This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3Hl3XE3Ih8BsEg3dNcRY27zsaGE.roa
File:                     3Hl3XE3Ih8BsEg3dNcRY27zsaGE.roa (raw, json)
Hash identifier:          YFJ+Pebf7JrHmGXGqZvtGXprcHGHnla5DXCwvWg5DAU=
Subject key identifier:   DC:79:77:5C:4D:C8:87:C0:6C:12:0D:DD:35:C4:58:DB:BC:EC:68:61
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F847DA7A2484A73F07466DA31A7A583
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3Hl3XE3Ih8BsEg3dNcRY27zsaGE.roa
Signing time:             Fri 02 Jan 2026 16:22:27 +0000
ROA not before:           Fri 02 Jan 2026 16:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135542
IP address blocks:        31.57.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:7d:a7:a2:48:4a:73:f0:74:66:da:31:a7:a5:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc79775c4dc887c06c120ddd35c458dbbcec6861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:28:36:96:89:d8:28:7f:ca:6b:12:65:fa:c7:
                    b2:ee:2d:19:90:c6:b5:46:57:44:1a:94:75:fc:e5:
                    68:d5:90:a1:7d:33:25:02:72:eb:3d:d5:91:50:bb:
                    06:96:83:75:aa:f3:5a:bd:f7:0b:e5:60:04:48:b9:
                    dc:88:b6:41:6a:f2:4d:6f:e6:38:72:93:bc:fc:3f:
                    2a:9f:18:a9:43:ca:df:d9:a9:d7:30:aa:10:33:32:
                    c5:1c:11:c4:9c:37:24:f2:27:9f:69:41:6f:99:ec:
                    ad:60:62:cc:f0:e7:25:25:d6:bd:b6:ad:58:b1:7b:
                    07:ff:2e:5a:f6:fd:46:71:7a:f8:65:cf:56:12:c9:
                    c3:2f:e6:b5:cd:6e:aa:be:35:cc:e9:dc:ca:6a:71:
                    fc:e4:48:6b:49:a0:81:b2:4f:fb:93:79:10:b2:82:
                    01:bb:b8:73:9d:1c:a0:54:01:b1:1d:09:d6:60:53:
                    7d:59:1d:dc:5f:54:b0:69:8e:13:05:ca:e7:f0:b7:
                    34:f5:d6:a0:34:20:ee:cd:23:cf:e1:dc:2b:08:08:
                    d5:7f:c0:9b:7e:19:df:d7:3c:be:5f:27:70:b8:2c:
                    ab:40:47:89:32:aa:f8:b9:e3:d9:fc:a7:6c:a1:00:
                    c2:8a:10:03:20:f4:9f:c1:f0:7d:91:05:7c:3f:5e:
                    19:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:79:77:5C:4D:C8:87:C0:6C:12:0D:DD:35:C4:58:DB:BC:EC:68:61
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3Hl3XE3Ih8BsEg3dNcRY27zsaGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:00:97:52:db:68:2a:9e:fd:7c:59:ea:b6:db:5b:3c:1c:c1:
         8b:dc:5e:d6:ab:a1:85:89:7c:38:c4:94:bd:20:45:97:47:f8:
         13:0d:5c:9f:85:5d:1b:b7:71:da:36:c5:5d:6f:da:4b:43:b2:
         ed:01:56:53:53:dd:67:e4:d8:d4:20:e2:61:6b:90:83:9a:2a:
         ae:2a:21:73:b5:99:31:eb:c1:15:75:1d:49:5d:fb:50:ce:61:
         b2:84:4e:09:66:06:f0:b4:3e:e0:98:ea:9e:74:b9:14:59:2f:
         3b:2a:a4:98:28:79:87:b0:5b:df:fa:7c:7e:2c:4b:12:ef:f0:
         a4:61:f4:7f:ef:11:1a:9b:18:4f:a4:b0:6a:50:01:8f:00:88:
         5c:53:9e:aa:36:47:b0:3e:64:10:52:63:a9:9b:2f:1a:08:57:
         d0:6f:a9:84:d5:b7:74:5d:9b:72:3c:68:81:18:a7:d7:e3:18:
         b6:9e:00:34:34:ee:f8:b7:3e:f0:5c:e6:f2:47:a3:df:cf:54:
         d0:e7:38:a8:b0:24:ae:df:54:4e:60:4f:6c:36:29:57:b9:b9:
         0d:cd:da:3b:cb:0e:6a:b2:05:cc:95:a2:97:06:fb:bd:ea:85:
         59:21:17:d4:ce:88:f9:92:1a:04:e2:d2:87:68:27:76:e8:86:
         df:ed:6b:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hH2nokhKc/B0Ztoxp6WDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc5Nzc1YzRkYzg4N2MwNmMxMjBkZGQzNWM0NThkYmJjZWM2ODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCg2lonYKH/KaxJl+sey7i0ZkMa1
RldEGpR1/OVo1ZChfTMlAnLrPdWRULsGloN1qvNavfcL5WAESLnciLZBavJNb+Y4
cpO8/D8qnxipQ8rf2anXMKoQMzLFHBHEnDck8iefaUFvmeytYGLM8OclJda9tq1Y
sXsH/y5a9v1GcXr4Zc9WEsnDL+a1zW6qvjXM6dzKanH85EhrSaCBsk/7k3kQsoIB
u7hznRygVAGxHQnWYFN9WR3cX1SwaY4TBcrn8Lc09dagNCDuzSPP4dwrCAjVf8Cb
fhnf1zy+XydwuCyrQEeJMqr4uePZ/KdsoQDCihADIPSfwfB9kQV8P14ZGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNx5d1xNyIfAbBIN3TXEWNu87GhhMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvM0hsM1hFM0loOEJzRWczZE5jUlkyN3pzYUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlBMA0G
CSqGSIb3DQEBCwUAA4IBAQAoAJdS22gqnv18Weq221s8HMGL3F7Wq6GFiXw4xJS9
IEWXR/gTDVyfhV0bt3HaNsVdb9pLQ7LtAVZTU91n5NjUIOJha5CDmiquKiFztZkx
68EVdR1JXftQzmGyhE4JZgbwtD7gmOqedLkUWS87KqSYKHmHsFvf+nx+LEsS7/Ck
YfR/7xEamxhPpLBqUAGPAIhcU56qNkewPmQQUmOpmy8aCFfQb6mE1bd0XZtyPGiB
GKfX4xi2ngA0NO74tz7wXObyR6Pfz1TQ5ziosCSu31ROYE9sNilXubkNzdo7yw5q
sgXMlaKXBvu96oVZIRfUzoj5khoE4tKHaCd26Ibf7Wun
-----END CERTIFICATE-----