:fb:73:36:8f:
                    3a:d8:16:fa:40:ae:aa:43:8a:0f:9b:b0:78:a6:5e:
                    48:e2:a5:8b:60:0c:58:b5:ab:6f:32:3b:d1:c6:dd:
                    d2:64:a4:19:4d:2b:99:44:08:df:8c:a3:55:c1:2a:
                    c2:d7:38:6e:94:b6:41:fc:eb:d1:a5:93:a4:74:ec:
                    3e:72:7a:b7:cd:91:db:db:d6:63:08:2e:ba:57:ae:
                    c5:3e:8e:76:aa:21:72:90:d8:b6:df:73:7a:88:67:
                    96:20:d9:53:c0:fa:77:47:52:3c:aa:b7:7b:80:ad:
                    d1:df:91:83:00:61:64:cb:0c:4c:99:a3:76:50:78:
                    3c:3b:6e:7d:8c:35:da:45:58:59:4a:1b:97:2e:77:
                    97:7a:1c:e7:6e:7d:56:88:c9:7c:c0:25:14:b2:fd:
                    9a:1b:f7:b4:d4:eb:1f:0c:1e:98:23:06:a6:7f:0b:
                    e8:99:e1:f5:25:5a:7d:8a:c9:75:f8:f1:b3:43:ff:
                    2a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:09:F6:A0:60:5E:66:77:43:02:D9:37:B2:04:2C:9E:28:DE:88:DC
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/sQn2oGBeZndDAtk3sgQsnijeiNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:ff:a7:cc:5d:8b:7f:58:c0:02:f4:ec:53:b8:ad:d4:4b:00:
         75:a4:0b:6c:7c:92:b5:ab:fa:0b:ce:07:99:94:09:e5:d6:d9:
         69:01:1e:a2:56:7b:63:fd:d1:8a:c3:22:21:6b:73:7f:fc:7c:
         78:fd:3f:1e:c5:ab:8a:bd:f2:d2:eb:27:b4:af:91:3f:e2:14:
         54:b0:7c:11:cd:a3:10:49:ba:f1:17:89:0d:6a:d5:91:69:9f:
         2d:27:92:b5:1c:c9:cc:7f:3e:43:65:1f:43:04:4f:b3:60:4a:
         17:cf:df:bb:db:9f:52:67:48:ea:36:1e:5b:88:af:e9:fe:7c:
         66:28:65:e5:99:73:b8:ca:eb:51:53:8b:21:db:f9:f1:20:31:
         2e:1c:9c:20:96:c9:4a:c2:69:58:f1:23:8e:42:31:46:60:0f:
         44:28:2f:50:6f:3f:7b:a3:ce:bd:dd:54:a2:05:aa:fb:42:d4:
         93:dd:67:a9:38:45:fa:f5:d2:a2:74:45:18:12:4d:c4:ac:63:
         81:28:bf:7c:37:5e:7a:38:70:ba:52:d5:c0:29:fa:26:b6:68:
         21:a2:13:6f:ff:ac:77:20:3a:1f:c4:10:4d:31:2c:33:b2:0e:
         2b:7e:dd:a4:0e:86:be:c6:6a:be:7e:27:0e:7a:32:cc:35:c0:
         3a:8d:ed:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4olZvrib/n9W94gelJcerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMTAxMDgxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTA5ZjZhMDYwNWU2Njc3NDMwMmQ5MzdiMjA0MmM5ZTI4ZGU4OGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NXdxZgYR2nS5CqJR0d63qgNY7JE
Q2T2AfNTaDFNhJ9kY5d0n+rLCElkF5rhPk6I+qDoH42jfRvDhEVnk3sn+4ynoznM
PvtzNo862Bb6QK6qQ4oPm7B4pl5I4qWLYAxYtatvMjvRxt3SZKQZTSuZRAjfjKNV
wSrC1zhulLZB/OvRpZOkdOw+cnq3zZHb29ZjCC66V67FPo52qiFykNi233N6iGeW
INlTwPp3R1I8qrd7gK3R35GDAGFkywxMmaN2UHg8O259jDXaRVhZShuXLneXehzn
bn1WiMl8wCUUsv2aG/e01OsfDB6YIwamfwvomeH1JVp9isl1+PGzQ/8qcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEJ9qBgXmZ3QwLZN7IELJ4o3ojcMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvc1FuMm9HQmVabmREQXRrM3NnUXNuaWplaU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IcfMA0G
CSqGSIb3DQEBCwUAA4IBAQDU/6fMXYt/WMAC9OxTuK3USwB1pAtsfJK1q/oLzgeZ
lAnl1tlpAR6iVntj/dGKwyIha3N//Hx4/T8exauKvfLS6ye0r5E/4hRUsHwRzaMQ
SbrxF4kNatWRaZ8tJ5K1HMnMfz5DZR9DBE+zYEoXz9+7259SZ0jqNh5biK/p/nxm
KGXlmXO4yutRU4sh2/nxIDEuHJwglslKwmlY8SOOQjFGYA9EKC9Qbz97o8693VSi
Bar7QtST3WepOEX69dKidEUYEk3ErGOBKL98N156OHC6UtXAKfomtmghohNv/6x3
IDofxBBNMSwzsg4rft2kDoa+xmq+ficOejLMNcA6je3+
-----END CERTIFICATE-----