This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IL7Kz1vfBjWWiMxxJRpWCyhGUPQ.roa
File:                     IL7Kz1vfBjWWiMxxJRpWCyhGUPQ.roa (raw, json)
Hash identifier:          pScymAKy55vYx3m+nnON5iplJdw9ftkTtTsoXAOTs9M=
Subject key identifier:   20:BE:CA:CF:5B:DF:06:35:96:88:CC:71:25:1A:56:0B:28:46:50:F4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B6E37067AA62D37EFCFEF833BE6504948
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IL7Kz1vfBjWWiMxxJRpWCyhGUPQ.roa
Signing time:             Tue 30 Dec 2025 07:44:18 +0000
ROA not before:           Tue 30 Dec 2025 07:44:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213737
IP address blocks:        31.58.210.0/24 maxlen: 24
                          31.58.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 31 Dec 2025 15:21:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:6e:37:06:7a:a6:2d:37:ef:cf:ef:83:3b:e6:50:49:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Dec 30 07:44:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20becacf5bdf06359688cc71251a560b284650f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:52:49:52:7f:cf:59:2b:c7:ae:c7:c7:31:24:
                    10:af:da:e9:04:c3:fe:b7:cc:79:13:ea:e1:99:06:
                    df:64:0b:c4:9b:be:ed:b7:e6:3d:f7:61:2c:ab:6c:
                    71:93:c6:a4:c7:ad:0c:78:33:b6:14:cf:ff:f8:90:
                    8a:2b:df:5c:29:6a:57:4f:79:63:1e:ee:11:35:72:
                    62:b8:06:59:17:b6:b1:92:a2:27:d2:6a:59:e8:c8:
                    58:43:65:58:ae:fa:4d:1b:5d:3b:f2:4c:ab:e3:51:
                    4f:c0:6e:0d:15:34:45:f8:df:7d:b8:22:11:fe:5e:
                    63:1f:a8:b5:08:b7:9f:9d:59:ed:3c:07:39:ac:b1:
                    8b:b8:f3:e4:a7:e3:a8:fd:c3:7d:92:79:b5:9b:b4:
                    bd:2f:f5:a3:9c:29:24:e0:e9:ad:9e:d8:31:fa:48:
                    82:9c:04:96:9c:c0:bf:73:b3:b0:a7:5c:f1:e3:a6:
                    14:68:3d:3d:df:9e:0b:60:99:ff:90:ae:85:37:ab:
                    21:d8:d5:92:2f:0b:80:2e:fc:5e:1e:da:6c:d6:f1:
                    d9:73:62:3a:6f:04:e8:ca:9e:6d:ec:99:39:8a:53:
                    a1:ee:e1:df:20:4d:e2:ca:30:57:14:7a:f1:38:c5:
                    2b:cf:11:cf:ee:94:bd:61:68:99:2a:a0:9a:7e:63:
                    ae:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BE:CA:CF:5B:DF:06:35:96:88:CC:71:25:1A:56:0B:28:46:50:F4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IL7Kz1vfBjWWiMxxJRpWCyhGUPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:77:9a:1f:af:10:6a:53:e4:af:29:d2:57:6b:15:ed:c0:cb:
         d7:5b:b0:38:b0:7a:a1:89:c0:17:ec:fc:79:b5:61:10:93:25:
         9f:2f:8d:9e:69:3a:07:9b:7b:37:f5:93:8a:0e:30:81:4c:7f:
         83:69:e9:83:bb:b3:e5:85:52:94:9d:7b:9e:15:a7:6f:06:b2:
         f3:54:61:23:db:01:87:d5:26:75:f3:00:e7:ec:82:3c:44:1e:
         a6:e2:a7:c9:eb:7c:b7:2b:de:5d:cc:f9:10:96:3c:2e:94:3a:
         a1:94:2a:b4:32:0e:95:f6:20:74:31:fd:96:63:6f:a6:7d:be:
         76:dd:3f:57:28:37:9a:d0:b5:a3:dd:60:f4:b5:e8:36:e0:38:
         d0:71:19:29:67:7a:8c:d2:08:bb:a6:3d:ad:0d:b9:83:ff:60:
         df:a2:40:6a:6d:16:a6:db:88:46:78:fe:29:74:04:62:14:b0:
         db:ab:aa:2c:f3:2d:78:f7:f3:a8:63:a3:67:ab:57:dc:5a:bf:
         21:75:f8:c3:a1:c3:89:ce:c0:83:47:b1:1e:9b:be:db:fe:d7:
         bc:63:10:54:ee:37:27:03:42:ab:db:c3:a6:c8:f0:34:c2:3a:
         ca:6b:3d:7c:9e:0c:4e:dc:5b:1f:65:46:ad:74:8f:48:1e:46:
         6a:82:2e:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZtuNwZ6pi0378/vgzvmUElIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMjMwMDc0NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJlY2FjZjViZGYwNjM1OTY4OGNjNzEyNTFhNTYwYjI4NDY1MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFJJUn/PWSvHrsfHMSQQr9rpBMP+
t8x5E+rhmQbfZAvEm77tt+Y992Esq2xxk8akx60MeDO2FM//+JCKK99cKWpXT3lj
Hu4RNXJiuAZZF7axkqIn0mpZ6MhYQ2VYrvpNG1078kyr41FPwG4NFTRF+N99uCIR
/l5jH6i1CLefnVntPAc5rLGLuPPkp+Oo/cN9knm1m7S9L/WjnCkk4Omtntgx+kiC
nASWnMC/c7Owp1zx46YUaD09354LYJn/kK6FN6sh2NWSLwuALvxeHtps1vHZc2I6
bwToyp5t7Jk5ilOh7uHfIE3iyjBXFHrxOMUrzxHP7pS9YWiZKqCafmOugwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC+ys9b3wY1lojMcSUaVgsoRlD0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSUw3S3oxdmZCaldXaU14eEpScFdDeWhHVVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzrSMA0G
CSqGSIb3DQEBCwUAA4IBAQATd5ofrxBqU+SvKdJXaxXtwMvXW7A4sHqhicAX7Px5
tWEQkyWfL42eaToHm3s39ZOKDjCBTH+DaemDu7PlhVKUnXueFadvBrLzVGEj2wGH
1SZ18wDn7II8RB6m4qfJ63y3K95dzPkQljwulDqhlCq0Mg6V9iB0Mf2WY2+mfb52
3T9XKDea0LWj3WD0teg24DjQcRkpZ3qM0gi7pj2tDbmD/2DfokBqbRam24hGeP4p
dARiFLDbq6os8y149/OoY6Nnq1fcWr8hdfjDocOJzsCDR7Eem77b/te8YxBU7jcn
A0Kr28OmyPA0wjrKaz18ngxO3FsfZUatdI9IHkZqgi5x
-----END CERTIFICATE-----