This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/Io_ZVHvCyR6E0UkrByDPhBSjf28.roa
File:                     Io_ZVHvCyR6E0UkrByDPhBSjf28.roa (raw, json)
Hash identifier:          GgHe68vIGWEdGtgi9K1dWLKGMpr22uj5DBtVFq/PEt8=
Subject key identifier:   22:8F:D9:54:7B:C2:C9:1E:84:D1:49:2B:07:20:CF:84:14:A3:7F:6F
Certificate issuer:       /CN=894928a39627cd5ee5f975bd897c2d775ab29940
Certificate serial:       019B7CEE4A80E45C81513EE29068EF9F532A
Authority key identifier: 89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/Io_ZVHvCyR6E0UkrByDPhBSjf28.roa
Signing time:             Fri 02 Jan 2026 04:19:10 +0000
ROA not before:           Fri 02 Jan 2026 04:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30698
IP address blocks:        192.48.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:4a:80:e4:5c:81:51:3e:e2:90:68:ef:9f:53:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=894928a39627cd5ee5f975bd897c2d775ab29940
        Validity
            Not Before: Jan  2 04:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=228fd9547bc2c91e84d1492b0720cf8414a37f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:39:6c:d4:d2:e8:8c:e0:2f:5b:51:e9:12:d0:
                    fc:bc:a3:a9:29:15:0b:52:0b:57:35:3f:fa:dd:29:
                    a2:21:ca:08:4f:0d:19:84:5c:7f:54:44:d5:92:83:
                    17:fb:a6:fc:81:6d:7c:f7:22:48:8c:61:1b:cd:d6:
                    90:a5:27:93:36:22:aa:5b:d7:95:af:c7:0d:41:e1:
                    02:d6:d2:98:18:67:51:93:3c:8d:2c:3f:23:0a:a6:
                    7c:90:25:67:77:5c:41:c5:a0:f2:fd:c3:d4:66:22:
                    51:26:83:02:75:a8:34:b4:9a:e5:8b:06:b7:32:14:
                    ba:2a:1d:06:a7:cd:f1:bc:56:9a:f1:e9:d0:1e:0d:
                    85:f4:4b:e4:bc:54:c1:46:09:9a:a6:09:c1:a5:d0:
                    90:bf:00:92:08:93:3f:95:d1:66:45:9a:f0:ba:0e:
                    e4:58:fd:1a:35:96:a4:ef:ba:9f:ea:66:43:57:09:
                    6a:b1:0b:4e:46:4f:b1:05:ce:8b:30:c9:ce:32:e8:
                    51:b0:35:16:83:89:8c:b2:d4:50:ab:56:15:b8:4b:
                    01:bb:8c:d2:6b:31:79:80:9f:b4:b5:d5:9b:54:98:
                    85:2a:da:48:7d:2d:e6:13:c3:c3:f0:3d:11:a2:b2:
                    84:da:45:6c:c8:84:4a:be:95:dc:e8:b5:ea:40:05:
                    80:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:8F:D9:54:7B:C2:C9:1E:84:D1:49:2B:07:20:CF:84:14:A3:7F:6F
            X509v3 Authority Key Identifier:
                keyid:89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/Io_ZVHvCyR6E0UkrByDPhBSjf28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.48.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:27:38:a5:ac:43:75:b0:56:ca:d5:2b:71:00:af:f2:d1:30:
         36:0b:f1:6b:24:59:77:60:63:8c:f0:31:28:d5:95:95:98:86:
         2b:8f:e9:8a:62:2c:e3:bc:9a:6f:78:da:6a:c6:da:e7:7d:0e:
         a9:84:52:42:2e:46:f5:26:74:85:99:4f:29:56:b8:3a:eb:4d:
         da:2e:0a:80:ae:32:d3:20:97:cf:0c:31:34:cf:d0:22:9f:9a:
         a8:9a:9d:ad:80:8d:0e:29:05:b2:00:d5:1e:2e:8d:81:a5:aa:
         74:8f:db:78:ef:be:3e:23:25:cf:55:0a:df:0c:1c:79:2c:69:
         a0:0b:7e:8b:47:d4:dd:1b:61:12:23:16:59:b5:f4:b4:eb:c1:
         1a:f5:b0:3b:f8:e9:71:18:9d:cb:96:3a:f6:cf:14:fe:db:4f:
         25:1f:bf:62:ed:79:67:6d:01:65:3d:47:08:b5:0c:5e:ed:89:
         70:4c:72:91:e8:d3:b0:72:46:15:8c:29:10:71:8a:5c:bd:2b:
         5d:3f:34:0a:f6:66:3c:71:7b:15:8f:90:f8:a2:4f:3e:c2:c7:
         37:c2:a2:b7:cd:6f:58:00:48:4c:9a:b1:67:89:45:00:64:ec:
         57:53:bf:53:81:f5:d4:90:48:ce:07:a4:38:44:c8:2a:09:4d:
         2a:85:79:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87kqA5FyBUT7ikGjvn1MqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NDkyOGEzOTYyN2NkNWVlNWY5NzViZDg5N2MyZDc3NWFi
Mjk5NDAwHhcNMjYwMTAyMDQxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjhmZDk1NDdiYzJjOTFlODRkMTQ5MmIwNzIwY2Y4NDE0YTM3ZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDls1NLojOAvW1HpEtD8vKOpKRUL
UgtXNT/63SmiIcoITw0ZhFx/VETVkoMX+6b8gW189yJIjGEbzdaQpSeTNiKqW9eV
r8cNQeEC1tKYGGdRkzyNLD8jCqZ8kCVnd1xBxaDy/cPUZiJRJoMCdag0tJrliwa3
MhS6Kh0Gp83xvFaa8enQHg2F9EvkvFTBRgmapgnBpdCQvwCSCJM/ldFmRZrwug7k
WP0aNZak77qf6mZDVwlqsQtORk+xBc6LMMnOMuhRsDUWg4mMstRQq1YVuEsBu4zS
azF5gJ+0tdWbVJiFKtpIfS3mE8PD8D0RorKE2kVsyIRKvpXc6LXqQAWAAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKP2VR7wskehNFJKwcgz4QUo39vMB8GA1UdIwQY
MBaAFIlJKKOWJ81e5fl1vYl8LXdasplAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEt
MTU5M2Q0MDQ1Y2JjLzEvSW9fWlZIdkN5UjZFMFVrckJ5RFBoQlNqZjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEtMTU5M2Q0MDQ1Y2Jj
LzEvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDAfMA0G
CSqGSIb3DQEBCwUAA4IBAQAvJzilrEN1sFbK1StxAK/y0TA2C/FrJFl3YGOM8DEo
1ZWVmIYrj+mKYizjvJpveNpqxtrnfQ6phFJCLkb1JnSFmU8pVrg6603aLgqArjLT
IJfPDDE0z9Ain5qomp2tgI0OKQWyANUeLo2Bpap0j9t4774+IyXPVQrfDBx5LGmg
C36LR9TdG2ESIxZZtfS068Ea9bA7+OlxGJ3Lljr2zxT+208lH79i7XlnbQFlPUcI
tQxe7YlwTHKR6NOwckYVjCkQcYpcvStdPzQK9mY8cXsVj5D4ok8+wsc3wqK3zW9Y
AEhMmrFniUUAZOxXU79TgfXUkEjOB6Q4RMgqCU0qhXmO
-----END CERTIFICATE-----