This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/5Ju1qX--J3HOgcR1k8QAKDxXXHc.roa
File:                     5Ju1qX--J3HOgcR1k8QAKDxXXHc.roa (raw, json)
Hash identifier:          8kVmTNyTFZ9R8MuPpMHLn7YURpqY+ovikb7CJ1Jn0UI=
Subject key identifier:   E4:9B:B5:A9:7F:BE:27:71:CE:81:C4:75:93:C4:00:28:3C:57:5C:77
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B7759080218505928538C5F2F08EDDDFE
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/5Ju1qX--J3HOgcR1k8QAKDxXXHc.roa
Signing time:             Thu 01 Jan 2026 02:18:01 +0000
ROA not before:           Thu 01 Jan 2026 02:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204009
IP address blocks:        85.31.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:08:02:18:50:59:28:53:8c:5f:2f:08:ed:dd:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e49bb5a97fbe2771ce81c47593c400283c575c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fb:85:e6:36:e6:3c:94:d3:36:19:99:db:79:
                    48:49:06:55:b1:e1:92:8b:2b:af:83:ee:46:16:0a:
                    06:a8:71:5a:f0:8f:bd:db:d2:20:aa:1d:04:b8:c2:
                    2d:c8:dc:a6:a0:23:be:37:4f:79:f4:e0:4b:9b:45:
                    19:06:50:91:06:5a:f5:b8:44:0d:c4:c6:57:bc:bf:
                    0d:38:bc:5d:0f:9c:73:21:b0:4e:04:ea:c9:64:5f:
                    38:12:b0:8a:5d:50:73:a4:26:2f:4a:b3:a8:2c:a4:
                    08:51:82:1c:0e:90:6b:a0:5a:3a:8b:ee:48:c6:f4:
                    cb:3f:78:1c:dc:e6:49:3f:08:bf:22:36:2c:d9:9e:
                    f0:0d:f2:1d:c4:30:1c:f2:07:fe:96:6a:e0:21:1c:
                    ad:e1:c5:57:9b:6e:cc:55:f5:13:53:ee:df:5c:17:
                    71:ff:d6:02:ff:42:74:87:0f:aa:62:c5:e8:25:fe:
                    98:41:d3:72:2b:00:57:73:90:1c:25:aa:1c:ec:33:
                    b8:30:df:f6:55:96:ab:ca:a2:1d:a7:e5:06:02:9e:
                    c9:e6:97:cf:53:6f:9b:17:92:43:21:8f:3e:db:70:
                    e5:bf:58:d4:04:2a:d2:a1:62:ea:a5:cc:51:01:4e:
                    82:30:c7:58:75:75:54:b0:b9:81:fd:c6:1d:c1:8d:
                    0d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:9B:B5:A9:7F:BE:27:71:CE:81:C4:75:93:C4:00:28:3C:57:5C:77
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/5Ju1qX--J3HOgcR1k8QAKDxXXHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:02:a9:e4:fa:f2:3f:3f:93:9e:74:5f:b3:ea:4b:c8:df:62:
         fb:b0:a7:ac:27:e1:70:60:c9:ab:78:8a:58:72:f8:7f:3e:7e:
         1b:0b:e0:7d:5d:e9:f0:22:07:04:40:a9:9c:1a:54:17:91:63:
         17:1e:10:45:36:3b:9e:9a:9a:48:f6:61:40:59:83:26:a3:6a:
         ac:20:03:22:84:e7:86:70:c4:76:64:23:d3:ab:9e:b2:df:67:
         92:32:bc:f6:25:71:49:91:c6:4f:35:a2:9c:d2:24:9e:cd:24:
         44:6e:06:a6:08:b5:84:cd:df:dd:ce:19:f7:4b:f1:f5:ca:a4:
         37:d1:3a:4a:30:95:e8:1a:f4:a0:8b:d9:6b:4c:cb:87:25:83:
         85:1f:7b:65:5d:7b:ed:45:8f:b2:f1:df:1a:9c:f1:80:54:bd:
         46:cb:03:5f:79:c0:2e:d6:9b:37:35:72:80:75:4e:aa:33:9c:
         76:a1:30:67:24:45:4e:c8:d0:23:0e:d0:8e:1c:df:7b:bf:2e:
         c0:a9:5d:cd:35:46:7d:0c:49:2f:45:6c:f2:0d:ec:db:ef:60:
         9d:60:ec:a0:d3:46:71:52:de:87:ac:5d:9e:85:cb:5d:85:ca:
         fa:0d:16:a6:d1:ef:23:f9:08:2e:14:60:9e:a6:24:11:4d:5e:
         12:26:71:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQgCGFBZKFOMXy8I7d3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDliYjVhOTdmYmUyNzcxY2U4MWM0NzU5M2M0MDAyODNjNTc1Yzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPuF5jbmPJTTNhmZ23lISQZVseGS
iyuvg+5GFgoGqHFa8I+929Igqh0EuMItyNymoCO+N0959OBLm0UZBlCRBlr1uEQN
xMZXvL8NOLxdD5xzIbBOBOrJZF84ErCKXVBzpCYvSrOoLKQIUYIcDpBroFo6i+5I
xvTLP3gc3OZJPwi/IjYs2Z7wDfIdxDAc8gf+lmrgIRyt4cVXm27MVfUTU+7fXBdx
/9YC/0J0hw+qYsXoJf6YQdNyKwBXc5AcJaoc7DO4MN/2VZaryqIdp+UGAp7J5pfP
U2+bF5JDIY8+23Dlv1jUBCrSoWLqpcxRAU6CMMdYdXVUsLmB/cYdwY0NxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSbtal/vidxzoHEdZPEACg8V1x3MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvNUp1MXFYLS1KM0hPZ2NSMWs4UUFLRHhYWEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/8MA0G
CSqGSIb3DQEBCwUAA4IBAQBrAqnk+vI/P5OedF+z6kvI32L7sKesJ+FwYMmreIpY
cvh/Pn4bC+B9XenwIgcEQKmcGlQXkWMXHhBFNjuemppI9mFAWYMmo2qsIAMihOeG
cMR2ZCPTq56y32eSMrz2JXFJkcZPNaKc0iSezSREbgamCLWEzd/dzhn3S/H1yqQ3
0TpKMJXoGvSgi9lrTMuHJYOFH3tlXXvtRY+y8d8anPGAVL1GywNfecAu1ps3NXKA
dU6qM5x2oTBnJEVOyNAjDtCOHN97vy7AqV3NNUZ9DEkvRWzyDezb72CdYOyg00Zx
Ut6HrF2ehctdhcr6DRam0e8j+QguFGCepiQRTV4SJnHL
-----END CERTIFICATE-----