This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/NIU89FpzziKoMc5cbTweubNW-EY.roa
File:                     NIU89FpzziKoMc5cbTweubNW-EY.roa (raw, json)
Hash identifier:          lqU5gy4dvFoQO8yJfigM/v+crHcxqNMcgHf6AXZWC70=
Subject key identifier:   34:85:3C:F4:5A:73:CE:22:A8:31:CE:5C:6D:3C:1E:B9:B3:56:F8:46
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       019B7BA501C758A3C52DD9E58502F09CB538
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/NIU89FpzziKoMc5cbTweubNW-EY.roa
Signing time:             Thu 01 Jan 2026 22:19:30 +0000
ROA not before:           Thu 01 Jan 2026 22:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207252
IP address blocks:        31.222.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:01:c7:58:a3:c5:2d:d9:e5:85:02:f0:9c:b5:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Jan  1 22:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34853cf45a73ce22a831ce5c6d3c1eb9b356f846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b3:49:f7:38:10:1e:5a:06:e7:69:ad:d4:9b:
                    e4:eb:a6:76:c8:b1:21:52:a4:b9:df:d3:ca:1d:f7:
                    34:77:18:2c:01:9a:35:da:21:ba:c3:8c:e2:c5:28:
                    5e:e5:5e:6d:3e:8c:ef:6f:b3:fc:c7:9d:13:79:ef:
                    a0:ed:6d:67:a1:37:fb:9a:70:12:57:6f:c0:c8:ad:
                    fe:cb:25:01:7c:61:1c:9b:ea:ab:4e:a2:07:e0:7d:
                    05:65:71:e1:90:c1:3c:61:89:4a:e7:e8:f5:1e:47:
                    8a:c3:53:e1:75:2a:5b:76:ce:30:f0:31:7f:f9:79:
                    43:42:69:25:36:f6:eb:ac:e3:28:36:06:79:fb:d6:
                    de:0b:57:1b:f3:43:58:52:82:06:7a:db:04:eb:63:
                    f8:68:00:9c:a8:7f:2b:b0:3b:8b:8c:6a:3e:25:cc:
                    ee:6f:92:4e:46:9f:7b:f6:9b:a4:7a:e4:7d:ff:b8:
                    53:43:b9:41:84:99:81:42:36:e0:ee:00:ab:d9:02:
                    a7:b2:0d:02:4d:fa:03:89:ac:af:50:ea:11:e0:f9:
                    c3:2c:63:0b:97:42:43:2a:f6:1a:a0:33:31:cc:bc:
                    74:82:ba:7b:0b:21:4b:b7:a1:ee:44:30:73:6a:9b:
                    c6:48:62:c8:83:cb:a2:61:15:7d:1c:16:d9:58:22:
                    c5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:85:3C:F4:5A:73:CE:22:A8:31:CE:5C:6D:3C:1E:B9:B3:56:F8:46
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/NIU89FpzziKoMc5cbTweubNW-EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:5b:d2:5c:b2:4a:f6:27:6d:89:ec:15:8a:74:22:5f:ab:56:
         5e:d7:58:41:eb:05:1c:a0:fc:0e:d9:6a:23:5b:10:7c:1e:57:
         12:ee:f2:63:0f:34:aa:69:24:41:b2:58:b0:45:bc:9f:02:b3:
         a8:1a:89:4f:37:af:5d:e2:e1:f8:99:63:70:e0:fa:a0:e1:74:
         04:2e:1b:69:ff:ce:69:08:88:22:5e:c4:dd:72:78:e1:f8:46:
         c9:64:ec:72:d0:d7:ff:ee:73:92:bb:10:27:22:41:0b:73:63:
         fc:b0:91:03:e5:3b:3b:a5:de:5c:80:83:f6:aa:ed:0b:cd:cf:
         91:bf:e6:0b:a5:b8:75:43:53:a2:03:db:af:5b:25:60:f5:4e:
         0e:54:c1:11:8b:83:c6:5f:31:9e:c4:9d:ec:79:c9:11:45:0b:
         a8:72:8e:b7:33:90:41:c6:14:b5:27:41:2b:06:74:0e:2f:4f:
         32:b5:c1:5f:02:44:ba:81:ac:a2:0d:ac:fa:51:1a:6e:e5:52:
         9d:77:d7:86:07:20:47:86:dc:e4:8a:46:e8:37:de:bf:8c:bf:
         b4:a9:35:75:6e:92:75:0d:7c:3c:ff:54:61:47:49:d1:6c:06:
         c8:1d:ba:d5:ef:cc:7b:1c:ee:26:07:4f:a3:74:13:21:c2:0c:
         58:16:75:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pQHHWKPFLdnlhQLwnLU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjYwMTAxMjIxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDg1M2NmNDVhNzNjZTIyYTgzMWNlNWM2ZDNjMWViOWIzNTZmODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbNJ9zgQHloG52mt1Jvk66Z2yLEh
UqS539PKHfc0dxgsAZo12iG6w4zixShe5V5tPozvb7P8x50Tee+g7W1noTf7mnAS
V2/AyK3+yyUBfGEcm+qrTqIH4H0FZXHhkME8YYlK5+j1HkeKw1PhdSpbds4w8DF/
+XlDQmklNvbrrOMoNgZ5+9beC1cb80NYUoIGetsE62P4aACcqH8rsDuLjGo+Jczu
b5JORp979pukeuR9/7hTQ7lBhJmBQjbg7gCr2QKnsg0CTfoDiayvUOoR4PnDLGML
l0JDKvYaoDMxzLx0grp7CyFLt6HuRDBzapvGSGLIg8uiYRV9HBbZWCLFswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSFPPRac84iqDHOXG08HrmzVvhGMB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvTklVODlGcHp6aUtvTWM1Y2JUd2V1Yk5XLUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH97IMA0G
CSqGSIb3DQEBCwUAA4IBAQCqW9Jcskr2J22J7BWKdCJfq1Ze11hB6wUcoPwO2Woj
WxB8HlcS7vJjDzSqaSRBsliwRbyfArOoGolPN69d4uH4mWNw4Pqg4XQELhtp/85p
CIgiXsTdcnjh+EbJZOxy0Nf/7nOSuxAnIkELc2P8sJED5Ts7pd5cgIP2qu0Lzc+R
v+YLpbh1Q1OiA9uvWyVg9U4OVMERi4PGXzGexJ3seckRRQuoco63M5BBxhS1J0Er
BnQOL08ytcFfAkS6gayiDaz6URpu5VKdd9eGByBHhtzkikboN96/jL+0qTV1bpJ1
DXw8/1RhR0nRbAbIHbrV78x7HO4mB0+jdBMhwgxYFnWT
-----END CERTIFICATE-----