This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CKtW7GvaVTU9Drj24pt9B0GsKi8.roa
File:                     CKtW7GvaVTU9Drj24pt9B0GsKi8.roa (raw, json)
Hash identifier:          1COD/6ru/Iq4Cp863u3vhG1f9keFgawZ859ghEDWg0w=
Subject key identifier:   08:AB:56:EC:6B:DA:55:35:3D:0E:B8:F6:E2:9B:7D:07:41:AC:2A:2F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F84E31100A0862F9E037BB83C803AAA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CKtW7GvaVTU9Drj24pt9B0GsKi8.roa
Signing time:             Fri 02 Jan 2026 16:22:53 +0000
ROA not before:           Fri 02 Jan 2026 16:22:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400696
IP address blocks:        31.58.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:e3:11:00:a0:86:2f:9e:03:7b:b8:3c:80:3a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08ab56ec6bda55353d0eb8f6e29b7d0741ac2a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:40:51:a7:80:20:ea:bc:54:37:35:36:ed:4d:
                    09:fd:ea:5c:3c:f0:94:c3:70:6c:b6:7b:02:85:89:
                    e0:0c:5a:ca:4c:66:a2:e4:6d:e3:aa:ce:27:6b:1e:
                    1c:6c:a9:39:cb:c8:48:f7:d2:56:ec:5c:f7:f5:b7:
                    a0:e8:43:6a:16:0e:1a:02:0c:23:d7:c9:31:ed:e8:
                    c6:37:57:3d:a9:54:33:7c:62:f5:ef:ec:1a:1d:b9:
                    c4:55:a3:2c:8b:ee:19:c0:56:d1:be:05:4c:85:ec:
                    5a:34:36:3b:77:9b:62:cd:f0:63:d5:b4:a8:48:9a:
                    7d:96:eb:9b:f4:dd:6f:4b:55:3d:2b:b5:65:46:a9:
                    2a:73:af:aa:af:ce:87:3a:a8:35:41:dc:e4:0a:69:
                    5b:04:59:37:36:c2:3a:f9:4e:d0:0c:7c:b4:f9:6a:
                    72:0e:05:f4:89:17:56:cf:c8:47:78:d2:7c:a9:de:
                    07:fe:cd:b2:1c:77:1e:80:3e:d6:36:e1:98:27:86:
                    69:ce:5f:18:f3:d0:6a:ef:98:6b:96:49:2b:98:6f:
                    d2:2f:42:3c:a0:01:87:69:86:fe:0c:36:f4:de:02:
                    8f:2b:2e:3f:18:de:6f:c9:37:ff:5e:23:dd:cb:48:
                    b3:bb:5c:7d:04:4a:05:a4:80:10:89:98:fe:5d:e8:
                    e3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:AB:56:EC:6B:DA:55:35:3D:0E:B8:F6:E2:9B:7D:07:41:AC:2A:2F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/CKtW7GvaVTU9Drj24pt9B0GsKi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:0a:78:3b:b1:17:56:cf:fc:a0:a5:a8:47:cb:7b:e0:06:54:
         66:41:82:ea:d1:6e:4c:ce:ed:18:a7:19:0e:d5:0a:30:84:b9:
         45:a9:d0:30:e8:98:dc:36:97:0e:33:b1:28:23:47:0e:00:6b:
         13:74:4c:28:16:b7:c1:4e:01:c8:22:3a:51:18:9e:df:89:d1:
         cb:9b:9e:ba:8e:8b:85:9f:90:7d:bf:c1:da:84:26:dd:fe:26:
         c3:0f:f6:7f:a3:1b:90:0b:86:18:3e:69:45:93:d2:48:24:5a:
         f1:eb:e1:2a:cc:d0:9b:ba:0a:2d:a2:c2:d1:fc:78:30:62:77:
         8e:e1:45:d8:06:5c:f2:f0:40:3e:6d:83:53:c1:93:32:c4:90:
         21:ba:d6:8f:df:c0:b5:ab:a5:3b:50:4b:b5:66:5f:32:73:7a:
         49:95:d1:f4:21:de:83:a8:83:11:18:f1:33:be:d4:3a:13:a7:
         91:03:23:f8:d4:17:dd:5c:09:a9:62:b9:21:a5:66:05:67:91:
         21:93:77:7a:40:9a:44:90:0e:53:82:ee:08:dd:64:e8:65:d6:
         87:6d:78:06:12:ca:30:d3:78:83:fe:cf:87:57:9c:36:32:8a:
         76:5e:c9:81:f4:28:29:ee:25:a2:ff:1b:95:5a:1f:cd:ac:51:
         bf:65:79:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hOMRAKCGL54De7g8gDqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFiNTZlYzZiZGE1NTM1M2QwZWI4ZjZlMjliN2QwNzQxYWMyYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEBRp4Ag6rxUNzU27U0J/epcPPCU
w3BstnsChYngDFrKTGai5G3jqs4nax4cbKk5y8hI99JW7Fz39beg6ENqFg4aAgwj
18kx7ejGN1c9qVQzfGL17+waHbnEVaMsi+4ZwFbRvgVMhexaNDY7d5tizfBj1bSo
SJp9luub9N1vS1U9K7VlRqkqc6+qr86HOqg1QdzkCmlbBFk3NsI6+U7QDHy0+Wpy
DgX0iRdWz8hHeNJ8qd4H/s2yHHcegD7WNuGYJ4Zpzl8Y89Bq75hrlkkrmG/SL0I8
oAGHaYb+DDb03gKPKy4/GN5vyTf/XiPdy0izu1x9BEoFpIAQiZj+XejjUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAirVuxr2lU1PQ649uKbfQdBrCovMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ0t0VzdHdmFWVFU5RHJqMjRwdDlCMEdzS2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqfMA0G
CSqGSIb3DQEBCwUAA4IBAQCOCng7sRdWz/ygpahHy3vgBlRmQYLq0W5Mzu0YpxkO
1QowhLlFqdAw6JjcNpcOM7EoI0cOAGsTdEwoFrfBTgHIIjpRGJ7fidHLm566jouF
n5B9v8HahCbd/ibDD/Z/oxuQC4YYPmlFk9JIJFrx6+EqzNCbugotosLR/HgwYneO
4UXYBlzy8EA+bYNTwZMyxJAhutaP38C1q6U7UEu1Zl8yc3pJldH0Id6DqIMRGPEz
vtQ6E6eRAyP41BfdXAmpYrkhpWYFZ5Ehk3d6QJpEkA5Tgu4I3WToZdaHbXgGEsow
03iD/s+HV5w2Mop2XsmB9Cgp7iWi/xuVWh/NrFG/ZXkf
-----END CERTIFICATE-----