This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/rIbppOfNfFYdHELW2Brc9R0i8ZQ.roa
File:                     rIbppOfNfFYdHELW2Brc9R0i8ZQ.roa (raw, json)
Hash identifier:          6K2aNO9ERJucL5JHeR5DeWEg9tZjVrX7Cr/llqySGJ4=
Subject key identifier:   AC:86:E9:A4:E7:CD:7C:56:1D:1C:42:D6:D8:1A:DC:F5:1D:22:F1:94
Certificate issuer:       /CN=8e16bde64a9a9bba3ffa1438a197ac3f94989faf
Certificate serial:       019B7B35E1DCE4A84DF36045280FE02503CF
Authority key identifier: 8E:16:BD:E6:4A:9A:9B:BA:3F:FA:14:38:A1:97:AC:3F:94:98:9F:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jha95kqam7o_-hQ4oZesP5SYn68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/rIbppOfNfFYdHELW2Brc9R0i8ZQ.roa
Signing time:             Thu 01 Jan 2026 20:18:07 +0000
ROA not before:           Thu 01 Jan 2026 20:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202302
IP address blocks:        31.222.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/jha95kqam7o_-hQ4oZesP5SYn68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/jha95kqam7o_-hQ4oZesP5SYn68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jha95kqam7o_-hQ4oZesP5SYn68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 14:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:e1:dc:e4:a8:4d:f3:60:45:28:0f:e0:25:03:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e16bde64a9a9bba3ffa1438a197ac3f94989faf
        Validity
            Not Before: Jan  1 20:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac86e9a4e7cd7c561d1c42d6d81adcf51d22f194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:18:bb:33:ed:9d:f6:52:ad:28:7b:4b:64:0b:
                    98:be:37:63:94:cc:ad:f7:80:a3:ac:2c:34:3e:08:
                    a4:e9:f5:0b:af:13:07:35:cb:40:24:2f:5d:9f:e9:
                    0d:f8:61:cf:40:fa:d6:6e:f8:45:52:0d:24:5b:1e:
                    f7:6d:28:97:f7:6c:06:7d:64:75:b0:bf:1b:5f:9c:
                    3f:c4:4d:45:92:34:f3:ea:e0:07:46:5a:a7:1a:6c:
                    ad:5e:50:86:7c:ed:a9:65:ad:6a:37:60:0c:68:5d:
                    e8:73:4e:b1:bb:55:f9:f5:df:a4:86:df:98:de:21:
                    36:6e:d6:2c:3b:4a:bb:43:e8:7b:be:4e:4b:df:7c:
                    84:fb:da:3d:93:a8:8f:be:f9:0f:6f:69:6e:23:8e:
                    dc:bd:7c:db:40:1a:dc:9e:4f:e7:ab:e7:b8:70:84:
                    39:7e:e1:7b:7a:1d:9f:b6:b9:33:c7:91:8b:bb:9c:
                    8f:73:01:91:01:0a:ae:1d:5c:1e:79:9e:25:88:37:
                    5a:ea:0b:42:71:67:1c:bb:18:26:48:0b:57:a8:07:
                    a1:21:c6:49:aa:23:0b:e0:12:b3:3f:24:94:bd:40:
                    53:7e:b1:eb:e8:f8:7a:00:90:b8:de:4c:3a:53:29:
                    47:29:22:95:e2:b0:33:25:de:24:01:d9:3a:61:cb:
                    0a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:86:E9:A4:E7:CD:7C:56:1D:1C:42:D6:D8:1A:DC:F5:1D:22:F1:94
            X509v3 Authority Key Identifier:
                keyid:8E:16:BD:E6:4A:9A:9B:BA:3F:FA:14:38:A1:97:AC:3F:94:98:9F:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jha95kqam7o_-hQ4oZesP5SYn68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/rIbppOfNfFYdHELW2Brc9R0i8ZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/jha95kqam7o_-hQ4oZesP5SYn68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:f0:9c:1c:a4:63:d9:07:da:3e:82:9d:62:5a:74:60:94:8f:
         b8:3b:e3:07:9b:ea:fa:4b:c1:5e:03:6d:a3:c7:2e:6b:0d:0d:
         e3:df:03:cd:87:97:e2:6b:56:59:07:17:cb:f4:20:51:2d:25:
         70:0a:2c:ce:25:f0:e1:b8:51:c1:19:e1:42:d0:a5:f8:86:46:
         08:62:55:11:b9:af:f3:29:6f:a8:ff:cb:b9:0d:80:ac:af:4b:
         9a:cd:9c:0f:db:66:92:66:5d:44:4a:81:40:e4:e0:09:57:c4:
         23:ab:58:5a:ef:4d:9c:e7:a3:45:9c:1b:fb:55:29:6c:ec:21:
         c0:9b:3e:2d:3a:cf:6f:9f:12:cf:28:05:06:52:26:e0:b9:ad:
         84:48:93:83:0e:d7:22:29:7c:b3:e0:3c:6d:82:6e:21:96:ae:
         59:78:33:a5:2c:bc:2a:10:88:b0:f4:cc:d7:62:54:3a:f3:08:
         16:66:6e:5d:87:fa:14:ab:32:e0:79:dd:05:d3:30:81:24:32:
         8a:a0:e0:ca:28:d9:ab:f0:90:9a:58:a3:a3:84:45:90:b4:2a:
         32:1b:33:21:bd:7e:75:a8:c9:b6:84:74:8e:bf:a3:5f:e0:19:
         ff:16:ad:0c:fe:a7:70:f0:08:8c:04:af:a7:63:08:17:45:cd:
         9f:04:48:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NeHc5KhN82BFKA/gJQPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMTZiZGU2NGE5YTliYmEzZmZhMTQzOGExOTdhYzNmOTQ5
ODlmYWYwHhcNMjYwMTAxMjAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzg2ZTlhNGU3Y2Q3YzU2MWQxYzQyZDZkODFhZGNmNTFkMjJmMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRi7M+2d9lKtKHtLZAuYvjdjlMyt
94CjrCw0Pgik6fULrxMHNctAJC9dn+kN+GHPQPrWbvhFUg0kWx73bSiX92wGfWR1
sL8bX5w/xE1FkjTz6uAHRlqnGmytXlCGfO2pZa1qN2AMaF3oc06xu1X59d+kht+Y
3iE2btYsO0q7Q+h7vk5L33yE+9o9k6iPvvkPb2luI47cvXzbQBrcnk/nq+e4cIQ5
fuF7eh2ftrkzx5GLu5yPcwGRAQquHVweeZ4liDda6gtCcWccuxgmSAtXqAehIcZJ
qiML4BKzPySUvUBTfrHr6Ph6AJC43kw6UylHKSKV4rAzJd4kAdk6YcsKVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyG6aTnzXxWHRxC1tga3PUdIvGUMB8GA1UdIwQY
MBaAFI4WveZKmpu6P/oUOKGXrD+UmJ+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamhhOTVrcWFtN29fLWhRNG9aZXNQNVNZbjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zOWFiMmUtZmVlYi00YTBlLTg3NDAt
NDUyOTZjMzJmMGEzLzEvcklicHBPZk5mRllkSEVMVzJCcmM5UjBpOFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zOWFiMmUtZmVlYi00YTBlLTg3NDAtNDUyOTZjMzJmMGEz
LzEvamhhOTVrcWFtN29fLWhRNG9aZXNQNVNZbjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH97rMA0G
CSqGSIb3DQEBCwUAA4IBAQBm8JwcpGPZB9o+gp1iWnRglI+4O+MHm+r6S8FeA22j
xy5rDQ3j3wPNh5fia1ZZBxfL9CBRLSVwCizOJfDhuFHBGeFC0KX4hkYIYlURua/z
KW+o/8u5DYCsr0uazZwP22aSZl1ESoFA5OAJV8Qjq1ha702c56NFnBv7VSls7CHA
mz4tOs9vnxLPKAUGUibgua2ESJODDtciKXyz4Dxtgm4hlq5ZeDOlLLwqEIiw9MzX
YlQ68wgWZm5dh/oUqzLged0F0zCBJDKKoODKKNmr8JCaWKOjhEWQtCoyGzMhvX51
qMm2hHSOv6Nf4Bn/Fq0M/qdw8AiMBK+nYwgXRc2fBEhg
-----END CERTIFICATE-----