This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IMnuXOgpexS34lVsWijq0a1CW7o.roa
File:                     IMnuXOgpexS34lVsWijq0a1CW7o.roa (raw, json)
Hash identifier:          xNwGoJWsE81Pc34RVH+9GH5ZODmuTiESnjV6yBwlDCY=
Subject key identifier:   20:C9:EE:5C:E8:29:7B:14:B7:E2:55:6C:5A:28:EA:D1:AD:42:5B:BA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F847FD1779FB98FE6D3D0B4081AC5EB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IMnuXOgpexS34lVsWijq0a1CW7o.roa
Signing time:             Fri 02 Jan 2026 16:22:28 +0000
ROA not before:           Fri 02 Jan 2026 16:22:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137564
IP address blocks:        31.58.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:7f:d1:77:9f:b9:8f:e6:d3:d0:b4:08:1a:c5:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20c9ee5ce8297b14b7e2556c5a28ead1ad425bba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:32:a3:ff:b5:1b:61:fc:4f:4b:e8:e1:18:a9:
                    76:47:e9:16:ac:d3:88:a5:10:f7:16:36:01:86:52:
                    da:68:58:eb:5c:7e:d8:56:ad:d7:82:34:50:ba:f4:
                    76:b7:3a:cf:0a:91:a3:a3:0b:6b:46:42:05:97:ad:
                    86:b0:7b:bd:00:9c:22:ab:38:86:32:f7:df:54:fc:
                    2d:38:3e:bc:dc:a7:d5:44:cb:19:cb:16:44:43:d3:
                    24:f8:2a:73:41:46:e2:96:a5:6a:4c:2e:54:79:6c:
                    64:25:8a:8b:3f:df:98:8a:0c:f3:ab:88:a3:44:de:
                    8e:1d:39:ce:12:00:d8:95:8f:b3:da:4b:c6:8c:d0:
                    f4:0c:08:f4:3a:ab:b6:f4:e3:40:d3:ca:13:a0:2e:
                    69:97:9a:c7:c8:2a:42:d3:f5:71:4a:df:45:98:ee:
                    70:9a:93:e7:40:19:d8:8f:58:a6:c2:b5:c7:ea:9a:
                    b9:e5:29:3a:39:3c:7c:7b:8a:0c:d5:6a:b7:ed:28:
                    05:87:9f:48:1b:1f:25:a4:ff:b9:61:59:9c:90:37:
                    69:ea:36:89:29:44:7f:16:49:00:20:8c:72:cc:43:
                    26:06:11:44:b8:49:35:2d:ac:b2:72:df:b3:6b:56:
                    80:59:6d:bc:e9:23:43:e8:19:0c:26:cd:0f:3c:4a:
                    b8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C9:EE:5C:E8:29:7B:14:B7:E2:55:6C:5A:28:EA:D1:AD:42:5B:BA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IMnuXOgpexS34lVsWijq0a1CW7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e2:ee:dd:84:7a:19:19:08:70:98:d0:94:fc:58:3d:89:78:
         d2:83:59:29:6f:03:d6:91:9d:85:b0:b7:24:d7:e7:2b:c6:6a:
         fa:b1:20:89:37:c7:96:b6:01:c4:9a:2f:e8:4d:2f:aa:75:7e:
         bb:c8:b6:60:68:ae:f1:cf:59:ec:24:5a:5a:c8:82:0f:06:46:
         bf:0a:4f:3e:5d:a3:4a:d0:5f:1b:cd:9b:de:17:e2:a2:b4:91:
         4c:45:75:fa:02:e3:ff:b7:91:7a:18:4b:78:9a:87:5f:c1:0c:
         8f:34:0d:6a:f3:b1:25:2c:21:b7:36:da:2e:6e:0d:bd:d6:2c:
         dc:1d:c8:84:8f:15:00:38:f0:08:79:5c:60:c0:74:3d:db:3b:
         a3:b1:7e:f9:9a:7d:19:b8:f5:c5:b4:a1:ee:be:a7:4e:b9:ff:
         08:6e:40:d5:dc:3c:9c:39:bd:d4:33:e3:90:99:4d:4e:40:cd:
         38:4f:1b:e0:82:58:a1:5e:92:44:01:48:36:ed:2f:41:2f:62:
         f3:5b:bd:01:09:7f:f2:0c:df:05:c4:0e:a8:1b:49:28:89:ef:
         30:20:bd:39:09:10:51:2a:d8:fc:6c:89:c4:a0:8d:a9:d6:2f:
         54:ac:14:a5:d9:16:80:01:5a:54:7d:fe:79:03:d7:e9:b4:69:
         31:08:33:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hH/Rd5+5j+bT0LQIGsXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGM5ZWU1Y2U4Mjk3YjE0YjdlMjU1NmM1YTI4ZWFkMWFkNDI1YmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DKj/7UbYfxPS+jhGKl2R+kWrNOI
pRD3FjYBhlLaaFjrXH7YVq3XgjRQuvR2tzrPCpGjowtrRkIFl62GsHu9AJwiqziG
MvffVPwtOD683KfVRMsZyxZEQ9Mk+CpzQUbilqVqTC5UeWxkJYqLP9+Yigzzq4ij
RN6OHTnOEgDYlY+z2kvGjND0DAj0Oqu29ONA08oToC5pl5rHyCpC0/VxSt9FmO5w
mpPnQBnYj1imwrXH6pq55Sk6OTx8e4oM1Wq37SgFh59IGx8lpP+5YVmckDdp6jaJ
KUR/FkkAIIxyzEMmBhFEuEk1Layyct+za1aAWW286SND6BkMJs0PPEq40wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDJ7lzoKXsUt+JVbFoo6tGtQlu6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSU1udVhPZ3BleFMzNGxWc1dpanEwYTFDVzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzpCMA0G
CSqGSIb3DQEBCwUAA4IBAQAE4u7dhHoZGQhwmNCU/Fg9iXjSg1kpbwPWkZ2FsLck
1+crxmr6sSCJN8eWtgHEmi/oTS+qdX67yLZgaK7xz1nsJFpayIIPBka/Ck8+XaNK
0F8bzZveF+KitJFMRXX6AuP/t5F6GEt4modfwQyPNA1q87ElLCG3Ntoubg291izc
HciEjxUAOPAIeVxgwHQ92zujsX75mn0ZuPXFtKHuvqdOuf8IbkDV3DycOb3UM+OQ
mU1OQM04TxvgglihXpJEAUg27S9BL2LzW70BCX/yDN8FxA6oG0koie8wIL05CRBR
Ktj8bInEoI2p1i9UrBSl2RaAAVpUff55A9fptGkxCDMV
-----END CERTIFICATE-----