This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/acb57B5QAKe8GPvYbzFh6P_GEFI.roa
File:                     acb57B5QAKe8GPvYbzFh6P_GEFI.roa (raw, json)
Hash identifier:          W1c7HEZM0emTaSikmS18bvOufE62v1hXLHmO8kr5W90=
Subject key identifier:   69:C6:F9:EC:1E:50:00:A7:BC:18:FB:D8:6F:31:61:E8:FF:C6:10:52
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B77596C4FEC4B5F3CB0F7F2629758BE5D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/acb57B5QAKe8GPvYbzFh6P_GEFI.roa
Signing time:             Thu 01 Jan 2026 02:18:27 +0000
ROA not before:           Thu 01 Jan 2026 02:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204156
IP address blocks:        31.14.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:6c:4f:ec:4b:5f:3c:b0:f7:f2:62:97:58:be:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69c6f9ec1e5000a7bc18fbd86f3161e8ffc61052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6e:3f:4c:65:bb:01:46:57:c0:91:a7:82:d5:
                    d6:16:e5:18:99:d3:80:4c:e2:69:3f:25:c4:91:49:
                    5c:bb:cf:12:04:27:9c:18:a2:93:b7:93:65:90:c0:
                    aa:2f:76:fe:d6:7e:2b:b9:d3:6d:e3:d7:9a:f7:56:
                    15:dd:5c:7f:93:d8:fc:f4:a9:36:91:1a:c6:1f:27:
                    4a:ae:fb:ee:ba:d0:c4:ef:66:28:75:16:b6:14:cb:
                    5e:41:f1:86:1c:50:cb:8b:45:f1:3a:25:1e:32:32:
                    84:3e:d0:8e:d3:29:c6:45:71:d8:ea:c9:37:73:8e:
                    a7:3a:14:dd:f1:e4:d0:41:71:9e:2e:9a:c3:93:7d:
                    58:35:6a:c8:36:ff:ad:2f:a8:4e:19:a1:4a:3d:6e:
                    f4:f6:1c:7c:5b:49:60:4b:bc:8d:43:79:a5:7b:87:
                    d3:ca:15:6d:90:8a:e9:4c:e1:d9:ee:c4:fe:ce:9e:
                    d2:50:e4:bd:ba:ec:b3:53:8b:db:e4:e2:28:cc:6c:
                    a1:1b:0d:79:69:35:23:66:49:1f:25:4b:eb:4a:37:
                    ce:f8:25:84:33:76:20:4a:d7:d7:7c:6e:d3:bf:5f:
                    d9:51:13:10:3f:6f:1d:ab:d9:5b:8d:92:02:76:1f:
                    27:e0:b3:1b:87:cd:7a:ae:6d:1f:1a:7e:6d:a4:79:
                    6a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C6:F9:EC:1E:50:00:A7:BC:18:FB:D8:6F:31:61:E8:FF:C6:10:52
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/acb57B5QAKe8GPvYbzFh6P_GEFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e8:8a:80:c1:ae:93:e6:5b:09:5e:5f:e6:7b:e7:0e:37:ee:a1:
         50:e9:fd:7d:f0:4d:5c:85:31:0a:14:b7:26:eb:5b:11:a3:e3:
         f8:8d:52:4f:0f:6e:49:44:20:d4:9b:74:b4:0a:ec:05:16:2b:
         0a:c4:5e:84:a2:36:62:b4:10:a3:1f:4d:ec:0e:91:74:e1:dd:
         4a:b5:43:1b:0e:82:86:b3:b1:af:67:dc:1c:13:37:2e:71:54:
         29:54:5b:bc:af:a1:4d:16:49:7b:e4:c5:c7:07:62:6b:36:32:
         4b:6d:5a:cf:d4:5f:c4:6c:11:f1:2e:d5:1a:9a:44:b6:3f:84:
         16:a7:b9:f4:79:af:91:2f:77:c7:18:a6:27:70:6c:d5:18:1b:
         21:6b:dc:b8:05:e3:f9:58:96:0b:ea:b6:a5:bf:bb:b4:92:11:
         50:74:bf:32:0a:5e:45:20:72:c1:89:4c:b2:d8:50:43:7c:2a:
         11:12:25:8c:67:7b:ec:a8:bd:d8:2d:68:eb:76:af:57:00:b2:
         b0:61:a5:d0:74:1f:10:94:d9:2b:04:99:59:74:3d:79:a8:25:
         57:66:34:37:35:51:e6:e7:7b:2b:1f:e5:93:ba:c2:9e:c0:84:
         0e:fe:97:85:d4:de:38:f0:8f:ee:6a:f3:bb:65:a2:c1:d9:76:
         fd:4b:bf:cd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WWxP7EtfPLD38mKXWL5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM2ZjllYzFlNTAwMGE3YmMxOGZiZDg2ZjMxNjFlOGZmYzYxMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv24/TGW7AUZXwJGngtXWFuUYmdOA
TOJpPyXEkUlcu88SBCecGKKTt5NlkMCqL3b+1n4rudNt49ea91YV3Vx/k9j89Kk2
kRrGHydKrvvuutDE72YodRa2FMteQfGGHFDLi0XxOiUeMjKEPtCO0ynGRXHY6sk3
c46nOhTd8eTQQXGeLprDk31YNWrINv+tL6hOGaFKPW709hx8W0lgS7yNQ3mle4fT
yhVtkIrpTOHZ7sT+zp7SUOS9uuyzU4vb5OIozGyhGw15aTUjZkkfJUvrSjfO+CWE
M3YgStfXfG7Tv1/ZURMQP28dq9lbjZICdh8n4LMbh816rm0fGn5tpHlqzwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGnG+eweUACnvBj72G8xYej/xhBSMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2FjYjU3QjVRQUtlOEdQdlliekZoNlBfR0VGSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfDiIw
DQYJKoZIhvcNAQELBQADggEBAOiKgMGuk+ZbCV5f5nvnDjfuoVDp/X3wTVyFMQoU
tybrWxGj4/iNUk8PbklEINSbdLQK7AUWKwrEXoSiNmK0EKMfTewOkXTh3Uq1QxsO
goazsa9n3BwTNy5xVClUW7yvoU0WSXvkxccHYms2MkttWs/UX8RsEfEu1RqaRLY/
hBanufR5r5Evd8cYpidwbNUYGyFr3LgF4/lYlgvqtqW/u7SSEVB0vzIKXkUgcsGJ
TLLYUEN8KhESJYxne+yovdgtaOt2r1cAsrBhpdB0HxCU2SsEmVl0PXmoJVdmNDc1
Uebneysf5ZO6wp7AhA7+l4XU3jjwj+5q87tlosHZdv1Lv80=
-----END CERTIFICATE-----