This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/J9O43xYmuudrm9WfAZOmdxUp93k.roa
File:                     J9O43xYmuudrm9WfAZOmdxUp93k.roa (raw, json)
Hash identifier:          WhtJDa75ObWfQgkdawtnr9LNjIHPdoA2WKgTe+sOn04=
Subject key identifier:   27:D3:B8:DF:16:26:BA:E7:6B:9B:D5:9F:01:93:A6:77:15:29:F7:79
Certificate issuer:       /CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
Certificate serial:       019B7FF24CA93ED2D2A828C1AB76D224CEC6
Authority key identifier: 62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/J9O43xYmuudrm9WfAZOmdxUp93k.roa
Signing time:             Fri 02 Jan 2026 18:22:24 +0000
ROA not before:           Fri 02 Jan 2026 18:22:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200468
IP address blocks:        31.3.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:4c:a9:3e:d2:d2:a8:28:c1:ab:76:d2:24:ce:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
        Validity
            Not Before: Jan  2 18:22:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27d3b8df1626bae76b9bd59f0193a6771529f779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fe:c6:5c:7d:10:a7:9b:02:d5:cf:97:e4:69:
                    92:83:9e:f6:c9:b9:08:42:00:90:c5:ab:80:2f:36:
                    ab:12:1f:dd:7b:ad:49:88:73:ec:f3:33:a4:f7:61:
                    6c:6c:41:9c:29:e5:d3:d6:11:45:92:ca:b1:79:e4:
                    33:ce:9b:3a:a2:50:01:73:4a:f3:c7:d0:9a:4e:24:
                    d1:22:39:89:49:04:6a:49:38:f7:75:9d:18:37:2f:
                    51:74:c2:86:eb:bb:81:b1:bd:70:4d:62:fe:72:d9:
                    73:cb:3f:3d:f0:4a:e2:6b:01:a1:bc:b5:1d:45:91:
                    e2:44:1d:94:e8:25:23:16:f7:e7:68:14:77:bc:47:
                    78:03:7c:48:13:b9:c4:7f:6a:07:40:b2:b2:c2:af:
                    6f:e6:9a:7d:80:66:e8:a3:97:ca:e8:00:52:f2:42:
                    e0:3b:4f:26:e0:75:56:30:ff:97:1f:2f:7f:63:bb:
                    26:1e:56:3c:58:97:ca:91:94:01:7f:19:15:0e:9d:
                    ed:ae:de:bb:50:70:40:5d:cb:93:6d:ea:55:cc:39:
                    62:b9:3e:53:e1:69:6c:b9:02:af:30:77:6d:d9:06:
                    bf:90:e0:08:85:11:66:d4:4c:1f:ea:83:e8:e9:c3:
                    75:ff:c7:22:c9:32:26:81:a6:3e:d1:fd:21:c7:d0:
                    6e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:D3:B8:DF:16:26:BA:E7:6B:9B:D5:9F:01:93:A6:77:15:29:F7:79
            X509v3 Authority Key Identifier:
                keyid:62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/J9O43xYmuudrm9WfAZOmdxUp93k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:3c:f3:12:5a:46:91:28:53:f0:20:0e:d6:34:73:2b:36:b4:
         3e:5e:37:2c:3b:02:98:9b:55:73:55:9e:e2:15:54:2b:ba:a9:
         79:33:b1:9b:d2:9e:41:77:d9:bf:c5:ea:83:f5:77:d6:05:de:
         de:d6:1b:85:f1:82:0d:63:c2:af:91:0b:01:84:f1:28:3b:ca:
         09:e4:c4:3c:17:41:e1:90:39:4a:ad:9b:c6:2c:0e:af:ef:88:
         20:65:d8:1c:b8:1c:32:8a:a6:84:70:4d:a3:e4:a4:63:6f:ce:
         db:6f:76:5d:31:d1:63:21:63:ad:3b:6a:4a:b8:72:1e:fe:2b:
         b4:d9:3c:f1:a0:82:fc:2d:a5:39:b0:d0:6d:99:82:37:4d:0f:
         48:26:cb:e5:4b:47:f8:da:09:96:3c:86:8c:b2:69:6d:3d:ab:
         a6:dc:c8:07:a4:36:87:28:60:f9:d0:e0:4f:18:d4:fb:27:04:
         41:39:03:b6:22:7f:23:13:e0:b4:26:68:be:8b:e8:c4:67:73:
         7e:f5:47:c2:4d:a4:ef:69:af:32:4b:24:af:07:81:81:85:13:
         00:74:c3:8c:c4:40:4c:e5:4c:63:4f:10:95:3d:6b:a6:62:76:
         b4:1d:b2:bd:60:1d:e9:3c:1f:2b:26:6f:69:ad:2c:ff:54:ac:
         09:ab:c7:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8kypPtLSqCjBq3bSJM7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDE5MGIyMzhkOTdhZjc5MDBiZGNiZDAyMzA0Yjc4MmZm
Y2FmMmEwHhcNMjYwMTAyMTgyMjI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2QzYjhkZjE2MjZiYWU3NmI5YmQ1OWYwMTkzYTY3NzE1MjlmNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP7GXH0Qp5sC1c+X5GmSg572ybkI
QgCQxauALzarEh/de61JiHPs8zOk92FsbEGcKeXT1hFFksqxeeQzzps6olABc0rz
x9CaTiTRIjmJSQRqSTj3dZ0YNy9RdMKG67uBsb1wTWL+ctlzyz898EriawGhvLUd
RZHiRB2U6CUjFvfnaBR3vEd4A3xIE7nEf2oHQLKywq9v5pp9gGboo5fK6ABS8kLg
O08m4HVWMP+XHy9/Y7smHlY8WJfKkZQBfxkVDp3trt67UHBAXcuTbepVzDliuT5T
4WlsuQKvMHdt2Qa/kOAIhRFm1Ewf6oPo6cN1/8ciyTImgaY+0f0hx9BuqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfTuN8WJrrna5vVnwGTpncVKfd5MB8GA1UdIwQY
MBaAFGLRkLI42Xr3kAvcvQIwS3gv/K8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTkt
MTYzZmI3MDAzZTVkLzEvSjlPNDN4WW11dWRybTlXZkFaT21keFVwOTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTktMTYzZmI3MDAzZTVk
LzEvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwPZMA0G
CSqGSIb3DQEBCwUAA4IBAQC/PPMSWkaRKFPwIA7WNHMrNrQ+XjcsOwKYm1VzVZ7i
FVQruql5M7Gb0p5Bd9m/xeqD9XfWBd7e1huF8YINY8KvkQsBhPEoO8oJ5MQ8F0Hh
kDlKrZvGLA6v74ggZdgcuBwyiqaEcE2j5KRjb87bb3ZdMdFjIWOtO2pKuHIe/iu0
2TzxoIL8LaU5sNBtmYI3TQ9IJsvlS0f42gmWPIaMsmltPaum3MgHpDaHKGD50OBP
GNT7JwRBOQO2In8jE+C0Jmi+i+jEZ3N+9UfCTaTvaa8ySySvB4GBhRMAdMOMxEBM
5UxjTxCVPWumYna0HbK9YB3pPB8rJm9prSz/VKwJq8eh
-----END CERTIFICATE-----