This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/r53oyYolcOu-UfgcT_tdtf7-39c.roa
File:                     r53oyYolcOu-UfgcT_tdtf7-39c.roa (raw, json)
Hash identifier:          0h3BGKzWIs5UPZjIeVM1ksoF8ZK9Q6Fzsphmnty3gCM=
Subject key identifier:   AF:9D:E8:C9:8A:25:70:EB:BE:51:F8:1C:4F:FB:5D:B5:FE:FE:DF:D7
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019B7E38BF1C0BE02B43941BB80CFA80A59C
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/r53oyYolcOu-UfgcT_tdtf7-39c.roa
Signing time:             Fri 02 Jan 2026 10:20:06 +0000
ROA not before:           Fri 02 Jan 2026 10:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9294
IP address blocks:        31.42.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:bf:1c:0b:e0:2b:43:94:1b:b8:0c:fa:80:a5:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jan  2 10:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af9de8c98a2570ebbe51f81c4ffb5db5fefedfd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1d:98:f7:58:53:a3:bf:a2:af:ef:76:a9:d0:
                    2c:fa:c2:7e:a9:f6:ba:96:9e:7e:f7:4d:2a:1b:1c:
                    28:72:4a:af:ad:62:28:9f:7e:35:27:6e:43:fe:5a:
                    ed:7d:e8:2c:51:20:95:85:e2:18:2b:e5:6a:0d:f4:
                    81:29:83:d2:a3:b0:ce:71:10:28:12:26:03:eb:4c:
                    ac:19:63:2c:da:4d:87:88:72:62:d2:4d:5a:9d:58:
                    17:08:35:92:25:87:32:ae:95:21:ad:ed:80:73:45:
                    a0:ca:26:8d:29:f9:e9:48:14:11:6e:ec:41:0f:a6:
                    3c:f2:de:72:f5:0e:56:d6:25:bc:b6:48:12:5a:de:
                    b0:c7:97:5d:9d:b3:a7:b9:87:a5:3a:39:02:65:04:
                    fe:a3:aa:3b:1d:6e:03:19:b7:33:35:3c:b5:9e:cd:
                    69:65:c0:f7:3d:30:c0:57:63:72:8c:8a:54:bd:07:
                    d3:4a:cf:a6:b8:89:51:c3:b7:6e:8f:5a:04:2b:31:
                    41:a5:80:0f:13:a4:50:01:75:b9:cf:fd:59:83:0b:
                    2e:aa:98:5f:73:09:0b:0a:d2:ae:41:8d:34:e2:e9:
                    a3:b8:22:5c:a3:34:d8:cf:d0:2c:44:3e:3c:c3:fa:
                    a0:5f:88:25:20:83:4d:e7:8b:d5:63:fd:de:b3:ef:
                    65:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:9D:E8:C9:8A:25:70:EB:BE:51:F8:1C:4F:FB:5D:B5:FE:FE:DF:D7
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/r53oyYolcOu-UfgcT_tdtf7-39c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:3c:82:1c:88:04:7b:26:85:a2:f5:cf:d3:4f:d7:23:35:e5:
         a1:6d:57:0e:bb:84:ea:86:3b:e0:67:a3:cd:7e:53:37:34:2a:
         b2:8e:45:a6:26:92:d2:f0:3e:9e:a7:6c:7f:6b:b2:c7:63:02:
         4b:46:bd:28:96:d5:95:ac:ee:86:5e:d0:cb:39:55:59:de:4d:
         63:82:9c:93:65:29:57:6e:da:b2:d1:f6:9b:be:74:5b:5e:e1:
         fe:d7:73:df:a8:5d:8c:41:20:48:05:8c:0d:1d:58:ac:a7:f6:
         33:bf:50:4f:17:de:2a:2d:e3:e2:ad:ba:89:91:68:d4:8c:11:
         71:50:45:20:e0:6f:21:c3:ad:d1:80:6b:66:4b:b6:e0:2a:ac:
         6d:16:e1:95:8b:8f:5f:0b:46:4a:05:0d:b6:65:a9:ba:ed:11:
         65:c3:6b:5b:eb:ff:27:67:9b:9e:67:01:9e:14:e6:81:d9:d4:
         11:03:6f:3c:22:a6:90:fb:07:80:eb:c6:6d:1f:5e:58:48:f8:
         b4:f1:03:89:10:c5:94:5e:5b:f2:40:f7:08:f0:1b:c4:36:ab:
         04:ab:64:97:cd:06:78:4f:76:78:ff:24:d0:c3:80:6e:9a:fd:
         54:83:ba:01:c3:35:13:be:9d:04:26:fa:8c:e6:fe:e3:6d:0b:
         00:d7:46:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OL8cC+ArQ5QbuAz6gKWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMTAyMTAyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjlkZThjOThhMjU3MGViYmU1MWY4MWM0ZmZiNWRiNWZlZmVkZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh2Y91hTo7+ir+92qdAs+sJ+qfa6
lp5+900qGxwockqvrWIon341J25D/lrtfegsUSCVheIYK+VqDfSBKYPSo7DOcRAo
EiYD60ysGWMs2k2HiHJi0k1anVgXCDWSJYcyrpUhre2Ac0WgyiaNKfnpSBQRbuxB
D6Y88t5y9Q5W1iW8tkgSWt6wx5ddnbOnuYelOjkCZQT+o6o7HW4DGbczNTy1ns1p
ZcD3PTDAV2NyjIpUvQfTSs+muIlRw7duj1oEKzFBpYAPE6RQAXW5z/1Zgwsuqphf
cwkLCtKuQY004umjuCJcozTYz9AsRD48w/qgX4glIINN54vVY/3es+9lawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+d6MmKJXDrvlH4HE/7XbX+/t/XMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvcjUzb3lZb2xjT3UtVWZnY1RfdGR0ZjctMzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp5MA0G
CSqGSIb3DQEBCwUAA4IBAQAdPIIciAR7JoWi9c/TT9cjNeWhbVcOu4TqhjvgZ6PN
flM3NCqyjkWmJpLS8D6ep2x/a7LHYwJLRr0oltWVrO6GXtDLOVVZ3k1jgpyTZSlX
btqy0fabvnRbXuH+13PfqF2MQSBIBYwNHVisp/Yzv1BPF94qLePirbqJkWjUjBFx
UEUg4G8hw63RgGtmS7bgKqxtFuGVi49fC0ZKBQ22Zam67RFlw2tb6/8nZ5ueZwGe
FOaB2dQRA288IqaQ+weA68ZtH15YSPi08QOJEMWUXlvyQPcI8BvENqsEq2SXzQZ4
T3Z4/yTQw4Bumv1Ug7oBwzUTvp0EJvqM5v7jbQsA10Z8
-----END CERTIFICATE-----