This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/6UB2fd80X8NF3hjgXuy_lEnL14k.roa
File:                     6UB2fd80X8NF3hjgXuy_lEnL14k.roa (raw, json)
Hash identifier:          FwGNu6vnkuFrpQLSRXI1YDdbNMKa0QpgsCze4fDjYDM=
Subject key identifier:   E9:40:76:7D:DF:34:5F:C3:45:DE:18:E0:5E:EC:BF:94:49:CB:D7:89
Certificate issuer:       /CN=c44db8b0983acf97a3255152c2ea592adae7735b
Certificate serial:       019B78356145F78DCEB9F7C2141986E683B3
Authority key identifier: C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/6UB2fd80X8NF3hjgXuy_lEnL14k.roa
Signing time:             Thu 01 Jan 2026 06:18:42 +0000
ROA not before:           Thu 01 Jan 2026 06:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14713
IP address blocks:        31.13.193.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:61:45:f7:8d:ce:b9:f7:c2:14:19:86:e6:83:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c44db8b0983acf97a3255152c2ea592adae7735b
        Validity
            Not Before: Jan  1 06:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e940767ddf345fc345de18e05eecbf9449cbd789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:18:71:ae:ac:21:d6:d1:7e:f8:c8:27:a5:4b:
                    1a:26:e8:6a:0d:fc:72:a2:98:f4:a6:4e:75:7e:df:
                    14:3a:6e:33:4f:03:ca:de:32:80:9b:e4:e6:2e:8d:
                    91:4b:58:c9:ae:37:bb:b4:b2:5a:9b:c0:a7:5f:e6:
                    ec:ec:d3:5d:cd:4d:86:75:7b:8e:b9:d1:d8:d8:15:
                    3a:f9:43:99:67:d8:a1:a0:e8:60:aa:37:bc:e6:04:
                    c3:39:1a:b7:6d:3c:49:71:c5:86:0c:68:cb:c1:71:
                    83:b8:d2:d7:33:7a:b9:2d:d4:dc:1e:78:91:5a:9d:
                    f7:d9:0a:46:81:ef:31:40:11:08:35:4e:f7:20:8b:
                    0d:08:3e:fd:22:c3:40:8f:4e:4e:02:2c:38:48:5b:
                    b2:f1:4a:af:24:be:ea:ae:63:f4:8d:cd:83:fb:1e:
                    0e:e1:e9:ef:74:e0:06:4f:8e:b4:8f:21:79:81:a2:
                    a1:35:a3:29:b1:32:15:93:52:91:22:91:97:c7:3a:
                    2a:54:61:c0:9b:03:c3:c5:de:6a:58:89:ff:57:42:
                    30:e6:d9:89:6f:82:f0:10:ad:fe:8c:f0:51:27:3d:
                    eb:a2:b5:97:80:c1:47:d6:f1:e4:73:15:90:5d:34:
                    1b:a3:5e:73:55:ec:42:43:50:b9:10:9b:59:78:90:
                    c9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:40:76:7D:DF:34:5F:C3:45:DE:18:E0:5E:EC:BF:94:49:CB:D7:89
            X509v3 Authority Key Identifier:
                keyid:C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/6UB2fd80X8NF3hjgXuy_lEnL14k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:56:76:bb:ad:67:88:2a:7f:e4:da:3e:98:86:3e:28:7c:93:
         b2:28:3b:64:d7:46:7d:9a:70:8c:5c:94:fc:a3:5a:71:ef:31:
         89:bc:54:ea:07:d3:7b:8b:5f:86:63:79:a6:aa:dd:6f:b8:cc:
         fc:89:4f:c8:69:a0:07:bd:28:61:01:bb:a5:50:57:b5:d6:03:
         13:9b:9d:3d:39:dd:26:be:d4:0d:6b:ea:86:62:f6:d8:55:98:
         ad:f6:be:97:b9:24:2f:65:20:ce:5f:c5:7e:01:0f:d5:d1:f3:
         39:f3:1f:9c:b0:72:97:25:28:d7:85:62:96:d6:e7:ef:29:65:
         7f:08:df:0d:9a:f0:5d:1f:e9:e0:5d:1f:37:3b:55:f8:7a:fe:
         7a:42:e4:92:59:45:57:67:ed:32:c6:07:36:70:2b:ab:56:17:
         95:74:97:9b:5a:2f:ea:7c:1d:42:db:d6:d0:1a:3c:39:96:d6:
         be:59:d4:4a:4a:23:28:83:47:61:14:a1:08:3a:6b:16:24:c4:
         cd:03:ef:f0:7a:44:e8:66:7b:38:3e:04:b2:ce:93:30:6d:99:
         c0:8e:63:6e:0d:c1:34:6b:e4:4c:5a:cb:08:18:f8:50:b4:60:
         34:a5:56:39:a5:0e:68:79:92:62:77:28:5d:47:4b:44:a2:11:
         c6:86:b1:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NWFF943OuffCFBmG5oOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NGRiOGIwOTgzYWNmOTdhMzI1NTE1MmMyZWE1OTJhZGFl
NzczNWIwHhcNMjYwMTAxMDYxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQwNzY3ZGRmMzQ1ZmMzNDVkZTE4ZTA1ZWVjYmY5NDQ5Y2JkNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxhxrqwh1tF++MgnpUsaJuhqDfxy
opj0pk51ft8UOm4zTwPK3jKAm+TmLo2RS1jJrje7tLJam8CnX+bs7NNdzU2GdXuO
udHY2BU6+UOZZ9ihoOhgqje85gTDORq3bTxJccWGDGjLwXGDuNLXM3q5LdTcHniR
Wp332QpGge8xQBEINU73IIsNCD79IsNAj05OAiw4SFuy8UqvJL7qrmP0jc2D+x4O
4envdOAGT460jyF5gaKhNaMpsTIVk1KRIpGXxzoqVGHAmwPDxd5qWIn/V0Iw5tmJ
b4LwEK3+jPBRJz3rorWXgMFH1vHkcxWQXTQbo15zVexCQ1C5EJtZeJDJcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlAdn3fNF/DRd4Y4F7sv5RJy9eJMB8GA1UdIwQY
MBaAFMRNuLCYOs+XoyVRUsLqWSra53NbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYt
ZWVkZDk0ZWMxMjhjLzEvNlVCMmZkODBYOE5GM2hqZ1h1eV9sRW5MMTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYtZWVkZDk0ZWMxMjhj
LzEveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw3BMA0G
CSqGSIb3DQEBCwUAA4IBAQAQVna7rWeIKn/k2j6Yhj4ofJOyKDtk10Z9mnCMXJT8
o1px7zGJvFTqB9N7i1+GY3mmqt1vuMz8iU/IaaAHvShhAbulUFe11gMTm509Od0m
vtQNa+qGYvbYVZit9r6XuSQvZSDOX8V+AQ/V0fM58x+csHKXJSjXhWKW1ufvKWV/
CN8NmvBdH+ngXR83O1X4ev56QuSSWUVXZ+0yxgc2cCurVheVdJebWi/qfB1C29bQ
Gjw5lta+WdRKSiMog0dhFKEIOmsWJMTNA+/wekToZns4PgSyzpMwbZnAjmNuDcE0
a+RMWssIGPhQtGA0pVY5pQ5oeZJidyhdR0tEohHGhrFT
-----END CERTIFICATE-----