This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ckbi5QNjc3lEx4QQ8l0yLexST_0.roa
File:                     ckbi5QNjc3lEx4QQ8l0yLexST_0.roa (raw, json)
Hash identifier:          6ClsSkwhm4WxfWd6v4jw+vptXm1EeYABYMlGO3qJyIM=
Subject key identifier:   72:46:E2:E5:03:63:73:79:44:C7:84:10:F2:5D:32:2D:EC:52:4F:FD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F849AA0469624C9B582B72C4440EEFD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ckbi5QNjc3lEx4QQ8l0yLexST_0.roa
Signing time:             Fri 02 Jan 2026 16:22:35 +0000
ROA not before:           Fri 02 Jan 2026 16:22:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205896
IP address blocks:        31.57.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:9a:a0:46:96:24:c9:b5:82:b7:2c:44:40:ee:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7246e2e50363737944c78410f25d322dec524ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b6:ff:d6:a2:9e:70:4e:51:b8:cf:56:dd:33:
                    20:86:20:f2:94:ff:86:05:4f:6a:2b:4a:b1:6b:51:
                    7a:e0:20:8b:eb:d5:af:da:8d:3e:96:b6:ef:7f:53:
                    4e:d6:25:14:6b:36:86:89:30:86:37:b8:6d:9d:d9:
                    fb:ad:24:5f:01:e9:c7:89:e3:1d:9c:08:65:af:5b:
                    90:a0:89:5c:31:c6:c1:63:84:0a:b2:b9:2b:82:3d:
                    ff:3b:8d:ad:15:a4:43:98:19:04:7a:f3:84:23:c8:
                    2f:95:29:ff:0d:8a:a7:b4:b1:52:9e:8b:06:e2:77:
                    d8:96:21:17:c4:4c:29:2b:45:c7:5a:64:6f:24:86:
                    6e:6d:f8:f2:bb:55:1b:05:5d:9a:c2:7d:5e:a2:d4:
                    46:a2:5e:85:41:b0:71:bb:1a:37:81:46:44:bc:b9:
                    e7:9f:57:83:16:c1:69:ba:8f:5a:ab:ce:33:16:0d:
                    97:6a:5b:42:8a:7b:8b:b3:1c:5b:8c:88:2e:42:ae:
                    b2:bc:9c:31:a5:ef:a5:9a:32:29:da:be:cc:10:da:
                    c1:c8:41:03:6d:33:9c:47:1c:a6:46:90:9b:ad:e0:
                    69:75:c8:79:9f:03:1e:e5:b9:81:a6:27:18:a4:0d:
                    fd:4a:69:1c:6f:85:e3:e6:e5:ef:85:21:45:58:99:
                    0b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:46:E2:E5:03:63:73:79:44:C7:84:10:F2:5D:32:2D:EC:52:4F:FD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ckbi5QNjc3lEx4QQ8l0yLexST_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:71:38:d5:a3:b3:fa:7d:84:99:b3:0b:55:ba:d2:6d:4a:d6:
         c0:08:b3:62:69:ae:68:ad:93:11:47:a9:22:69:b1:fb:83:1c:
         72:7a:e0:c4:2f:05:83:2b:dd:4a:34:21:86:ff:5b:c7:f9:ce:
         94:80:02:f6:2f:83:bb:1a:29:ba:53:3d:33:8d:7d:07:26:66:
         f4:62:2f:87:24:17:9f:fe:f7:25:76:a6:be:79:cf:e8:71:16:
         91:d3:94:9f:b2:78:96:93:c7:38:4c:d6:84:e4:3f:16:b9:c9:
         e7:ef:16:b7:89:ab:4b:bd:cc:d2:3c:c8:27:a6:fb:d9:01:8e:
         50:00:92:da:92:ed:65:72:ae:cf:00:97:05:0d:9d:2d:4c:07:
         e2:c3:c6:2c:05:c8:5e:85:e8:28:e4:4e:cd:e2:1a:e9:4a:63:
         98:18:35:ea:67:aa:c0:e1:c5:b5:28:e3:25:0a:2b:82:4b:f3:
         83:bd:42:d9:41:bf:36:9b:48:91:cf:be:05:09:5c:f6:0b:73:
         f8:14:95:39:f8:1b:53:00:8b:1c:ca:27:8f:a5:58:d0:5b:a7:
         be:19:5a:ce:b3:9b:cd:ac:9c:04:86:14:47:54:f9:de:99:f4:
         d5:51:35:36:05:55:7b:a4:9c:ae:52:f1:ba:54:42:89:25:68:
         25:13:f6:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hJqgRpYkybWCtyxEQO79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQ2ZTJlNTAzNjM3Mzc5NDRjNzg0MTBmMjVkMzIyZGVjNTI0ZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7b/1qKecE5RuM9W3TMghiDylP+G
BU9qK0qxa1F64CCL69Wv2o0+lrbvf1NO1iUUazaGiTCGN7htndn7rSRfAenHieMd
nAhlr1uQoIlcMcbBY4QKsrkrgj3/O42tFaRDmBkEevOEI8gvlSn/DYqntLFSnosG
4nfYliEXxEwpK0XHWmRvJIZubfjyu1UbBV2awn1eotRGol6FQbBxuxo3gUZEvLnn
n1eDFsFpuo9aq84zFg2XaltCinuLsxxbjIguQq6yvJwxpe+lmjIp2r7MENrByEED
bTOcRxymRpCbreBpdch5nwMe5bmBpicYpA39Smkcb4Xj5uXvhSFFWJkLhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJG4uUDY3N5RMeEEPJdMi3sUk/9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY2tiaTVRTmpjM2xFeDRRUThsMHlMZXhTVF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzneMA0G
CSqGSIb3DQEBCwUAA4IBAQCpcTjVo7P6fYSZswtVutJtStbACLNiaa5orZMRR6ki
abH7gxxyeuDELwWDK91KNCGG/1vH+c6UgAL2L4O7Gim6Uz0zjX0HJmb0Yi+HJBef
/vcldqa+ec/ocRaR05SfsniWk8c4TNaE5D8Wucnn7xa3iatLvczSPMgnpvvZAY5Q
AJLaku1lcq7PAJcFDZ0tTAfiw8YsBchehego5E7N4hrpSmOYGDXqZ6rA4cW1KOMl
CiuCS/ODvULZQb82m0iRz74FCVz2C3P4FJU5+BtTAIscyiePpVjQW6e+GVrOs5vN
rJwEhhRHVPnemfTVUTU2BVV7pJyuUvG6VEKJJWglE/Z4
-----END CERTIFICATE-----