This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/XjB8pSYFTRWu3aeuPZfoCPdtSU8.roa
File:                     XjB8pSYFTRWu3aeuPZfoCPdtSU8.roa (raw, json)
Hash identifier:          clM1FhXerIaxDZVMbA4484QAmARB0GCCeaDtZ15BS4A=
Subject key identifier:   5E:30:7C:A5:26:05:4D:15:AE:DD:A7:AE:3D:97:E8:08:F7:6D:49:4F
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       019B7C12E16C02B698D393BE7F8BBF1DDD53
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/XjB8pSYFTRWu3aeuPZfoCPdtSU8.roa
Signing time:             Fri 02 Jan 2026 00:19:30 +0000
ROA not before:           Fri 02 Jan 2026 00:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400810
IP address blocks:        31.43.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:e1:6c:02:b6:98:d3:93:be:7f:8b:bf:1d:dd:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  2 00:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e307ca526054d15aedda7ae3d97e808f76d494f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a0:24:33:f3:ac:a3:45:cd:18:48:7d:c5:5f:
                    57:66:12:10:ec:26:42:81:69:c7:1e:a4:66:8a:77:
                    2f:a4:b7:a6:75:ee:4c:2b:3a:fb:e5:ec:1f:4e:b7:
                    7c:04:51:70:55:b0:7d:4b:05:b7:45:19:fc:d8:37:
                    eb:0a:83:39:2e:6c:78:f2:08:e1:db:96:45:02:09:
                    73:e2:c0:8b:63:a5:2e:9d:7c:c5:e0:41:ae:48:d6:
                    09:ea:4a:12:3a:29:b3:7b:74:3c:a2:1d:a6:d9:2d:
                    6e:a9:42:43:9a:16:59:21:cf:3d:b3:58:c9:d8:ce:
                    d9:b6:2e:7c:9b:02:0d:bf:66:2d:b7:d2:d9:48:24:
                    c8:48:41:a2:a9:ec:cb:87:50:fc:5f:72:46:8e:62:
                    64:28:a4:23:f9:52:d0:98:cb:77:bc:b9:7e:0f:c6:
                    d0:ca:43:06:8a:4b:b6:d8:0c:52:68:d4:a1:0e:58:
                    b3:93:94:91:19:03:e1:5d:28:28:37:1c:ef:36:c0:
                    7a:5d:22:f1:3f:d3:9b:fb:9a:6a:2f:dc:e5:c7:a5:
                    0c:8a:55:a2:e4:ac:20:43:d6:81:eb:58:1b:74:5b:
                    de:fe:88:1a:a3:f7:14:89:a0:ed:2b:00:04:f5:f8:
                    20:6b:8c:33:70:6f:d6:32:46:31:21:2f:eb:40:53:
                    f3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:30:7C:A5:26:05:4D:15:AE:DD:A7:AE:3D:97:E8:08:F7:6D:49:4F
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/XjB8pSYFTRWu3aeuPZfoCPdtSU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:91:e4:37:f5:56:ec:8b:52:58:76:66:1d:ec:ea:d1:09:66:
         82:e1:f3:85:89:01:75:10:38:10:fe:59:67:61:6b:11:bd:0f:
         fd:2f:59:f7:51:06:77:3c:ce:6f:b2:bc:86:73:5f:ed:86:4c:
         29:f4:26:4a:41:02:ea:f9:4d:2c:35:eb:71:00:49:2c:2d:b7:
         71:90:53:38:cc:7d:7a:7f:23:c1:36:a0:74:ee:9b:6f:be:07:
         3f:99:de:1d:02:19:ae:b9:ca:24:4b:1c:f0:c0:36:be:9d:c0:
         5f:d6:75:67:ab:cb:65:ce:36:25:3d:db:50:a1:cc:2c:c7:45:
         8c:0a:0c:a8:98:59:b4:2b:90:53:9a:f4:fd:42:41:53:4a:29:
         8d:a9:f8:88:eb:34:43:06:d0:ce:9b:42:4b:87:65:50:b3:30:
         d8:32:9e:3d:74:ad:0c:33:43:ac:2e:f2:8b:3f:5b:3a:32:08:
         1a:43:22:d2:7d:24:fd:15:c4:f5:92:34:08:ab:fb:7a:ce:96:
         81:fc:48:11:00:e7:e2:33:1c:13:71:ef:c9:18:84:53:28:3c:
         d4:9e:64:6c:54:0b:b5:fe:63:8b:11:8d:3d:5a:25:cb:59:b1:
         fe:bc:bb:d0:4a:77:da:ad:c6:38:d8:26:8e:7a:73:e1:00:45:
         9b:8e:58:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EuFsAraY05O+f4u/Hd1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjYwMTAyMDAxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTMwN2NhNTI2MDU0ZDE1YWVkZGE3YWUzZDk3ZTgwOGY3NmQ0OTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaAkM/Oso0XNGEh9xV9XZhIQ7CZC
gWnHHqRmincvpLemde5MKzr75ewfTrd8BFFwVbB9SwW3RRn82DfrCoM5Lmx48gjh
25ZFAglz4sCLY6UunXzF4EGuSNYJ6koSOimze3Q8oh2m2S1uqUJDmhZZIc89s1jJ
2M7Zti58mwINv2Ytt9LZSCTISEGiqezLh1D8X3JGjmJkKKQj+VLQmMt3vLl+D8bQ
ykMGiku22AxSaNShDlizk5SRGQPhXSgoNxzvNsB6XSLxP9Ob+5pqL9zlx6UMilWi
5KwgQ9aB61gbdFve/ogao/cUiaDtKwAE9fgga4wzcG/WMkYxIS/rQFPzQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4wfKUmBU0Vrt2nrj2X6Aj3bUlPMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvWGpCOHBTWUZUUld1M2FldVBaZm9DUGR0U1U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyukMA0G
CSqGSIb3DQEBCwUAA4IBAQCWkeQ39Vbsi1JYdmYd7OrRCWaC4fOFiQF1EDgQ/lln
YWsRvQ/9L1n3UQZ3PM5vsryGc1/thkwp9CZKQQLq+U0sNetxAEksLbdxkFM4zH16
fyPBNqB07ptvvgc/md4dAhmuucokSxzwwDa+ncBf1nVnq8tlzjYlPdtQocwsx0WM
CgyomFm0K5BTmvT9QkFTSimNqfiI6zRDBtDOm0JLh2VQszDYMp49dK0MM0OsLvKL
P1s6MggaQyLSfST9FcT1kjQIq/t6zpaB/EgRAOfiMxwTce/JGIRTKDzUnmRsVAu1
/mOLEY09WiXLWbH+vLvQSnfarcY42CaOenPhAEWbjliZ
-----END CERTIFICATE-----