This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/p0p2OO5fAMJ3EsixMPWafbErHR8.roa
File:                     p0p2OO5fAMJ3EsixMPWafbErHR8.roa (raw, json)
Hash identifier:          AW4TgH3P5L8EKPSHOfhLkGluDRU0yoKTmN94YBIvSR8=
Subject key identifier:   A7:4A:76:38:EE:5F:00:C2:77:12:C8:B1:30:F5:9A:7D:B1:2B:1D:1F
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       019B7F836F3C45B015FC6EB75EBF0A64B3F8
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/p0p2OO5fAMJ3EsixMPWafbErHR8.roa
Signing time:             Fri 02 Jan 2026 16:21:18 +0000
ROA not before:           Fri 02 Jan 2026 16:21:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213191
IP address blocks:        31.40.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:6f:3c:45:b0:15:fc:6e:b7:5e:bf:0a:64:b3:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Jan  2 16:21:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a74a7638ee5f00c27712c8b130f59a7db12b1d1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6e:91:a0:a8:e4:d4:9c:54:6b:c5:d4:42:0e:
                    30:b9:a9:c7:8f:94:8c:e0:bc:f8:c1:9e:9b:f3:25:
                    41:1f:e3:46:7e:db:78:18:34:00:ad:fa:6b:24:7c:
                    8b:7b:09:b0:7d:d2:d0:53:d2:46:5b:90:f0:95:d8:
                    c7:6a:e3:13:f6:c1:9a:b0:37:44:23:39:e4:ff:4a:
                    f4:64:62:ee:b3:e9:2d:e4:71:74:e5:ff:00:40:cf:
                    2f:ba:53:15:83:6c:4c:e0:aa:10:99:d5:ce:9e:ca:
                    02:e2:07:02:39:10:cd:00:b6:7d:fb:ab:18:7c:f7:
                    3d:ea:f1:b5:e5:38:f9:90:20:4c:90:f0:a5:c6:b4:
                    5f:27:37:8b:8f:73:af:68:65:c4:22:51:b9:34:0b:
                    3d:9c:d3:8b:87:c9:cf:cf:1c:bc:0d:eb:f3:87:d4:
                    d0:d3:bc:40:0e:4f:b8:6e:d1:0c:6f:b7:88:d9:c6:
                    05:fd:0f:53:7d:38:b5:18:bf:77:e2:74:46:a4:55:
                    6b:47:1a:89:a4:b1:20:da:92:22:d2:4a:a3:7f:1b:
                    9e:ce:5b:2a:84:ee:a9:61:8f:49:32:14:62:60:12:
                    02:18:02:db:7e:0a:6e:60:a8:73:58:a7:89:12:6e:
                    18:66:93:83:85:96:2e:ea:74:04:aa:1e:04:db:87:
                    a0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:4A:76:38:EE:5F:00:C2:77:12:C8:B1:30:F5:9A:7D:B1:2B:1D:1F
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/p0p2OO5fAMJ3EsixMPWafbErHR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:fd:fb:64:e3:51:c9:4d:41:08:df:e5:ae:56:e7:b4:86:6c:
         e0:c9:cb:98:57:50:47:a1:f9:a3:3b:99:f5:3d:91:aa:36:0c:
         50:8b:86:8f:7d:bc:4f:d8:02:35:24:8a:5e:b2:c8:7f:83:83:
         76:b9:52:06:58:78:72:4d:02:b0:d3:4c:c1:fe:88:a4:c2:57:
         7f:b0:57:a5:d9:23:18:35:9e:1d:5e:c2:31:0f:77:0c:6e:1f:
         1f:7a:05:05:87:36:28:62:fa:91:dc:f4:5f:c5:99:fa:c9:e5:
         b1:25:e2:25:71:95:9b:65:ae:89:14:9c:63:35:67:3e:0f:3a:
         35:e2:e3:5e:d3:e5:08:15:bf:59:36:13:ef:af:ec:c5:ed:f0:
         fc:21:50:bf:9a:da:a2:93:45:2f:01:47:cf:31:c5:65:c3:e9:
         3d:9b:f0:ce:8c:2b:ff:85:9f:79:6c:0c:56:5a:aa:43:14:eb:
         e0:5e:f4:7e:65:c1:4f:d6:15:b8:69:74:c1:05:07:10:d7:28:
         03:45:eb:d0:31:ce:9a:c6:ec:01:39:36:f5:40:bd:cc:97:02:
         e4:44:fa:92:0d:d4:dd:45:78:6c:0a:8d:10:08:d0:da:43:9c:
         8c:50:a6:66:60:c2:9d:0b:d8:f2:01:10:8a:56:24:df:49:a3:
         06:83:94:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g288RbAV/G63Xr8KZLP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjYwMTAyMTYyMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzRhNzYzOGVlNWYwMGMyNzcxMmM4YjEzMGY1OWE3ZGIxMmIxZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW6RoKjk1JxUa8XUQg4wuanHj5SM
4Lz4wZ6b8yVBH+NGftt4GDQArfprJHyLewmwfdLQU9JGW5DwldjHauMT9sGasDdE
Iznk/0r0ZGLus+kt5HF05f8AQM8vulMVg2xM4KoQmdXOnsoC4gcCORDNALZ9+6sY
fPc96vG15Tj5kCBMkPClxrRfJzeLj3OvaGXEIlG5NAs9nNOLh8nPzxy8Devzh9TQ
07xADk+4btEMb7eI2cYF/Q9TfTi1GL934nRGpFVrRxqJpLEg2pIi0kqjfxuezlsq
hO6pYY9JMhRiYBICGALbfgpuYKhzWKeJEm4YZpODhZYu6nQEqh4E24eg1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdKdjjuXwDCdxLIsTD1mn2xKx0fMB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvcDBwMk9PNWZBTUozRXNpeE1QV2FmYkVySFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyicMA0G
CSqGSIb3DQEBCwUAA4IBAQA0/ftk41HJTUEI3+WuVue0hmzgycuYV1BHofmjO5n1
PZGqNgxQi4aPfbxP2AI1JIpessh/g4N2uVIGWHhyTQKw00zB/oikwld/sFel2SMY
NZ4dXsIxD3cMbh8fegUFhzYoYvqR3PRfxZn6yeWxJeIlcZWbZa6JFJxjNWc+Dzo1
4uNe0+UIFb9ZNhPvr+zF7fD8IVC/mtqik0UvAUfPMcVlw+k9m/DOjCv/hZ95bAxW
WqpDFOvgXvR+ZcFP1hW4aXTBBQcQ1ygDRevQMc6axuwBOTb1QL3MlwLkRPqSDdTd
RXhsCo0QCNDaQ5yMUKZmYMKdC9jyARCKViTfSaMGg5Ta
-----END CERTIFICATE-----