This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iflwjlb2G8aMtYlULD4TSrCzTwA.roa
File:                     iflwjlb2G8aMtYlULD4TSrCzTwA.roa (raw, json)
Hash identifier:          kBFnP53Shj1EbKAmuRd9wNaK/TH0twZOMj9f+DetWtc=
Subject key identifier:   89:F9:70:8E:56:F6:1B:C6:8C:B5:89:54:2C:3E:13:4A:B0:B3:4F:00
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F84CD1CD60898500C01D052629C5717
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iflwjlb2G8aMtYlULD4TSrCzTwA.roa
Signing time:             Fri 02 Jan 2026 16:22:48 +0000
ROA not before:           Fri 02 Jan 2026 16:22:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215348
IP address blocks:        31.57.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:cd:1c:d6:08:98:50:0c:01:d0:52:62:9c:57:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89f9708e56f61bc68cb589542c3e134ab0b34f00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:01:d7:03:f7:76:2a:7f:83:d6:d2:8a:3a:76:
                    78:21:5e:f2:90:66:12:24:bf:ab:11:01:23:06:22:
                    07:05:25:62:82:28:1c:d0:58:0c:10:32:c3:25:34:
                    37:50:92:3d:ec:db:28:f0:d3:ed:ff:ef:b4:a5:67:
                    f9:5b:1b:29:af:53:ae:ac:33:ac:1d:d9:ee:a4:30:
                    f0:6a:df:50:98:22:f8:40:6c:65:25:ec:c4:36:30:
                    5b:7d:03:45:ba:a4:2a:39:6f:9f:33:22:3f:d9:d9:
                    e5:e1:f4:c7:8a:6d:6d:21:45:0a:e2:05:a5:3e:97:
                    12:f6:74:90:79:ea:2b:7a:90:b9:37:7e:5e:6c:9a:
                    98:cf:af:a4:7b:27:b0:fe:2d:1e:34:82:92:9e:38:
                    0f:13:01:d9:99:4c:ec:79:6a:e7:b1:be:c2:85:70:
                    50:9e:2e:c2:44:5d:b9:e7:28:af:ad:5e:8a:53:b1:
                    51:22:12:bd:46:7b:38:68:5d:0e:50:1b:d3:9d:12:
                    c3:5d:c6:59:c5:ed:eb:5c:5d:ae:8b:bb:0b:c1:02:
                    ca:bc:33:0f:31:5a:8c:21:db:60:c8:88:81:c7:9a:
                    8f:7d:38:2c:78:7b:6f:81:fb:3c:99:18:cb:03:e9:
                    49:a6:7f:a3:9e:6c:e2:ee:c9:12:68:90:43:e9:57:
                    1c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:F9:70:8E:56:F6:1B:C6:8C:B5:89:54:2C:3E:13:4A:B0:B3:4F:00
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iflwjlb2G8aMtYlULD4TSrCzTwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:2e:a5:d4:03:2f:7f:36:00:95:74:ec:4e:fd:58:1f:fc:37:
         cd:33:2c:be:bd:9e:bf:1f:1d:eb:f4:a7:4b:63:7d:38:9e:c8:
         ee:57:4a:33:e7:cc:f0:33:82:18:ad:99:c6:d6:5c:e6:75:6d:
         06:96:c6:f3:fa:d6:1e:5f:a2:c0:c2:46:10:a4:6c:61:fc:15:
         3d:6a:92:34:5c:4d:56:51:1d:a5:89:61:3e:55:53:56:18:f1:
         0e:c7:38:56:92:f7:88:c6:0b:fa:21:ed:5f:d9:81:81:db:ec:
         f1:e6:41:7c:b7:e2:a8:de:de:41:8c:93:6d:7e:87:c5:9d:ab:
         7a:98:7e:e5:a8:39:28:99:58:e4:91:00:ec:83:f8:51:31:0e:
         ed:b6:d2:01:5b:3c:73:96:4f:ac:a4:2b:be:23:d5:b4:39:26:
         b3:80:18:b0:56:c0:e8:7b:9b:d1:f1:fb:76:60:b0:68:fd:37:
         45:58:3b:5e:6c:c9:81:3f:71:23:e5:96:16:58:d7:35:c2:24:
         f4:7c:e1:e3:39:31:c3:97:76:2a:91:a1:71:2a:6f:50:48:0d:
         ea:ce:bd:ab:39:39:61:da:db:c3:af:0d:a5:8b:07:35:f9:e3:
         73:cd:ee:d2:dd:cf:67:f6:60:c9:91:5d:31:ca:f0:fc:26:73:
         d2:b5:be:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hM0c1giYUAwB0FJinFcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWY5NzA4ZTU2ZjYxYmM2OGNiNTg5NTQyYzNlMTM0YWIwYjM0ZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAHXA/d2Kn+D1tKKOnZ4IV7ykGYS
JL+rEQEjBiIHBSVigigc0FgMEDLDJTQ3UJI97Nso8NPt/++0pWf5Wxspr1OurDOs
HdnupDDwat9QmCL4QGxlJezENjBbfQNFuqQqOW+fMyI/2dnl4fTHim1tIUUK4gWl
PpcS9nSQeeorepC5N35ebJqYz6+keyew/i0eNIKSnjgPEwHZmUzseWrnsb7ChXBQ
ni7CRF255yivrV6KU7FRIhK9Rns4aF0OUBvTnRLDXcZZxe3rXF2ui7sLwQLKvDMP
MVqMIdtgyIiBx5qPfTgseHtvgfs8mRjLA+lJpn+jnmzi7skSaJBD6VccCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIn5cI5W9hvGjLWJVCw+E0qws08AMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaWZsd2psYjJHOGFNdFlsVUxENFRTckN6VHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznGMA0G
CSqGSIb3DQEBCwUAA4IBAQAKLqXUAy9/NgCVdOxO/Vgf/DfNMyy+vZ6/Hx3r9KdL
Y304nsjuV0oz58zwM4IYrZnG1lzmdW0Glsbz+tYeX6LAwkYQpGxh/BU9apI0XE1W
UR2liWE+VVNWGPEOxzhWkveIxgv6Ie1f2YGB2+zx5kF8t+Ko3t5BjJNtfofFnat6
mH7lqDkomVjkkQDsg/hRMQ7tttIBWzxzlk+spCu+I9W0OSazgBiwVsDoe5vR8ft2
YLBo/TdFWDtebMmBP3Ej5ZYWWNc1wiT0fOHjOTHDl3YqkaFxKm9QSA3qzr2rOTlh
2tvDrw2liwc1+eNzze7S3c9n9mDJkV0xyvD8JnPStb7N
-----END CERTIFICATE-----