This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/okVfKJ_Lj9TFVNO_23wDiYUc6B0.roa
File:                     okVfKJ_Lj9TFVNO_23wDiYUc6B0.roa (raw, json)
Hash identifier:          0PJgj8RH8i+zgplOBCB7JCyeCy2GCUDArBSx/hFEvYw=
Subject key identifier:   A2:45:5F:28:9F:CB:8F:D4:C5:54:D3:BF:DB:7C:03:89:85:1C:E8:1D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F846D0E58D3E8264A073ADFDEEDBF6D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/okVfKJ_Lj9TFVNO_23wDiYUc6B0.roa
Signing time:             Fri 02 Jan 2026 16:22:23 +0000
ROA not before:           Fri 02 Jan 2026 16:22:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53356
IP address blocks:        31.57.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:6d:0e:58:d3:e8:26:4a:07:3a:df:de:ed:bf:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2455f289fcb8fd4c554d3bfdb7c0389851ce81d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:3f:44:67:dc:93:fe:d5:ef:c4:d7:67:21:0c:
                    e7:ab:ec:c6:da:b0:d2:bc:89:21:58:d3:87:4c:4c:
                    c8:a8:4a:82:9a:f0:46:c2:10:97:b4:61:7a:bc:e2:
                    a3:14:3f:0d:9a:b5:60:11:57:68:03:b2:66:20:55:
                    5e:7a:f8:69:69:28:a3:e7:02:6b:c2:93:19:2a:5a:
                    9f:fb:26:6a:55:32:ad:44:68:56:20:0d:78:b1:90:
                    74:1e:64:31:d7:22:13:dc:94:46:8b:fb:54:a7:34:
                    bb:db:4a:8e:b6:15:2d:aa:1f:b0:b4:70:70:37:85:
                    6d:4c:53:1f:27:8c:ed:43:97:42:a1:da:11:2d:7b:
                    a7:25:37:df:87:7a:6f:23:8c:49:b6:c2:c2:55:af:
                    c7:d1:10:ab:30:50:73:37:bc:52:bb:0b:09:9a:56:
                    8d:6f:5d:3a:c8:35:1c:a1:fb:a9:99:74:26:a8:c7:
                    e2:0c:ed:19:f3:82:51:de:10:b1:1d:c7:92:ea:1f:
                    35:7b:2d:98:51:84:6d:0a:3c:49:c3:33:ba:61:63:
                    85:5f:8e:58:0c:ee:1e:b9:3e:88:70:6f:d9:fd:76:
                    d5:97:8d:49:83:b8:c6:82:03:c5:88:c2:ed:5d:41:
                    a2:14:6a:7e:6b:ad:28:f6:5c:1b:8a:25:f2:e7:e2:
                    5a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:45:5F:28:9F:CB:8F:D4:C5:54:D3:BF:DB:7C:03:89:85:1C:E8:1D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/okVfKJ_Lj9TFVNO_23wDiYUc6B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:6d:8b:d3:71:fa:26:b4:1f:f6:1c:e3:5f:de:c3:0e:e0:f5:
         ac:0c:e9:e2:be:2e:cc:8b:27:7a:19:29:ab:2c:0b:8c:04:64:
         38:8d:2c:46:d1:f1:d9:bc:f0:a0:62:e5:fd:a2:cc:f3:c2:31:
         9c:39:2c:d7:df:87:3b:f4:29:66:e1:b7:37:16:09:58:2d:ca:
         90:9a:0c:ea:e8:e1:45:37:51:cd:28:6e:a1:2a:35:dd:6d:48:
         dd:c4:64:6d:3f:f9:01:bd:63:0f:40:61:91:de:b5:5f:b3:d8:
         40:9a:0c:d0:78:bc:15:45:b3:e3:29:ba:03:9a:6c:89:0f:5a:
         0d:34:9d:fd:84:13:81:46:5d:59:ba:0c:57:d4:59:74:ae:b2:
         94:b8:ce:09:fb:f7:5f:8d:2c:4d:dd:e0:33:a5:08:86:c5:22:
         09:9d:2e:20:32:b8:69:4a:2e:66:7b:eb:64:c1:07:c6:b8:4f:
         c4:04:46:65:60:98:2e:ad:7e:67:f2:5d:d4:0e:af:c4:3f:70:
         db:09:34:fa:58:22:33:19:08:7a:9f:c0:85:cd:8b:7c:44:f6:
         d1:f1:a5:e7:e0:02:56:b0:d1:92:08:d5:60:44:e3:dd:03:2e:
         46:5b:85:46:ee:5b:e6:40:4d:07:85:67:b6:55:41:a4:33:a3:
         43:3c:36:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hG0OWNPoJkoHOt/e7b9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQ1NWYyODlmY2I4ZmQ0YzU1NGQzYmZkYjdjMDM4OTg1MWNlODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+D9EZ9yT/tXvxNdnIQznq+zG2rDS
vIkhWNOHTEzIqEqCmvBGwhCXtGF6vOKjFD8NmrVgEVdoA7JmIFVeevhpaSij5wJr
wpMZKlqf+yZqVTKtRGhWIA14sZB0HmQx1yIT3JRGi/tUpzS720qOthUtqh+wtHBw
N4VtTFMfJ4ztQ5dCodoRLXunJTffh3pvI4xJtsLCVa/H0RCrMFBzN7xSuwsJmlaN
b106yDUcofupmXQmqMfiDO0Z84JR3hCxHceS6h81ey2YUYRtCjxJwzO6YWOFX45Y
DO4euT6IcG/Z/XbVl41Jg7jGggPFiMLtXUGiFGp+a60o9lwbiiXy5+JaYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJFXyify4/UxVTTv9t8A4mFHOgdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb2tWZktKX0xqOVRGVk5PXzIzd0RpWVVjNkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzknMA0G
CSqGSIb3DQEBCwUAA4IBAQCZbYvTcfomtB/2HONf3sMO4PWsDOnivi7Miyd6GSmr
LAuMBGQ4jSxG0fHZvPCgYuX9oszzwjGcOSzX34c79Clm4bc3FglYLcqQmgzq6OFF
N1HNKG6hKjXdbUjdxGRtP/kBvWMPQGGR3rVfs9hAmgzQeLwVRbPjKboDmmyJD1oN
NJ39hBOBRl1ZugxX1Fl0rrKUuM4J+/dfjSxN3eAzpQiGxSIJnS4gMrhpSi5me+tk
wQfGuE/EBEZlYJgurX5n8l3UDq/EP3DbCTT6WCIzGQh6n8CFzYt8RPbR8aXn4AJW
sNGSCNVgROPdAy5GW4VG7lvmQE0HhWe2VUGkM6NDPDZk
-----END CERTIFICATE-----