This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QKeI3tK5NM1PU-FJHF8ZG2H8xKc.roa
File:                     QKeI3tK5NM1PU-FJHF8ZG2H8xKc.roa (raw, json)
Hash identifier:          OdSlZxbzGd2I+gKgIeee+p2rVLtljsXm2gAs1oQBUdU=
Subject key identifier:   40:A7:88:DE:D2:B9:34:CD:4F:53:E1:49:1C:5F:19:1B:61:FC:C4:A7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B04A649DC3C1CD0E773F725628A2D9AE5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QKeI3tK5NM1PU-FJHF8ZG2H8xKc.roa
Signing time:             Tue 09 Dec 2025 19:46:05 +0000
ROA not before:           Tue 09 Dec 2025 19:46:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268624
IP address blocks:        31.56.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:04:a6:49:dc:3c:1c:d0:e7:73:f7:25:62:8a:2d:9a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Dec  9 19:46:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40a788ded2b934cd4f53e1491c5f191b61fcc4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c3:84:85:7b:42:c8:0f:a8:da:6c:bd:c3:f1:
                    3b:66:35:ca:f7:ef:ee:5e:78:3d:41:cc:a7:8c:a4:
                    8f:b6:34:07:41:4a:76:d7:6d:86:9b:33:b5:72:af:
                    89:7e:a1:f6:33:c0:12:e9:81:c4:fa:a3:3a:0f:69:
                    c1:00:3a:0e:8e:5e:a0:47:fe:76:b0:b4:36:47:09:
                    05:c8:84:73:d3:e6:e9:ac:b4:43:88:e8:34:66:40:
                    82:2b:43:14:51:26:f3:84:9f:bb:49:9b:fb:c1:5f:
                    89:1a:c1:50:96:c5:d7:47:08:b4:39:64:37:cd:da:
                    43:06:45:fb:7f:b3:8d:4e:ca:33:4c:4a:b6:a7:2a:
                    f7:5f:4c:8e:8c:bb:2c:82:92:c2:67:4b:9e:2c:df:
                    8e:4f:33:e6:7e:d3:fb:83:52:57:28:c1:13:b7:7e:
                    48:dd:03:5f:a2:43:38:d0:02:5b:bf:a6:ff:39:ca:
                    35:9a:d0:f6:20:11:f8:84:fd:cc:da:db:1d:34:c4:
                    fc:f0:5d:27:0d:87:35:e8:a1:74:cc:47:a1:6a:c3:
                    8b:95:ec:77:aa:fa:ba:02:41:7c:0f:b1:e5:95:bc:
                    91:ae:91:62:5a:0e:42:ea:ce:26:b9:82:ed:34:8b:
                    d7:0b:46:ca:2c:39:3c:f2:ed:29:b4:98:bf:b2:8e:
                    d7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A7:88:DE:D2:B9:34:CD:4F:53:E1:49:1C:5F:19:1B:61:FC:C4:A7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/QKeI3tK5NM1PU-FJHF8ZG2H8xKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:eb:f4:5c:33:0f:00:f3:25:25:4a:ba:8e:bd:f5:fe:99:e7:
         67:08:1c:19:bc:de:17:91:d0:58:88:9d:92:f6:5f:f5:8d:f2:
         00:a4:08:9d:9e:b5:59:d1:0b:1f:a9:72:e7:df:11:4d:61:5d:
         e0:9c:99:b8:92:b8:81:a2:6f:79:26:35:26:48:8e:69:4a:b8:
         36:ad:c2:f2:d0:23:bb:0d:3b:91:ad:ce:15:cb:6d:6c:4c:bf:
         dd:7b:23:c4:dc:7c:05:e5:b0:e8:ab:b6:38:bf:fe:be:a4:78:
         a1:ab:e4:82:54:6a:0c:b3:59:48:de:e4:f0:84:cf:3d:78:14:
         b5:90:22:4a:d6:f0:cc:a1:b7:14:f6:2b:04:57:d4:db:f2:cd:
         e3:68:ab:41:1f:35:da:87:0f:f5:ff:11:7a:3e:70:ea:b3:9c:
         93:e0:76:49:0f:49:6a:1f:cf:52:63:e6:02:90:e1:34:7b:a6:
         95:c7:b4:81:b4:00:90:fe:8c:36:26:84:21:bd:3b:e6:9f:4a:
         c9:3e:19:f0:cd:21:1a:37:18:5f:bc:44:ec:55:9a:12:67:e9:
         55:c2:b1:96:40:46:5a:49:06:18:4b:55:01:5d:f9:72:a8:63:
         7b:b9:89:bb:52:69:7b:e5:45:9d:d4:ac:75:f7:05:5c:9c:c7:
         ea:b5:29:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsEpkncPBzQ53P3JWKKLZrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMjA5MTk0NjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE3ODhkZWQyYjkzNGNkNGY1M2UxNDkxYzVmMTkxYjYxZmNjNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMOEhXtCyA+o2my9w/E7ZjXK9+/u
Xng9QcynjKSPtjQHQUp2122GmzO1cq+JfqH2M8AS6YHE+qM6D2nBADoOjl6gR/52
sLQ2RwkFyIRz0+bprLRDiOg0ZkCCK0MUUSbzhJ+7SZv7wV+JGsFQlsXXRwi0OWQ3
zdpDBkX7f7ONTsozTEq2pyr3X0yOjLssgpLCZ0ueLN+OTzPmftP7g1JXKMETt35I
3QNfokM40AJbv6b/Oco1mtD2IBH4hP3M2tsdNMT88F0nDYc16KF0zEehasOLlex3
qvq6AkF8D7HllbyRrpFiWg5C6s4muYLtNIvXC0bKLDk88u0ptJi/so7X9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECniN7SuTTNT1PhSRxfGRth/MSnMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUUtlSTN0SzVOTTFQVS1GSkhGOFpHMkg4eEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgsMA0G
CSqGSIb3DQEBCwUAA4IBAQCP6/RcMw8A8yUlSrqOvfX+mednCBwZvN4XkdBYiJ2S
9l/1jfIApAidnrVZ0QsfqXLn3xFNYV3gnJm4kriBom95JjUmSI5pSrg2rcLy0CO7
DTuRrc4Vy21sTL/deyPE3HwF5bDoq7Y4v/6+pHihq+SCVGoMs1lI3uTwhM89eBS1
kCJK1vDMobcU9isEV9Tb8s3jaKtBHzXahw/1/xF6PnDqs5yT4HZJD0lqH89SY+YC
kOE0e6aVx7SBtACQ/ow2JoQhvTvmn0rJPhnwzSEaNxhfvETsVZoSZ+lVwrGWQEZa
SQYYS1UBXflyqGN7uYm7Uml75UWd1Kx19wVcnMfqtSkN
-----END CERTIFICATE-----