This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/CM5yTRt39UsRzQIWzuT7HO7bzSE.roa
File:                     CM5yTRt39UsRzQIWzuT7HO7bzSE.roa (raw, json)
Hash identifier:          RH4eRmyLdVDmBQ+RCsFz+zVNIdYG+Aj2Xj1CkOhS/oI=
Subject key identifier:   08:CE:72:4D:1B:77:F5:4B:11:CD:02:16:CE:E4:FB:1C:EE:DB:CD:21
Certificate issuer:       /CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
Certificate serial:       019B7DCA2158F3ED0655EB611D9DA4E953FE
Authority key identifier: EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/CM5yTRt39UsRzQIWzuT7HO7bzSE.roa
Signing time:             Fri 02 Jan 2026 08:19:17 +0000
ROA not before:           Fri 02 Jan 2026 08:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        31.13.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 14:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:21:58:f3:ed:06:55:eb:61:1d:9d:a4:e9:53:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed9578e49825c42f3c131b94cb0fdde5c79ad77
        Validity
            Not Before: Jan  2 08:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08ce724d1b77f54b11cd0216cee4fb1ceedbcd21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0b:8a:67:6f:d8:14:07:e8:59:2b:f0:cf:95:
                    45:11:28:34:45:5d:56:51:c9:a0:b1:3e:a6:e0:d1:
                    1c:db:02:02:2e:ee:43:f2:a9:2a:d2:d9:31:7c:8d:
                    09:5a:6f:0c:fb:a9:b6:32:31:eb:99:04:40:55:3d:
                    d6:6e:ac:21:b8:0d:da:98:8e:b6:35:04:c7:c6:98:
                    58:2a:e5:fb:43:22:60:82:b9:46:a5:7a:af:0b:f6:
                    c9:2e:a1:a7:5f:6e:21:ef:af:99:0d:c2:0c:0d:c9:
                    2e:41:0e:2a:5b:4a:65:c8:03:36:87:ca:31:b2:bd:
                    94:b0:fa:d6:ae:27:2c:fe:e1:13:a8:e6:1d:4b:64:
                    2f:ed:63:87:40:fd:fa:12:39:65:b1:64:93:a4:a8:
                    a9:42:a1:c5:99:b3:6e:dd:8f:1e:4b:44:5e:36:de:
                    b8:49:97:d4:4d:c9:69:ae:fc:6c:28:f9:39:82:6c:
                    8a:ce:70:c0:a5:ea:2f:a5:69:94:04:a8:c5:ba:b4:
                    d9:1c:34:f1:53:b6:f5:3c:ea:2b:66:08:a7:1c:fd:
                    a6:bd:68:61:dc:60:1d:1f:cf:86:fe:7c:00:f8:e2:
                    78:ce:df:70:1b:e1:be:63:d7:b4:a7:09:03:4f:4f:
                    75:cb:f8:02:6d:bd:22:f1:c1:0c:c1:36:a9:f7:f4:
                    d5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:CE:72:4D:1B:77:F5:4B:11:CD:02:16:CE:E4:FB:1C:EE:DB:CD:21
            X509v3 Authority Key Identifier:
                keyid:EE:D9:57:8E:49:82:5C:42:F3:C1:31:B9:4C:B0:FD:DE:5C:79:AD:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tlXjkmCXELzwTG5TLD93lx5rXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/CM5yTRt39UsRzQIWzuT7HO7bzSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/649b17-039d-42da-90f6-3e10d1ab7408/1/7tlXjkmCXELzwTG5TLD93lx5rXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:5d:1f:c8:49:c5:52:60:99:8a:3c:dc:69:8c:5b:6e:4f:d0:
         a6:f4:38:06:32:8c:d5:85:c3:a6:7e:07:d8:88:02:00:37:ae:
         5e:e2:b1:ec:cf:18:75:69:cc:3f:57:ba:aa:79:e3:ce:da:bf:
         09:e9:df:5f:63:d6:3f:67:f7:e2:4b:c6:79:2c:64:f6:94:73:
         40:30:71:3b:cc:d8:dd:ce:62:c9:97:e5:3b:35:df:28:cb:e9:
         b2:ec:42:24:9c:8a:72:93:c3:18:23:9f:a2:a9:61:61:f2:69:
         74:6b:f7:75:2a:ad:ec:7b:fd:49:9b:66:dc:3b:4c:e9:1a:23:
         c5:8c:28:a9:61:a1:17:bb:2d:cf:df:f5:33:7a:d9:60:9c:dc:
         20:f3:de:40:e5:62:e2:9e:82:17:0e:c3:2d:3c:e6:29:ea:9b:
         9d:91:42:05:82:8b:52:3a:e4:df:32:8c:33:30:53:f8:9b:1b:
         7e:29:d4:01:a2:ab:11:42:62:ec:46:11:5c:20:fc:53:fa:39:
         51:9f:1c:ff:db:1b:b0:cf:a3:8d:05:5d:6f:e7:84:19:c8:2e:
         06:e5:01:1f:09:f0:17:aa:8e:6f:2c:f0:17:3f:69:8b:eb:34:
         2f:bc:45:a1:95:8c:2f:41:f4:6a:49:74:07:64:7b:4e:fc:1d:
         4d:6d:ac:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yiFY8+0GVethHZ2k6VP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDk1NzhlNDk4MjVjNDJmM2MxMzFiOTRjYjBmZGRlNWM3
OWFkNzcwHhcNMjYwMTAyMDgxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNlNzI0ZDFiNzdmNTRiMTFjZDAyMTZjZWU0ZmIxY2VlZGJjZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AuKZ2/YFAfoWSvwz5VFESg0RV1W
UcmgsT6m4NEc2wICLu5D8qkq0tkxfI0JWm8M+6m2MjHrmQRAVT3WbqwhuA3amI62
NQTHxphYKuX7QyJggrlGpXqvC/bJLqGnX24h76+ZDcIMDckuQQ4qW0plyAM2h8ox
sr2UsPrWrics/uETqOYdS2Qv7WOHQP36EjllsWSTpKipQqHFmbNu3Y8eS0ReNt64
SZfUTclprvxsKPk5gmyKznDApeovpWmUBKjFurTZHDTxU7b1POorZginHP2mvWhh
3GAdH8+G/nwA+OJ4zt9wG+G+Y9e0pwkDT091y/gCbb0i8cEMwTap9/TVPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjOck0bd/VLEc0CFs7k+xzu280hMB8GA1UdIwQY
MBaAFO7ZV45JglxC88ExuUyw/d5cea13MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYt
M2UxMGQxYWI3NDA4LzEvQ001eVRSdDM5VXNSelFJV3p1VDdITzdielNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82NDliMTctMDM5ZC00MmRhLTkwZjYtM2UxMGQxYWI3NDA4
LzEvN3RsWGprbUNYRUx6d1RHNVRMRDkzbHg1clhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHw24MA0G
CSqGSIb3DQEBCwUAA4IBAQAuXR/IScVSYJmKPNxpjFtuT9Cm9DgGMozVhcOmfgfY
iAIAN65e4rHszxh1acw/V7qqeePO2r8J6d9fY9Y/Z/fiS8Z5LGT2lHNAMHE7zNjd
zmLJl+U7Nd8oy+my7EIknIpyk8MYI5+iqWFh8ml0a/d1Kq3se/1Jm2bcO0zpGiPF
jCipYaEXuy3P3/UzetlgnNwg895A5WLinoIXDsMtPOYp6pudkUIFgotSOuTfMowz
MFP4mxt+KdQBoqsRQmLsRhFcIPxT+jlRnxz/2xuwz6ONBV1v54QZyC4G5QEfCfAX
qo5vLPAXP2mL6zQvvEWhlYwvQfRqSXQHZHtO/B1NbaxV
-----END CERTIFICATE-----