This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pAMTKqCBMCExhHPjMeWh59Ywr0A.roa
File:                     pAMTKqCBMCExhHPjMeWh59Ywr0A.roa (raw, json)
Hash identifier:          ucuDIZDkGHnjd9lTgGt3TaZ3/1CGWmyReWhVyPPOSoQ=
Subject key identifier:   A4:03:13:2A:A0:81:30:21:31:84:73:E3:31:E5:A1:E7:D6:30:AF:40
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019BCB49A822CBEF4A2F02FB00F066F3D279
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pAMTKqCBMCExhHPjMeWh59Ywr0A.roa
Signing time:             Sat 17 Jan 2026 09:29:20 +0000
ROA not before:           Sat 17 Jan 2026 09:29:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        31.58.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 10:42:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:cb:49:a8:22:cb:ef:4a:2f:02:fb:00:f0:66:f3:d2:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 17 09:29:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a403132aa0813021318473e331e5a1e7d630af40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:75:f1:6c:59:8c:64:35:98:8d:f9:15:93:88:
                    53:27:79:55:5b:ea:d7:14:10:69:da:50:68:0c:93:
                    16:a5:ab:3e:d9:54:4f:23:04:dc:7a:97:15:32:e3:
                    b4:17:54:d9:33:b2:97:20:77:53:37:45:b6:fd:3f:
                    bc:71:b9:dd:e6:01:f0:60:4a:02:9f:2c:4a:ab:47:
                    31:93:9d:a9:1e:3a:dd:d3:a2:66:a0:c9:aa:c3:e1:
                    10:7c:49:a8:2b:d5:ba:96:fa:fd:a8:f7:9b:38:e9:
                    39:f3:23:7f:d8:c0:20:59:2d:09:02:60:2a:ed:af:
                    7d:8a:b5:93:01:57:b5:4f:b7:23:69:55:53:6e:a3:
                    37:bf:92:ee:6b:92:89:34:c4:45:b0:82:c1:0d:b7:
                    0c:8e:32:65:6c:76:9d:b1:0d:02:68:04:2d:4c:88:
                    1e:f0:a6:0a:94:9c:66:d6:c0:81:c2:98:e4:39:2f:
                    f2:9e:4a:e6:d1:1d:50:59:2c:72:25:b4:fa:72:a1:
                    79:e4:95:48:79:1f:02:38:fa:f7:9d:7c:fa:84:7d:
                    f1:d0:5f:d2:25:21:2f:f1:01:03:74:6b:45:e5:19:
                    dc:0e:f3:5b:4f:d7:17:7a:af:aa:26:16:25:a1:b4:
                    11:db:7a:9f:d4:91:6e:da:09:ea:51:71:f5:c8:78:
                    f2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:03:13:2A:A0:81:30:21:31:84:73:E3:31:E5:A1:E7:D6:30:AF:40
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pAMTKqCBMCExhHPjMeWh59Ywr0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:02:7d:ec:3c:00:54:88:4e:c2:df:63:00:3a:95:2d:a6:04:
         eb:82:02:88:fa:e6:ef:c8:43:a0:9e:aa:99:b9:4c:75:48:e7:
         52:32:ff:0f:c5:e8:6f:20:e4:48:86:7d:e7:ce:62:21:8f:53:
         6a:16:8d:39:d1:c0:cf:03:28:e9:86:6e:38:60:57:50:59:ee:
         d0:aa:f4:aa:7a:4e:49:ea:cf:43:5f:40:e7:9f:ab:73:c9:55:
         6b:e7:a3:0e:29:64:d4:7b:ef:5c:2c:be:5e:94:14:99:f6:fb:
         95:46:e5:f8:01:b3:e5:11:dc:66:c4:56:22:56:5b:25:6f:34:
         6c:52:53:18:e2:32:e8:4c:7e:8a:46:19:a2:c2:3d:2e:13:06:
         d8:9f:a3:73:0d:48:f9:23:d2:c2:6c:ee:e1:8d:62:36:d1:94:
         c7:53:6f:3c:e1:a0:02:7d:c4:89:9a:40:2d:23:77:b2:17:a3:
         c7:a3:58:4e:53:82:ed:ca:b7:1a:7c:29:07:be:69:9a:98:c1:
         a5:5e:bb:c1:99:32:7b:cf:5b:c0:e3:03:be:4e:ba:1e:ee:85:
         eb:64:07:19:92:d6:5a:ce:6a:c7:a4:8b:d7:84:da:bc:7b:ed:
         3a:18:3e:4c:cd:ea:4e:eb:38:0a:72:32:66:4f:e6:2b:41:6a:
         2d:a6:16:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvLSagiy+9KLwL7APBm89J5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTE3MDkyOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDAzMTMyYWEwODEzMDIxMzE4NDczZTMzMWU1YTFlN2Q2MzBhZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXXxbFmMZDWYjfkVk4hTJ3lVW+rX
FBBp2lBoDJMWpas+2VRPIwTcepcVMuO0F1TZM7KXIHdTN0W2/T+8cbnd5gHwYEoC
nyxKq0cxk52pHjrd06JmoMmqw+EQfEmoK9W6lvr9qPebOOk58yN/2MAgWS0JAmAq
7a99irWTAVe1T7cjaVVTbqM3v5Lua5KJNMRFsILBDbcMjjJlbHadsQ0CaAQtTIge
8KYKlJxm1sCBwpjkOS/ynkrm0R1QWSxyJbT6cqF55JVIeR8COPr3nXz6hH3x0F/S
JSEv8QEDdGtF5RncDvNbT9cXeq+qJhYlobQR23qf1JFu2gnqUXH1yHjyAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQDEyqggTAhMYRz4zHloefWMK9AMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcEFNVEtxQ0JNQ0V4aEhQak1lV2g1OVl3cjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzopMA0G
CSqGSIb3DQEBCwUAA4IBAQA+An3sPABUiE7C32MAOpUtpgTrggKI+ubvyEOgnqqZ
uUx1SOdSMv8PxehvIORIhn3nzmIhj1NqFo050cDPAyjphm44YFdQWe7QqvSqek5J
6s9DX0Dnn6tzyVVr56MOKWTUe+9cLL5elBSZ9vuVRuX4AbPlEdxmxFYiVlslbzRs
UlMY4jLoTH6KRhmiwj0uEwbYn6NzDUj5I9LCbO7hjWI20ZTHU2884aACfcSJmkAt
I3eyF6PHo1hOU4LtyrcafCkHvmmamMGlXrvBmTJ7z1vA4wO+Troe7oXrZAcZktZa
zmrHpIvXhNq8e+06GD5MzepO6zgKcjJmT+YrQWotphbU
-----END CERTIFICATE-----