This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cQCYKK0UxEkQL_eXraXvtGULZis.roa
File:                     cQCYKK0UxEkQL_eXraXvtGULZis.roa (raw, json)
Hash identifier:          eSDJzhmDzXQ4v2XoawX9yyxZyLn4d75cvoIQJ1khGxs=
Subject key identifier:   71:00:98:28:AD:14:C4:49:10:2F:F7:97:AD:A5:EF:B4:65:0B:66:2B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F84E38352091549FBF93C89988F4650
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cQCYKK0UxEkQL_eXraXvtGULZis.roa
Signing time:             Fri 02 Jan 2026 16:22:53 +0000
ROA not before:           Fri 02 Jan 2026 16:22:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400810
IP address blocks:        31.56.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:e3:83:52:09:15:49:fb:f9:3c:89:98:8f:46:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71009828ad14c449102ff797ada5efb4650b662b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b2:6d:04:31:30:37:58:ab:c4:ab:61:d1:21:
                    93:73:ab:f2:c0:e3:18:54:81:27:c0:64:3e:1b:29:
                    dc:34:dc:90:4f:87:c4:69:ef:9b:19:67:62:e0:88:
                    c6:e8:f8:71:62:a9:ff:dc:94:24:8e:66:8b:f8:18:
                    c7:8d:12:97:b7:ff:c9:5f:2f:e4:eb:68:b4:84:c6:
                    b1:eb:ef:f0:f1:50:ef:ce:c1:2e:05:3d:79:99:2c:
                    41:82:cc:0b:6e:47:bc:8c:e8:43:40:1b:4b:30:19:
                    8b:2d:7a:13:ba:52:01:09:d2:e0:87:fc:0b:70:6f:
                    d6:87:d8:e8:4b:9d:e1:f4:ca:7f:0c:8c:43:24:96:
                    bf:61:f8:da:ed:aa:38:25:14:31:1a:d3:99:b0:ac:
                    81:0d:76:67:b0:90:77:42:e8:9a:57:04:55:db:88:
                    8f:79:5d:87:8a:c5:0a:66:8a:6a:e3:d0:09:3b:58:
                    cb:60:b0:e9:85:80:ce:b2:4a:d2:38:3e:d6:3c:9d:
                    a2:78:35:6b:ea:8a:63:de:18:38:b5:05:0e:14:e5:
                    ae:23:16:32:84:e9:61:67:5e:d2:ba:60:01:46:cb:
                    db:5e:09:5d:eb:82:0e:92:cc:63:80:6e:e8:d1:b6:
                    eb:4d:d2:21:9e:23:b0:67:0b:1c:5a:df:55:84:47:
                    bc:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:00:98:28:AD:14:C4:49:10:2F:F7:97:AD:A5:EF:B4:65:0B:66:2B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cQCYKK0UxEkQL_eXraXvtGULZis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:6f:09:94:ad:a3:39:ff:0a:4f:20:c2:fc:ca:ad:e7:55:4c:
         29:4b:40:8b:d1:bd:d4:17:26:76:ec:af:19:19:30:1a:ed:9f:
         71:cd:8e:ed:33:3a:6d:f6:8f:bf:07:c5:04:2f:59:79:ab:19:
         fb:74:f7:fc:e5:fb:35:b3:74:88:4e:bc:61:e5:92:2d:b2:a6:
         fd:2e:7e:4d:94:4f:c1:c7:94:dd:89:62:2e:0c:63:01:86:83:
         07:12:c8:60:54:03:df:70:53:92:53:0c:b4:69:a6:c6:24:87:
         18:c7:bb:47:57:29:ca:1d:b9:1e:2c:a1:3f:cf:76:c0:02:81:
         00:c6:8a:45:18:13:1b:06:eb:49:61:d1:fe:e5:79:b0:75:83:
         16:17:85:56:64:e3:16:77:43:fa:eb:ef:95:ce:e9:4f:04:50:
         78:0e:de:02:7c:9d:ca:66:66:60:eb:b4:63:ee:08:aa:c8:0e:
         c6:92:04:ae:96:ac:18:ef:fd:27:67:3b:20:d6:ee:d0:ac:2e:
         59:3e:e9:ea:e7:ec:41:2a:96:da:50:cb:71:14:c2:6b:8e:1f:
         57:03:6e:e2:a8:ff:5f:6a:5e:3b:dd:82:5c:95:58:5d:26:d9:
         7d:29:2f:bd:f0:30:51:a4:60:d3:6c:6d:d3:68:8e:18:12:0c:
         45:c7:4f:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hOODUgkVSfv5PImYj0ZQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTAwOTgyOGFkMTRjNDQ5MTAyZmY3OTdhZGE1ZWZiNDY1MGI2NjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rJtBDEwN1irxKth0SGTc6vywOMY
VIEnwGQ+GyncNNyQT4fEae+bGWdi4IjG6PhxYqn/3JQkjmaL+BjHjRKXt//JXy/k
62i0hMax6+/w8VDvzsEuBT15mSxBgswLbke8jOhDQBtLMBmLLXoTulIBCdLgh/wL
cG/Wh9joS53h9Mp/DIxDJJa/Yfja7ao4JRQxGtOZsKyBDXZnsJB3QuiaVwRV24iP
eV2HisUKZopq49AJO1jLYLDphYDOskrSOD7WPJ2ieDVr6opj3hg4tQUOFOWuIxYy
hOlhZ17SumABRsvbXgld64IOksxjgG7o0bbrTdIhniOwZwscWt9VhEe8xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEAmCitFMRJEC/3l62l77RlC2YrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY1FDWUtLMFV4RWtRTF9lWHJhWHZ0R1VMWmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzgUMA0G
CSqGSIb3DQEBCwUAA4IBAQC7bwmUraM5/wpPIML8yq3nVUwpS0CL0b3UFyZ27K8Z
GTAa7Z9xzY7tMzpt9o+/B8UEL1l5qxn7dPf85fs1s3SITrxh5ZItsqb9Ln5NlE/B
x5TdiWIuDGMBhoMHEshgVAPfcFOSUwy0aabGJIcYx7tHVynKHbkeLKE/z3bAAoEA
xopFGBMbButJYdH+5XmwdYMWF4VWZOMWd0P66++VzulPBFB4Dt4CfJ3KZmZg67Rj
7giqyA7GkgSulqwY7/0nZzsg1u7QrC5ZPunq5+xBKpbaUMtxFMJrjh9XA27iqP9f
al473YJclVhdJtl9KS+98DBRpGDTbG3TaI4YEgxFx092
-----END CERTIFICATE-----