This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/iIJMhiXnC0TkNFq6MHPCGZcJKp4.roa
File:                     iIJMhiXnC0TkNFq6MHPCGZcJKp4.roa (raw, json)
Hash identifier:          6M+PNBTs7Ydc22YxEOoAXWjHO6P/9d3SsLY8rQkfu3Y=
Subject key identifier:   88:82:4C:86:25:E7:0B:44:E4:34:5A:BA:30:73:C2:19:97:09:2A:9E
Certificate issuer:       /CN=d80b565d7736753dbe7f6624bdf1d2bc1896f7c0
Certificate serial:       019B7AC77A113813855CFC0DE141B075A3B1
Authority key identifier: D8:0B:56:5D:77:36:75:3D:BE:7F:66:24:BD:F1:D2:BC:18:96:F7:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/iIJMhiXnC0TkNFq6MHPCGZcJKp4.roa
Signing time:             Thu 01 Jan 2026 18:17:31 +0000
ROA not before:           Thu 01 Jan 2026 18:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210854
IP address blocks:        31.210.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:7a:11:38:13:85:5c:fc:0d:e1:41:b0:75:a3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d80b565d7736753dbe7f6624bdf1d2bc1896f7c0
        Validity
            Not Before: Jan  1 18:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88824c8625e70b44e4345aba3073c21997092a9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2b:1c:ad:13:ae:00:f9:61:24:32:1f:45:a0:
                    57:3d:47:ba:28:e4:aa:b8:06:f4:9a:6f:37:a7:0f:
                    ad:b0:75:c8:6d:c9:a9:1b:b1:9b:dc:b5:19:39:8e:
                    ff:45:62:71:c5:80:9a:15:ec:53:21:1b:c3:bd:d5:
                    d9:be:39:b4:18:7e:da:e5:0d:7f:51:4d:2f:6c:db:
                    b5:5f:32:be:6b:a9:1e:20:29:76:d8:ef:57:e4:6a:
                    7b:37:6b:7a:d5:57:fd:27:b4:6d:1e:dc:8f:14:e5:
                    9d:60:ed:05:98:40:59:24:e9:cf:e4:73:1e:27:12:
                    4c:82:26:14:59:46:0f:00:7d:a9:08:d6:8c:5c:f7:
                    cb:67:54:5d:4c:e0:27:66:7b:f4:34:1a:3a:72:f4:
                    8a:91:8b:ad:1f:0f:18:b2:d2:e6:c0:41:26:89:94:
                    3e:8f:aa:2a:ef:7d:28:1d:a3:a1:11:40:dc:fa:57:
                    16:cd:37:68:02:b8:40:d4:e3:5c:99:0a:df:9f:02:
                    ff:3c:76:65:21:dd:6f:bf:1e:ae:a5:99:6a:6d:42:
                    b4:f9:ec:c6:74:25:85:35:e5:37:0d:71:73:ee:22:
                    8c:6a:2c:42:3e:89:97:c4:97:50:f3:9e:d3:dd:14:
                    65:51:a7:5b:a6:9e:fa:d2:84:67:21:f4:4f:94:2f:
                    9c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:82:4C:86:25:E7:0B:44:E4:34:5A:BA:30:73:C2:19:97:09:2A:9E
            X509v3 Authority Key Identifier:
                keyid:D8:0B:56:5D:77:36:75:3D:BE:7F:66:24:BD:F1:D2:BC:18:96:F7:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/iIJMhiXnC0TkNFq6MHPCGZcJKp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:e4:ee:2f:2d:3e:0d:ab:c2:d2:fa:d0:43:96:40:f7:66:bd:
         af:09:46:72:93:2a:0c:0a:23:3a:35:ea:23:5e:6e:4e:dd:38:
         5a:0b:3f:5d:75:1f:6f:e7:03:b7:22:39:84:1e:48:dc:e2:75:
         e8:f1:2d:19:94:d1:ee:32:4e:96:12:28:56:5a:f0:3b:45:bf:
         0b:39:c9:0b:10:8b:47:f5:9d:e9:17:0f:f8:94:05:c3:02:ab:
         71:07:a9:2b:60:c8:00:13:43:e2:33:df:46:69:59:2d:94:b1:
         85:18:a3:1e:a6:26:9c:1b:4e:0d:60:2b:51:7b:4b:be:c3:a8:
         c0:02:94:83:61:2b:00:5c:d0:c8:2a:3f:17:1f:27:75:0e:e3:
         04:d7:6e:e9:a2:be:63:5c:80:49:c6:d9:a4:08:ca:82:42:d7:
         15:5f:89:b6:24:9f:bd:eb:eb:11:84:bd:87:45:7f:16:3f:64:
         b2:80:81:76:58:2b:c9:90:b8:56:a1:fc:d1:0e:07:19:cd:a3:
         16:b8:61:2a:ea:1b:13:04:47:f9:2f:74:88:f6:c4:2f:66:94:
         dc:33:0f:90:0f:c3:7a:07:80:d0:8d:ae:4e:2c:e7:d8:e4:f7:
         a4:f1:dc:e2:bd:d5:f9:8e:05:b2:89:36:8d:bc:75:01:3c:cd:
         b4:85:4e:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x3oROBOFXPwN4UGwdaOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MGI1NjVkNzczNjc1M2RiZTdmNjYyNGJkZjFkMmJjMTg5
NmY3YzAwHhcNMjYwMTAxMTgxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODgyNGM4NjI1ZTcwYjQ0ZTQzNDVhYmEzMDczYzIxOTk3MDkyYTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CscrROuAPlhJDIfRaBXPUe6KOSq
uAb0mm83pw+tsHXIbcmpG7Gb3LUZOY7/RWJxxYCaFexTIRvDvdXZvjm0GH7a5Q1/
UU0vbNu1XzK+a6keICl22O9X5Gp7N2t61Vf9J7RtHtyPFOWdYO0FmEBZJOnP5HMe
JxJMgiYUWUYPAH2pCNaMXPfLZ1RdTOAnZnv0NBo6cvSKkYutHw8YstLmwEEmiZQ+
j6oq730oHaOhEUDc+lcWzTdoArhA1ONcmQrfnwL/PHZlId1vvx6upZlqbUK0+ezG
dCWFNeU3DXFz7iKMaixCPomXxJdQ857T3RRlUadbpp760oRnIfRPlC+c6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiCTIYl5wtE5DRaujBzwhmXCSqeMB8GA1UdIwQY
MBaAFNgLVl13NnU9vn9mJL3x0rwYlvfAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkF0V1hYYzJkVDItZjJZa3ZmSFN2QmlXOThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mNzYzMzktMTcxNC00MDNiLTk5Mjct
MjMyNzc4MjJmZWZhLzEvaUlKTWhpWG5DMFRrTkZxNk1IUENHWmNKS3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mNzYzMzktMTcxNC00MDNiLTk5MjctMjMyNzc4MjJmZWZh
LzEvMkF0V1hYYzJkVDItZjJZa3ZmSFN2QmlXOThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9IRMA0G
CSqGSIb3DQEBCwUAA4IBAQBf5O4vLT4Nq8LS+tBDlkD3Zr2vCUZykyoMCiM6Neoj
Xm5O3ThaCz9ddR9v5wO3IjmEHkjc4nXo8S0ZlNHuMk6WEihWWvA7Rb8LOckLEItH
9Z3pFw/4lAXDAqtxB6krYMgAE0PiM99GaVktlLGFGKMepiacG04NYCtRe0u+w6jA
ApSDYSsAXNDIKj8XHyd1DuME127por5jXIBJxtmkCMqCQtcVX4m2JJ+96+sRhL2H
RX8WP2SygIF2WCvJkLhWofzRDgcZzaMWuGEq6hsTBEf5L3SI9sQvZpTcMw+QD8N6
B4DQja5OLOfY5Pek8dzivdX5jgWyiTaNvHUBPM20hU5o
-----END CERTIFICATE-----
Generated at Wed Jan 21 15:54:25 2026 by rpki-client