This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/umSnGBUOR0JA22zX8L3dTRpTTuA.roa
File:                     umSnGBUOR0JA22zX8L3dTRpTTuA.roa (raw, json)
Hash identifier:          SXeZF5tJ2qgUCaCRxTzSv1t4Z3vX0koFqrp3bTLNEzo=
Subject key identifier:   BA:64:A7:18:15:0E:47:42:40:DB:6C:D7:F0:BD:DD:4D:1A:53:4E:E0
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F846FAEDF5324C2541D86210BC062B2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/umSnGBUOR0JA22zX8L3dTRpTTuA.roa
Signing time:             Fri 02 Jan 2026 16:22:24 +0000
ROA not before:           Fri 02 Jan 2026 16:22:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58212
IP address blocks:        31.58.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:6f:ae:df:53:24:c2:54:1d:86:21:0b:c0:62:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba64a718150e474240db6cd7f0bddd4d1a534ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e8:18:e3:88:3d:5f:9b:a2:90:f6:ce:bf:00:
                    46:ae:f0:84:38:d8:b3:67:fe:99:97:da:aa:a6:c2:
                    b0:b1:a4:bc:3f:86:96:12:3b:40:6a:b6:c2:b5:51:
                    74:86:ff:8f:89:18:41:18:21:e4:07:5a:a1:41:dc:
                    46:a2:a4:b7:d9:4d:04:ee:6a:4d:58:9a:7f:2f:d6:
                    8d:eb:3e:be:4b:48:70:8c:76:7d:90:f5:b8:8b:4f:
                    95:c7:c5:d5:71:40:27:fa:39:b6:f7:93:e6:7a:d5:
                    f9:ed:1a:28:11:7a:e2:3e:8a:c8:3c:7d:59:de:75:
                    94:61:71:66:92:34:2a:70:18:86:a9:c5:9d:cc:a4:
                    a3:13:09:da:1e:39:f2:2c:e6:b2:58:96:3b:c9:a1:
                    c8:b7:28:d5:2d:24:62:70:de:41:b8:25:72:7c:6e:
                    7a:4a:c0:9c:e8:fc:07:86:68:d8:f2:d7:60:f3:e5:
                    bb:85:97:73:3c:3e:c6:7f:ad:85:f2:78:51:4d:5f:
                    ad:b2:ef:12:35:7f:a8:2e:4b:6d:c6:31:0a:47:dc:
                    2d:b6:a6:51:49:cc:dc:f6:39:74:a4:43:b0:f4:82:
                    28:17:e8:1e:cc:79:66:06:6c:e7:9c:b2:82:0b:f1:
                    60:1a:1e:b8:bc:81:a7:95:0c:8c:a4:0e:78:26:07:
                    c8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:64:A7:18:15:0E:47:42:40:DB:6C:D7:F0:BD:DD:4D:1A:53:4E:E0
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/umSnGBUOR0JA22zX8L3dTRpTTuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:95:fb:b0:f6:f5:b3:1f:f3:a4:a9:fb:f6:2b:97:a5:eb:37:
         40:a9:04:dc:8d:19:21:26:59:ab:4f:48:e7:3b:31:d8:51:c9:
         39:d0:43:bf:40:e2:71:26:73:96:29:0e:b4:d0:d9:f6:fc:d6:
         50:bd:71:ff:e3:ce:ec:6d:dc:5c:ee:fe:1f:f9:b8:21:28:d3:
         00:70:86:8d:d3:b5:e8:cf:6a:73:f6:ce:f0:06:e6:67:8b:59:
         31:3b:ab:7e:ec:7a:45:e8:5d:03:7f:34:18:a6:2c:3b:7d:71:
         73:6c:22:54:8e:c7:5d:e6:08:9c:6b:2a:95:f7:d5:b5:68:95:
         14:c2:ab:5b:da:29:b4:0d:f9:09:b7:68:92:97:48:97:0e:81:
         22:b1:cc:65:b0:56:26:f6:21:05:74:9a:29:a7:65:ad:cc:80:
         34:cf:65:5c:ff:56:dc:3b:65:68:9c:de:22:f0:ac:bc:5b:71:
         90:c3:bf:82:74:53:49:8c:08:a9:69:ee:4e:49:04:aa:c8:38:
         96:1f:b7:ec:5a:cd:08:3f:bf:93:6b:37:23:ff:a8:f0:78:91:
         79:bf:b4:77:a0:b6:21:4b:57:60:ed:c1:f1:75:2b:22:c3:ed:
         89:cf:31:8b:ac:ce:cb:cd:dc:a3:a5:b8:e1:a4:10:f5:20:dc:
         9d:11:31:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hG+u31MkwlQdhiELwGKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTY0YTcxODE1MGU0NzQyNDBkYjZjZDdmMGJkZGQ0ZDFhNTM0ZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwegY44g9X5uikPbOvwBGrvCEONiz
Z/6Zl9qqpsKwsaS8P4aWEjtAarbCtVF0hv+PiRhBGCHkB1qhQdxGoqS32U0E7mpN
WJp/L9aN6z6+S0hwjHZ9kPW4i0+Vx8XVcUAn+jm295PmetX57RooEXriPorIPH1Z
3nWUYXFmkjQqcBiGqcWdzKSjEwnaHjnyLOayWJY7yaHItyjVLSRicN5BuCVyfG56
SsCc6PwHhmjY8tdg8+W7hZdzPD7Gf62F8nhRTV+tsu8SNX+oLkttxjEKR9wttqZR
Sczc9jl0pEOw9IIoF+gezHlmBmznnLKCC/FgGh64vIGnlQyMpA54JgfI6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpkpxgVDkdCQNts1/C93U0aU07gMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdW1TbkdCVU9SMEpBMjJ6WDhMM2RUUnBUVHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqQMA0G
CSqGSIb3DQEBCwUAA4IBAQA7lfuw9vWzH/Okqfv2K5el6zdAqQTcjRkhJlmrT0jn
OzHYUck50EO/QOJxJnOWKQ600Nn2/NZQvXH/487sbdxc7v4f+bghKNMAcIaN07Xo
z2pz9s7wBuZni1kxO6t+7HpF6F0DfzQYpiw7fXFzbCJUjsdd5gicayqV99W1aJUU
wqtb2im0DfkJt2iSl0iXDoEiscxlsFYm9iEFdJopp2WtzIA0z2Vc/1bcO2VonN4i
8Ky8W3GQw7+CdFNJjAipae5OSQSqyDiWH7fsWs0IP7+Tazcj/6jweJF5v7R3oLYh
S1dg7cHxdSsiw+2JzzGLrM7LzdyjpbjhpBD1INydETHa
-----END CERTIFICATE-----