This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zmOF87F07s9f5VWCac2yWxXWn2M.roa
File:                     zmOF87F07s9f5VWCac2yWxXWn2M.roa (raw, json)
Hash identifier:          FPWlkdT1AjBdv4aGqKRAyI1NCI1ZrB7V0303sCR9bV0=
Subject key identifier:   CE:63:85:F3:B1:74:EE:CF:5F:E5:55:82:69:CD:B2:5B:15:D6:9F:63
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F846F427716AFE1FBC5B4A934A0E4E7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zmOF87F07s9f5VWCac2yWxXWn2M.roa
Signing time:             Fri 02 Jan 2026 16:22:24 +0000
ROA not before:           Fri 02 Jan 2026 16:22:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        31.59.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:6f:42:77:16:af:e1:fb:c5:b4:a9:34:a0:e4:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce6385f3b174eecf5fe5558269cdb25b15d69f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:53:5f:7f:9a:c3:d4:06:da:e6:dd:e0:20:f3:
                    ca:82:0d:0a:c8:54:9e:ed:36:8e:fb:27:da:ea:a0:
                    1d:30:a5:84:a8:22:5e:d1:4f:61:3f:a3:8d:e5:38:
                    47:55:fe:db:4e:8f:73:2f:67:e8:c7:e3:a7:01:b6:
                    87:3b:a7:8a:ce:e2:4a:3d:e8:22:a8:df:28:1a:34:
                    60:a8:b4:20:83:2c:2c:f5:aa:9c:55:88:fb:4e:5e:
                    95:94:bb:44:33:aa:87:7b:c2:c3:f0:48:30:ce:ee:
                    71:bf:d5:6d:57:77:04:a7:d6:d4:62:69:62:6b:40:
                    18:25:9b:c0:e1:44:36:a0:2d:05:f3:db:4a:ce:2c:
                    37:ad:aa:3d:5a:c4:d6:44:b9:0b:7d:f4:89:d5:7f:
                    bd:48:3f:d6:34:5a:51:7f:34:ba:0b:61:db:d0:58:
                    f3:58:e7:a9:c8:b7:79:ba:c3:ed:e4:b3:a1:7d:ce:
                    87:74:74:6f:39:dc:bb:94:d5:ec:4b:6d:04:f7:ca:
                    fb:3b:c0:3c:e1:c2:63:cb:17:c9:04:58:c3:02:99:
                    a5:18:71:f3:80:a8:09:83:98:c7:42:94:6f:d5:58:
                    a4:f0:13:1a:b5:59:51:99:39:c3:49:4f:67:3b:a1:
                    84:8a:98:6f:58:73:08:e0:1d:8d:d6:e5:e8:16:8c:
                    56:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:63:85:F3:B1:74:EE:CF:5F:E5:55:82:69:CD:B2:5B:15:D6:9F:63
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zmOF87F07s9f5VWCac2yWxXWn2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:1e:15:c6:b2:1b:7a:02:e3:0b:7d:be:00:ed:78:3e:70:f2:
         64:50:fc:25:0b:04:31:f1:be:1e:a8:c2:c2:89:7b:66:5b:14:
         ff:c9:3d:c3:55:fe:ec:33:f0:24:4a:e2:cb:4f:5d:95:f7:5a:
         d0:f2:7e:1a:d6:57:49:9c:28:8a:d1:a3:48:f4:bc:92:1c:1a:
         94:33:d9:b9:10:e7:e2:70:29:7a:a9:29:a2:86:5e:76:20:94:
         ab:05:4a:a1:91:e5:19:80:03:4b:fb:8f:25:e9:d8:27:1d:74:
         4b:37:71:e4:82:2b:e8:fc:1d:2a:ce:3e:7e:1c:75:46:53:1d:
         29:14:55:85:2a:93:cf:1d:18:5e:ab:c4:bd:22:9f:c0:8d:8a:
         b8:ab:07:ea:85:8f:5d:f6:9f:c6:38:8b:6e:70:2a:dc:4f:45:
         2f:82:bc:bc:18:85:90:c0:38:23:76:f0:7e:7a:de:85:90:19:
         54:f0:59:2a:cc:4c:40:54:8f:c9:f4:40:e4:d6:38:4d:b1:b7:
         f1:29:3e:99:71:3d:5a:a0:e2:10:30:dc:b3:c5:b1:5f:7b:60:
         c9:95:59:c9:82:d4:60:58:da:7c:46:3f:78:4d:16:e2:2b:5f:
         e4:de:67:9b:54:5d:1b:60:b1:59:d4:9f:29:43:48:53:a6:9a:
         f9:75:bc:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hG9Cdxav4fvFtKk0oOTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTYzODVmM2IxNzRlZWNmNWZlNTU1ODI2OWNkYjI1YjE1ZDY5ZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FNff5rD1Aba5t3gIPPKgg0KyFSe
7TaO+yfa6qAdMKWEqCJe0U9hP6ON5ThHVf7bTo9zL2fox+OnAbaHO6eKzuJKPegi
qN8oGjRgqLQggyws9aqcVYj7Tl6VlLtEM6qHe8LD8Egwzu5xv9VtV3cEp9bUYmli
a0AYJZvA4UQ2oC0F89tKziw3rao9WsTWRLkLffSJ1X+9SD/WNFpRfzS6C2Hb0Fjz
WOepyLd5usPt5LOhfc6HdHRvOdy7lNXsS20E98r7O8A84cJjyxfJBFjDApmlGHHz
gKgJg5jHQpRv1Vik8BMatVlRmTnDSU9nO6GEiphvWHMI4B2N1uXoFoxWwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5jhfOxdO7PX+VVgmnNslsV1p9jMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvem1PRjg3RjA3czlmNVZXQ2FjMnlXeFhXbjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzutMA0G
CSqGSIb3DQEBCwUAA4IBAQBnHhXGsht6AuMLfb4A7Xg+cPJkUPwlCwQx8b4eqMLC
iXtmWxT/yT3DVf7sM/AkSuLLT12V91rQ8n4a1ldJnCiK0aNI9LySHBqUM9m5EOfi
cCl6qSmihl52IJSrBUqhkeUZgANL+48l6dgnHXRLN3Hkgivo/B0qzj5+HHVGUx0p
FFWFKpPPHRheq8S9Ip/AjYq4qwfqhY9d9p/GOItucCrcT0Uvgry8GIWQwDgjdvB+
et6FkBlU8FkqzExAVI/J9EDk1jhNsbfxKT6ZcT1aoOIQMNyzxbFfe2DJlVnJgtRg
WNp8Rj94TRbiK1/k3mebVF0bYLFZ1J8pQ0hTppr5dbzV
-----END CERTIFICATE-----