This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/Ki5lgptZeKqxkVY1rSUS3fFpdNo.roa
File:                     Ki5lgptZeKqxkVY1rSUS3fFpdNo.roa (raw, json)
Hash identifier:          wCDh26IbseWW9odw6/4vFdpDTBtddnVSe0afNNR63xE=
Subject key identifier:   2A:2E:65:82:9B:59:78:AA:B1:91:56:35:AD:25:12:DD:F1:69:74:DA
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       019B7C12DFC92BD264732C4F6F27D17E911B
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/Ki5lgptZeKqxkVY1rSUS3fFpdNo.roa
Signing time:             Fri 02 Jan 2026 00:19:30 +0000
ROA not before:           Fri 02 Jan 2026 00:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212609
IP address blocks:        31.43.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:df:c9:2b:d2:64:73:2c:4f:6f:27:d1:7e:91:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  2 00:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a2e65829b5978aab1915635ad2512ddf16974da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f7:35:e5:d1:76:f6:c6:78:f5:db:dd:2c:31:
                    e7:f0:32:97:89:9d:be:54:f2:d0:37:d2:14:fe:43:
                    36:05:13:85:11:6b:4d:63:3f:bc:62:cb:6e:c6:d4:
                    44:d1:50:43:e1:31:d7:98:38:f4:36:34:c0:1d:45:
                    83:fa:42:68:33:30:80:db:c8:16:5f:d4:96:5c:fa:
                    a0:c8:7a:b9:83:22:fc:94:49:a2:71:85:06:4c:57:
                    c7:5a:3e:52:09:1d:7b:df:f2:79:81:fe:f4:d8:ce:
                    53:01:d7:fc:a6:4a:59:49:95:3d:c7:28:a1:54:58:
                    a2:ef:d6:4c:f0:5d:97:92:54:20:af:48:4f:db:68:
                    97:ea:fc:98:7a:80:94:be:16:a6:e2:09:44:bb:02:
                    78:2e:99:17:80:db:9f:bb:65:ed:60:69:77:2e:74:
                    d1:58:e3:b1:29:bb:88:cb:d7:df:18:61:8b:99:22:
                    c2:51:60:6d:cf:4e:6a:16:bd:fd:a8:36:d7:e7:75:
                    bf:fa:91:28:37:b1:8d:ae:df:af:4f:5e:da:1a:0a:
                    90:80:21:81:91:42:f7:86:36:e3:44:fb:7c:20:f6:
                    52:75:34:44:fa:de:57:12:34:7c:50:77:31:5b:1d:
                    90:f1:0e:ad:b9:7a:ea:b3:93:68:d9:cc:3c:0e:31:
                    0d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2E:65:82:9B:59:78:AA:B1:91:56:35:AD:25:12:DD:F1:69:74:DA
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/Ki5lgptZeKqxkVY1rSUS3fFpdNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:0a:2f:b5:5d:c8:e2:bb:66:05:92:7e:d3:03:0e:d8:e8:13:
         fe:91:89:8a:a5:a1:18:66:64:f6:14:b6:ab:7d:91:50:a2:e1:
         62:d6:37:98:02:b0:ab:49:eb:c7:a6:49:08:cb:19:77:a1:c2:
         de:07:b1:cf:61:df:44:ea:e7:84:8d:f2:15:a8:85:2c:51:a3:
         04:a2:ad:37:4d:4f:96:7c:a2:1f:00:11:37:1f:56:b1:bc:a1:
         21:ce:af:b3:08:be:f5:eb:32:15:0e:a3:2c:00:ca:97:a4:b9:
         bd:c6:10:89:38:7c:78:28:17:b3:0d:e5:3b:f2:f8:55:3f:8d:
         52:d8:55:9c:8e:fe:f0:fc:ed:33:16:ac:4c:fa:ae:81:d0:96:
         31:38:c2:5f:9f:61:5f:d8:5e:a5:79:a3:b7:66:e3:5f:2e:f4:
         04:39:0b:f8:ff:55:88:cf:8f:de:a3:24:8d:84:c3:85:77:b1:
         9c:75:ec:6d:ed:ed:a0:61:53:97:4e:37:6e:77:8b:0e:df:17:
         d3:91:50:10:ea:b1:d8:6e:d9:b9:f6:74:a1:26:7d:2d:5e:f3:
         61:7f:df:30:a9:8a:9f:70:eb:2d:7a:8d:dd:44:b6:46:bd:cc:
         7e:24:b2:da:1c:1a:69:d0:6f:92:26:f5:b8:48:e9:4f:be:88:
         ef:77:87:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Et/JK9JkcyxPbyfRfpEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjYwMTAyMDAxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTJlNjU4MjliNTk3OGFhYjE5MTU2MzVhZDI1MTJkZGYxNjk3NGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/c15dF29sZ49dvdLDHn8DKXiZ2+
VPLQN9IU/kM2BROFEWtNYz+8YstuxtRE0VBD4THXmDj0NjTAHUWD+kJoMzCA28gW
X9SWXPqgyHq5gyL8lEmicYUGTFfHWj5SCR173/J5gf702M5TAdf8pkpZSZU9xyih
VFii79ZM8F2XklQgr0hP22iX6vyYeoCUvham4glEuwJ4LpkXgNufu2XtYGl3LnTR
WOOxKbuIy9ffGGGLmSLCUWBtz05qFr39qDbX53W/+pEoN7GNrt+vT17aGgqQgCGB
kUL3hjbjRPt8IPZSdTRE+t5XEjR8UHcxWx2Q8Q6tuXrqs5No2cw8DjENtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCouZYKbWXiqsZFWNa0lEt3xaXTaMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvS2k1bGdwdFplS3F4a1ZZMXJTVVMzZkZwZE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyumMA0G
CSqGSIb3DQEBCwUAA4IBAQC0Ci+1Xcjiu2YFkn7TAw7Y6BP+kYmKpaEYZmT2FLar
fZFQouFi1jeYArCrSevHpkkIyxl3ocLeB7HPYd9E6ueEjfIVqIUsUaMEoq03TU+W
fKIfABE3H1axvKEhzq+zCL716zIVDqMsAMqXpLm9xhCJOHx4KBezDeU78vhVP41S
2FWcjv7w/O0zFqxM+q6B0JYxOMJfn2Ff2F6leaO3ZuNfLvQEOQv4/1WIz4/eoySN
hMOFd7Gcdext7e2gYVOXTjdud4sO3xfTkVAQ6rHYbtm59nShJn0tXvNhf98wqYqf
cOsteo3dRLZGvcx+JLLaHBpp0G+SJvW4SOlPvojvd4fN
-----END CERTIFICATE-----