This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U4-FUDVfQ9gP0q9ic7LJERaeeHk.roa
File:                     U4-FUDVfQ9gP0q9ic7LJERaeeHk.roa (raw, json)
Hash identifier:          nphM7wfX1QEYWFGNQCCaBibpSQkZezBoyVhtdGYpcx8=
Subject key identifier:   53:8F:85:50:35:5F:43:D8:0F:D2:AF:62:73:B2:C9:11:16:9E:78:79
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F8448E5A7DDB51F70ADB07F6857B9C8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U4-FUDVfQ9gP0q9ic7LJERaeeHk.roa
Signing time:             Fri 02 Jan 2026 16:22:14 +0000
ROA not before:           Fri 02 Jan 2026 16:22:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     984
IP address blocks:        31.57.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:48:e5:a7:dd:b5:1f:70:ad:b0:7f:68:57:b9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=538f8550355f43d80fd2af6273b2c911169e7879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:28:d5:6e:53:e2:a7:62:26:80:7d:ba:79:b9:
                    2e:a9:4c:d2:dd:fe:30:1d:97:2f:57:b6:18:6e:cc:
                    a0:cb:ef:c0:21:38:0b:3d:a8:90:a7:6d:fa:0c:d2:
                    e4:76:1c:7e:45:12:54:76:f1:72:ec:36:0b:1a:60:
                    4a:62:47:aa:7e:cb:23:85:ee:c2:e2:97:98:2b:2a:
                    6d:63:1d:9e:21:4f:51:d8:ec:fd:34:dd:de:46:0d:
                    14:e1:41:55:9c:07:be:d3:b4:df:34:3d:3e:26:8d:
                    b5:16:22:e8:31:cb:c5:2a:fd:ce:f4:6a:a1:e7:26:
                    08:e7:7b:26:cd:e7:25:7d:7b:7c:f2:59:7b:00:6b:
                    43:ca:8d:ea:5c:6b:98:9b:fd:a2:18:d9:30:e4:28:
                    c3:ed:34:32:a1:d3:e5:87:8a:2a:fb:71:a7:a3:2c:
                    6a:b2:de:04:71:85:09:fd:b6:f1:bb:d4:d5:a2:cb:
                    66:6c:61:19:d4:87:59:28:b3:51:62:e2:08:42:45:
                    d6:88:df:ff:aa:0f:f1:2a:ee:9d:e1:c4:79:eb:9e:
                    fd:cc:cf:e4:77:18:4c:68:d7:2a:f1:0d:45:bf:9f:
                    6d:3b:3e:d8:0b:9b:fa:3c:13:33:d6:02:7e:7d:0e:
                    a0:ab:16:b9:ba:5b:a7:76:69:73:d6:3e:95:f6:21:
                    56:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:8F:85:50:35:5F:43:D8:0F:D2:AF:62:73:B2:C9:11:16:9E:78:79
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/U4-FUDVfQ9gP0q9ic7LJERaeeHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:5d:2e:33:a6:7b:e6:78:bf:09:5e:bf:bf:9a:0b:14:97:47:
         75:1e:25:76:4c:34:59:7b:27:81:0e:19:cb:41:78:8e:ae:f8:
         e1:8c:74:bf:85:27:95:5d:4a:11:2c:ed:cc:43:30:80:97:ff:
         a3:1b:03:2f:16:e7:a6:39:5b:d7:e1:0c:00:f7:37:d6:9f:73:
         e1:9c:ea:88:d7:4d:79:04:24:fd:1d:0e:18:d8:e7:f0:2b:32:
         26:be:cb:5b:dd:34:55:26:fe:43:da:a1:d8:3a:3a:84:45:16:
         f0:da:c7:f9:c8:7e:32:68:44:a0:d2:66:2c:80:88:cc:44:bc:
         d4:7c:cb:01:ca:7a:cc:85:ac:e0:ec:b1:e9:a3:8f:06:ff:9a:
         e8:56:2d:1a:19:f3:30:2c:9d:ac:66:0f:7f:0d:ce:d8:7f:c7:
         10:8a:37:1b:79:46:17:d8:c9:30:90:61:c0:7f:c9:f7:a8:62:
         61:bf:fd:e5:a2:b9:a1:2d:2c:5e:2b:3d:a7:79:f2:ed:5a:00:
         2f:1a:45:29:99:31:de:7d:77:61:a1:c8:86:79:19:15:67:80:
         6d:8b:39:21:90:bf:d4:a5:82:ca:24:b5:61:f3:81:31:7b:cb:
         97:ca:3f:7f:f0:7f:01:ed:7e:fb:55:a2:6a:50:0a:e6:ca:1b:
         0b:8e:45:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hEjlp921H3CtsH9oV7nIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzhmODU1MDM1NWY0M2Q4MGZkMmFmNjI3M2IyYzkxMTE2OWU3ODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7SjVblPip2ImgH26ebkuqUzS3f4w
HZcvV7YYbsygy+/AITgLPaiQp236DNLkdhx+RRJUdvFy7DYLGmBKYkeqfssjhe7C
4peYKyptYx2eIU9R2Oz9NN3eRg0U4UFVnAe+07TfND0+Jo21FiLoMcvFKv3O9Gqh
5yYI53smzeclfXt88ll7AGtDyo3qXGuYm/2iGNkw5CjD7TQyodPlh4oq+3Gnoyxq
st4EcYUJ/bbxu9TVostmbGEZ1IdZKLNRYuIIQkXWiN//qg/xKu6d4cR56579zM/k
dxhMaNcq8Q1Fv59tOz7YC5v6PBMz1gJ+fQ6gqxa5ulundmlz1j6V9iFWTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOPhVA1X0PYD9KvYnOyyREWnnh5MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVTQtRlVEVmZROWdQMHE5aWM3TEpFUmFlZUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmYMA0G
CSqGSIb3DQEBCwUAA4IBAQAFXS4zpnvmeL8JXr+/mgsUl0d1HiV2TDRZeyeBDhnL
QXiOrvjhjHS/hSeVXUoRLO3MQzCAl/+jGwMvFuemOVvX4QwA9zfWn3PhnOqI1015
BCT9HQ4Y2OfwKzImvstb3TRVJv5D2qHYOjqERRbw2sf5yH4yaESg0mYsgIjMRLzU
fMsBynrMhazg7LHpo48G/5roVi0aGfMwLJ2sZg9/Dc7Yf8cQijcbeUYX2MkwkGHA
f8n3qGJhv/3lormhLSxeKz2nefLtWgAvGkUpmTHefXdhociGeRkVZ4BtizkhkL/U
pYLKJLVh84Exe8uXyj9/8H8B7X77VaJqUArmyhsLjkXu
-----END CERTIFICATE-----