This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/_6MH9zVVkOeMpELiq5Cuz4TxPq4.roa
File:                     _6MH9zVVkOeMpELiq5Cuz4TxPq4.roa (raw, json)
Hash identifier:          Yf/0SmZ5VEph+y/wLg+PuwUwXOxrukDOWnmf2A7NDUI=
Subject key identifier:   FF:A3:07:F7:35:55:90:E7:8C:A4:42:E2:AB:90:AE:CF:84:F1:3E:AE
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       019B7F836C621563DE30785981D0FE9F44D5
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/_6MH9zVVkOeMpELiq5Cuz4TxPq4.roa
Signing time:             Fri 02 Jan 2026 16:21:17 +0000
ROA not before:           Fri 02 Jan 2026 16:21:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206810
IP address blocks:        31.40.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:6c:62:15:63:de:30:78:59:81:d0:fe:9f:44:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Jan  2 16:21:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ffa307f7355590e78ca442e2ab90aecf84f13eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c2:0d:19:ee:0e:67:8c:05:22:ac:9e:ef:9e:
                    7c:2b:d6:54:80:5c:f0:e3:af:03:1c:c7:f3:a7:ea:
                    78:3b:97:5d:bb:e4:da:c5:f3:86:b3:5a:20:c5:dc:
                    f6:f2:e9:b3:37:02:c6:7c:84:b1:64:0e:2b:15:e6:
                    84:64:28:19:ce:dd:42:6b:0e:6a:99:ac:fd:04:32:
                    7c:bd:d9:63:26:ab:ef:c0:e1:be:b9:27:0a:dd:60:
                    32:70:b0:64:86:f8:2e:b5:60:9b:63:1c:b9:df:01:
                    3b:33:73:ab:4d:54:81:f9:fc:29:6e:8f:c1:ad:c2:
                    ff:fa:7d:03:4d:dd:c2:cf:41:90:8f:3b:cb:ff:1f:
                    28:0f:ab:a0:7b:b1:9d:34:93:fa:0b:70:05:98:9f:
                    e9:98:75:bb:82:71:8e:d1:95:88:e1:b7:cc:3d:a0:
                    29:e6:9e:66:43:28:d0:44:55:6b:95:06:c8:dd:34:
                    60:04:18:f5:25:6c:c2:64:54:cd:f7:e7:23:56:3f:
                    f1:65:c0:f8:e5:56:b6:a1:d0:6a:50:4b:b9:46:bc:
                    b2:90:7e:a9:92:ea:e0:cb:77:c1:82:c2:31:c6:3f:
                    30:54:af:ee:89:a5:dc:8f:f8:c2:f6:31:71:a2:7f:
                    91:6c:ae:65:29:5c:a8:39:ec:1e:2d:ed:ff:4f:d0:
                    49:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:A3:07:F7:35:55:90:E7:8C:A4:42:E2:AB:90:AE:CF:84:F1:3E:AE
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/_6MH9zVVkOeMpELiq5Cuz4TxPq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:12:10:a8:28:6d:c3:5b:b4:52:4a:51:ca:a0:85:53:83:4f:
         82:33:07:30:70:51:26:85:af:c3:40:26:f4:ab:63:36:09:ac:
         d9:af:f2:4f:ea:3a:56:40:f2:30:cb:d7:e6:70:8c:c8:66:d0:
         18:26:dd:59:d5:70:6a:67:cf:86:6e:2e:58:ff:1f:9d:d8:df:
         8c:f0:20:82:f5:09:c9:b7:81:43:1b:4b:32:82:04:d0:1d:ef:
         5e:1c:b1:0c:d6:4a:d2:cb:45:e2:a8:34:c6:41:d6:8b:7d:2d:
         d8:e4:6f:5a:4f:27:2f:86:ef:c0:e4:a5:61:53:2d:a9:ad:4c:
         fc:ba:d6:d4:53:56:ab:fd:1e:3b:7a:60:93:f2:5e:9d:74:50:
         a1:ee:0d:50:dd:9d:cb:1f:d1:3b:85:72:cf:6f:1f:98:4a:f9:
         13:2b:ff:31:db:06:90:7c:61:ad:42:5b:b3:28:8b:4a:62:79:
         9b:23:84:3b:61:aa:62:70:db:43:02:1c:ca:e3:f4:81:f6:2b:
         32:5e:cd:ae:e0:74:36:3f:f7:a8:72:7a:34:98:27:05:3c:29:
         d8:70:b0:47:98:68:c9:ec:f6:ae:70:1c:18:fb:85:6e:e6:25:
         5f:ea:f8:ee:27:04:99:97:44:32:54:79:49:86:81:f7:3e:fb:
         e9:78:48:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g2xiFWPeMHhZgdD+n0TVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjYwMTAyMTYyMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmEzMDdmNzM1NTU5MGU3OGNhNDQyZTJhYjkwYWVjZjg0ZjEzZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28INGe4OZ4wFIqye7558K9ZUgFzw
468DHMfzp+p4O5ddu+TaxfOGs1ogxdz28umzNwLGfISxZA4rFeaEZCgZzt1Caw5q
maz9BDJ8vdljJqvvwOG+uScK3WAycLBkhvgutWCbYxy53wE7M3OrTVSB+fwpbo/B
rcL/+n0DTd3Cz0GQjzvL/x8oD6uge7GdNJP6C3AFmJ/pmHW7gnGO0ZWI4bfMPaAp
5p5mQyjQRFVrlQbI3TRgBBj1JWzCZFTN9+cjVj/xZcD45Va2odBqUEu5RryykH6p
kurgy3fBgsIxxj8wVK/uiaXcj/jC9jFxon+RbK5lKVyoOeweLe3/T9BJkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+jB/c1VZDnjKRC4quQrs+E8T6uMB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvXzZNSDl6VlZrT2VNcEVMaXE1Q3V6NFR4UHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyidMA0G
CSqGSIb3DQEBCwUAA4IBAQAHEhCoKG3DW7RSSlHKoIVTg0+CMwcwcFEmha/DQCb0
q2M2CazZr/JP6jpWQPIwy9fmcIzIZtAYJt1Z1XBqZ8+Gbi5Y/x+d2N+M8CCC9QnJ
t4FDG0syggTQHe9eHLEM1krSy0XiqDTGQdaLfS3Y5G9aTycvhu/A5KVhUy2prUz8
utbUU1ar/R47emCT8l6ddFCh7g1Q3Z3LH9E7hXLPbx+YSvkTK/8x2waQfGGtQluz
KItKYnmbI4Q7YapicNtDAhzK4/SB9isyXs2u4HQ2P/eocno0mCcFPCnYcLBHmGjJ
7PaucBwY+4Vu5iVf6vjuJwSZl0QyVHlJhoH3PvvpeEjw
-----END CERTIFICATE-----