This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/0grhf2XqQS0PbS4vuPKgFUJ4CtY.roa
File:                     0grhf2XqQS0PbS4vuPKgFUJ4CtY.roa (raw, json)
Hash identifier:          CABCkAtRB5z7qM37KIh3THIotph2AI+4ndFJUzJYceA=
Subject key identifier:   D2:0A:E1:7F:65:EA:41:2D:0F:6D:2E:2F:B8:F2:A0:15:42:78:0A:D6
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       019B7F824A4BFE6C39C57F7969515C99F370
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/0grhf2XqQS0PbS4vuPKgFUJ4CtY.roa
Signing time:             Fri 02 Jan 2026 16:20:03 +0000
ROA not before:           Fri 02 Jan 2026 16:20:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214505
IP address blocks:        31.186.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:4a:4b:fe:6c:39:c5:7f:79:69:51:5c:99:f3:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  2 16:20:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d20ae17f65ea412d0f6d2e2fb8f2a01542780ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bd:45:ed:8f:c3:d3:53:4c:63:47:13:6e:ff:
                    13:26:40:1e:ee:64:5c:21:be:36:9f:eb:05:ce:c4:
                    c6:87:bc:57:ce:05:85:f0:fc:83:94:cb:c0:5b:4b:
                    cd:75:9f:f4:07:68:ef:b9:e7:cf:a0:61:45:d8:09:
                    26:71:79:a8:00:29:a2:a6:30:24:92:7b:c3:56:37:
                    d3:b1:11:18:b5:bf:54:81:ba:24:25:e8:1a:53:19:
                    74:0a:e0:90:3d:40:1d:7b:59:fb:56:9e:54:ee:5f:
                    56:5c:c3:d6:70:70:08:11:ed:f0:83:86:2c:b3:ed:
                    a7:71:17:72:74:0f:52:61:22:ca:20:52:27:8d:d1:
                    e5:54:fb:fc:7d:7d:55:2a:95:3e:3f:0e:73:ef:d9:
                    14:0c:b8:fc:da:8b:3f:66:50:a0:57:52:12:00:c0:
                    20:26:0f:b3:de:f8:92:fa:60:a2:dc:34:81:f5:87:
                    c0:c8:fe:9d:57:ba:1c:b6:a7:d2:de:bf:27:b3:9a:
                    e7:76:d2:ae:d3:a9:74:b1:43:1a:0f:f6:47:b4:0a:
                    f9:91:2d:40:63:2e:99:20:ce:22:5b:7e:d1:16:a3:
                    8a:84:35:94:58:f9:9d:8d:47:ac:99:2e:c4:a7:e1:
                    a0:a3:b5:d0:fb:d6:00:7e:be:21:c2:57:b6:5b:50:
                    dd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:0A:E1:7F:65:EA:41:2D:0F:6D:2E:2F:B8:F2:A0:15:42:78:0A:D6
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/0grhf2XqQS0PbS4vuPKgFUJ4CtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:f0:1f:b5:e6:b1:02:47:d5:45:e1:9f:98:4f:b5:f8:88:9f:
         6f:f9:97:ed:15:63:28:03:cf:d6:cc:49:e6:e4:72:bf:78:58:
         e7:ed:40:c1:12:61:59:94:bd:22:66:5e:af:82:b1:00:6d:b0:
         9c:e0:40:48:6e:dd:b8:7c:5f:fc:ac:ef:3c:b3:dc:97:18:b3:
         df:b4:eb:3d:eb:90:0f:ca:3a:9b:58:53:da:5c:10:ff:53:0a:
         17:44:1a:37:61:3e:24:1a:c7:e5:26:5f:44:5e:80:b4:9d:4c:
         90:dc:18:a7:3f:1d:36:59:01:63:da:6b:dd:ef:78:62:1b:20:
         62:07:3b:8f:b3:68:df:d8:f1:87:07:de:78:ad:6f:8b:5f:12:
         40:4d:14:0c:06:de:ae:62:4e:0c:6e:7f:ec:6e:7f:35:d9:36:
         ce:e5:cb:a5:44:ff:a9:f3:68:07:8a:cb:c4:18:31:d7:e1:d6:
         fd:ba:f4:4c:61:76:55:00:10:a8:c7:02:de:e4:2e:d4:5a:ec:
         0f:32:0c:62:98:f1:30:7b:09:50:54:93:8b:55:1d:67:62:06:
         1a:67:bf:35:df:87:10:7c:ed:0a:ea:52:1f:77:00:28:01:2d:
         6a:6e:26:4f:51:5e:fe:94:0c:35:44:54:60:71:81:1a:55:34:
         b1:8d:b1:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gkpL/mw5xX95aVFcmfNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjYwMTAyMTYyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjBhZTE3ZjY1ZWE0MTJkMGY2ZDJlMmZiOGYyYTAxNTQyNzgwYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlb1F7Y/D01NMY0cTbv8TJkAe7mRc
Ib42n+sFzsTGh7xXzgWF8PyDlMvAW0vNdZ/0B2jvuefPoGFF2AkmcXmoACmipjAk
knvDVjfTsREYtb9UgbokJegaUxl0CuCQPUAde1n7Vp5U7l9WXMPWcHAIEe3wg4Ys
s+2ncRdydA9SYSLKIFInjdHlVPv8fX1VKpU+Pw5z79kUDLj82os/ZlCgV1ISAMAg
Jg+z3viS+mCi3DSB9YfAyP6dV7octqfS3r8ns5rndtKu06l0sUMaD/ZHtAr5kS1A
Yy6ZIM4iW37RFqOKhDWUWPmdjUesmS7Ep+Ggo7XQ+9YAfr4hwle2W1Dd6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIK4X9l6kEtD20uL7jyoBVCeArWMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvMGdyaGYyWHFRUzBQYlM0dnVQS2dGVUo0Q3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH7r6MA0G
CSqGSIb3DQEBCwUAA4IBAQBz8B+15rECR9VF4Z+YT7X4iJ9v+ZftFWMoA8/WzEnm
5HK/eFjn7UDBEmFZlL0iZl6vgrEAbbCc4EBIbt24fF/8rO88s9yXGLPftOs965AP
yjqbWFPaXBD/UwoXRBo3YT4kGsflJl9EXoC0nUyQ3BinPx02WQFj2mvd73hiGyBi
BzuPs2jf2PGHB954rW+LXxJATRQMBt6uYk4Mbn/sbn812TbO5culRP+p82gHisvE
GDHX4db9uvRMYXZVABCoxwLe5C7UWuwPMgximPEwewlQVJOLVR1nYgYaZ78134cQ
fO0K6lIfdwAoAS1qbiZPUV7+lAw1RFRgcYEaVTSxjbG/
-----END CERTIFICATE-----