This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xM03zL22HYcI8Y_SdJcoXK4KkG0.roa
File:                     xM03zL22HYcI8Y_SdJcoXK4KkG0.roa (raw, json)
Hash identifier:          x0tqqJAOfgWLa1iOgOaQdHizCFLJDFt047F2ce5YNT4=
Subject key identifier:   C4:CD:37:CC:BD:B6:1D:87:08:F1:8F:D2:74:97:28:5C:AE:0A:90:6D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019AA56F75E75B3D41FE0040838B68B62409
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xM03zL22HYcI8Y_SdJcoXK4KkG0.roa
Signing time:             Fri 21 Nov 2025 08:02:16 +0000
ROA not before:           Fri 21 Nov 2025 08:02:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        31.58.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Nov 2025 00:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:a5:6f:75:e7:5b:3d:41:fe:00:40:83:8b:68:b6:24:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 21 08:02:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4cd37ccbdb61d8708f18fd27497285cae0a906d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:72:e4:64:2e:47:6e:f1:13:57:46:c4:df:31:
                    29:07:d1:fb:47:64:6d:07:7d:ec:aa:6e:35:11:30:
                    be:16:f1:53:1b:76:d7:34:72:67:8c:00:48:23:f5:
                    66:ee:db:e5:b1:57:f7:8f:c0:a0:3a:cc:52:48:fd:
                    b0:20:b3:94:38:d8:5c:2e:86:8a:0d:2a:28:bd:65:
                    28:b9:41:cd:e8:5d:f1:60:2d:38:a5:21:59:89:d1:
                    8e:1e:c9:6d:3b:79:7b:ec:51:a6:60:cb:24:8f:7d:
                    1e:3b:58:00:d8:ff:7c:4b:ee:be:79:45:0a:23:20:
                    cc:f7:70:56:b3:c7:97:0a:8f:e0:1c:d4:fa:0e:a5:
                    be:c2:5d:a6:3e:a6:7c:93:4b:56:a9:39:10:cf:45:
                    5b:0d:47:b4:65:e9:11:30:4d:ab:fa:8f:4b:8a:e2:
                    36:5d:f5:9c:10:ae:a4:cc:aa:21:c5:1d:5e:01:19:
                    42:0c:9e:17:5a:7e:b2:33:55:b1:79:d6:21:d4:7a:
                    0d:ef:96:7c:1a:13:71:e0:83:d4:60:1c:62:81:bc:
                    da:e9:ae:e9:6f:60:e1:de:b4:2e:cd:4a:25:3e:b1:
                    98:24:cf:e1:42:fc:5c:ff:1e:31:4b:e9:a6:8f:53:
                    e0:74:74:56:4d:9c:84:21:31:40:23:b8:18:07:cf:
                    33:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CD:37:CC:BD:B6:1D:87:08:F1:8F:D2:74:97:28:5C:AE:0A:90:6D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xM03zL22HYcI8Y_SdJcoXK4KkG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:50:06:6f:92:b0:cb:8a:14:16:ad:6c:73:6b:de:b6:fa:c6:
         c3:ca:e6:a6:8a:4c:8d:fa:37:b2:79:08:1d:f4:cb:27:80:79:
         5f:37:c0:c8:02:02:5d:9d:9c:77:5e:12:28:ab:8f:06:75:d6:
         93:0f:74:fd:30:a8:55:39:98:4e:72:87:9b:97:11:27:73:8b:
         28:a2:f7:6a:2e:22:72:56:3c:20:81:aa:11:7f:25:31:6d:bc:
         cd:74:9e:78:6f:a4:e4:b6:45:cf:0e:81:06:fa:af:18:0b:d3:
         08:22:db:fc:4c:56:87:80:21:9e:8e:c2:2f:15:14:28:88:ef:
         4a:4d:9a:27:ff:bf:bf:2b:20:17:5c:61:26:66:08:8c:95:57:
         91:77:ed:f7:74:5e:ca:da:17:3b:5f:74:3a:54:5d:15:0d:47:
         db:c1:01:19:d6:64:9f:74:1e:0b:c5:a9:38:1d:d6:16:fe:e2:
         be:e8:75:3e:0f:10:99:4d:c4:5a:4f:91:8e:f0:bd:25:05:c7:
         19:bf:eb:66:0e:37:bc:40:d6:8a:cc:86:77:d1:a8:e6:bf:99:
         16:b9:ee:f0:e1:0e:83:b3:df:74:e1:65:1d:e8:a8:8b:d5:4f:
         b2:c1:08:99:c2:42:5a:ea:be:cf:ce:0a:c3:a7:79:98:3e:11:
         56:17:23:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqlb3XnWz1B/gBAg4totiQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTIxMDgwMjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGNkMzdjY2JkYjYxZDg3MDhmMThmZDI3NDk3Mjg1Y2FlMGE5MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3LkZC5HbvETV0bE3zEpB9H7R2Rt
B33sqm41ETC+FvFTG3bXNHJnjABII/Vm7tvlsVf3j8CgOsxSSP2wILOUONhcLoaK
DSoovWUouUHN6F3xYC04pSFZidGOHsltO3l77FGmYMskj30eO1gA2P98S+6+eUUK
IyDM93BWs8eXCo/gHNT6DqW+wl2mPqZ8k0tWqTkQz0VbDUe0ZekRME2r+o9LiuI2
XfWcEK6kzKohxR1eARlCDJ4XWn6yM1WxedYh1HoN75Z8GhNx4IPUYBxigbza6a7p
b2Dh3rQuzUolPrGYJM/hQvxc/x4xS+mmj1PgdHRWTZyEITFAI7gYB88zPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTNN8y9th2HCPGP0nSXKFyuCpBtMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveE0wM3pMMjJIWWNJOFlfU2RKY29YSzRLa0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqQMA0G
CSqGSIb3DQEBCwUAA4IBAQBLUAZvkrDLihQWrWxza962+sbDyuamikyN+jeyeQgd
9MsngHlfN8DIAgJdnZx3XhIoq48GddaTD3T9MKhVOZhOcoeblxEnc4soovdqLiJy
VjwggaoRfyUxbbzNdJ54b6TktkXPDoEG+q8YC9MIItv8TFaHgCGejsIvFRQoiO9K
TZon/7+/KyAXXGEmZgiMlVeRd+33dF7K2hc7X3Q6VF0VDUfbwQEZ1mSfdB4Lxak4
HdYW/uK+6HU+DxCZTcRaT5GO8L0lBccZv+tmDje8QNaKzIZ30ajmv5kWue7w4Q6D
s9904WUd6KiL1U+ywQiZwkJa6r7PzgrDp3mYPhFWFyPt
-----END CERTIFICATE-----