This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/g1S-kxOnMbzdndrLbUeaCJYPOxw.roa
File:                     g1S-kxOnMbzdndrLbUeaCJYPOxw.roa (raw, json)
Hash identifier:          jkv9kYNLwqMU1Z9MYM3vG7XQkKfgh1lByWmby4H5OPY=
Subject key identifier:   83:54:BE:93:13:A7:31:BC:DD:9D:DA:CB:6D:47:9A:08:96:0F:3B:1C
Certificate issuer:       /CN=8e1179f0a35cf07c1629672662866ca001f75bd3
Certificate serial:       019B7EA5776EFEE0E688383E4AC6949FF362
Authority key identifier: 8E:11:79:F0:A3:5C:F0:7C:16:29:67:26:62:86:6C:A0:01:F7:5B:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhF58KNc8HwWKWcmYoZsoAH3W9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/g1S-kxOnMbzdndrLbUeaCJYPOxw.roa
Signing time:             Fri 02 Jan 2026 12:18:51 +0000
ROA not before:           Fri 02 Jan 2026 12:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52213
IP address blocks:        31.131.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/jhF58KNc8HwWKWcmYoZsoAH3W9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/jhF58KNc8HwWKWcmYoZsoAH3W9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhF58KNc8HwWKWcmYoZsoAH3W9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 03:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:77:6e:fe:e0:e6:88:38:3e:4a:c6:94:9f:f3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1179f0a35cf07c1629672662866ca001f75bd3
        Validity
            Not Before: Jan  2 12:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8354be9313a731bcdd9ddacb6d479a08960f3b1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:63:6c:a8:2c:1b:05:9b:6a:32:db:5d:32:d3:
                    ac:6a:ae:ad:40:c7:c2:cd:2a:b3:a2:7e:7d:23:89:
                    26:d9:4a:a5:23:cf:d1:67:61:40:d9:31:6c:47:a8:
                    2c:5f:c9:b6:46:1e:59:0c:02:b6:7c:eb:67:49:a8:
                    79:ed:38:de:a6:43:a6:82:3a:5f:35:ce:48:98:8d:
                    60:e1:e0:63:d1:fc:d2:f7:5d:81:33:af:27:5d:2b:
                    5c:96:29:c5:28:76:02:cd:0c:83:cc:40:70:32:8a:
                    62:a9:dd:71:8d:e6:fd:fd:5f:b5:7a:79:7c:d2:68:
                    38:e0:c0:0e:67:4f:42:6e:6c:18:94:c6:33:e4:39:
                    2f:8f:64:87:64:05:40:24:ac:de:47:c5:b5:c7:1b:
                    30:1e:33:91:fb:72:fb:6c:52:db:ef:f0:5e:04:2d:
                    e6:df:5e:4a:cd:4c:ed:83:3f:5d:41:ee:63:83:65:
                    f5:45:df:d6:35:cc:ec:eb:a6:43:e0:7d:15:a4:40:
                    bf:67:61:31:7e:11:11:ff:12:8f:ac:a5:79:be:4e:
                    1c:bb:80:30:ff:de:df:48:07:24:54:0b:c5:af:1e:
                    f3:03:b3:24:0c:2b:42:b4:97:c0:3c:11:5e:61:b3:
                    dd:95:86:7f:e1:97:54:55:35:0e:a2:56:24:d5:b3:
                    2e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:54:BE:93:13:A7:31:BC:DD:9D:DA:CB:6D:47:9A:08:96:0F:3B:1C
            X509v3 Authority Key Identifier:
                keyid:8E:11:79:F0:A3:5C:F0:7C:16:29:67:26:62:86:6C:A0:01:F7:5B:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhF58KNc8HwWKWcmYoZsoAH3W9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/g1S-kxOnMbzdndrLbUeaCJYPOxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/jhF58KNc8HwWKWcmYoZsoAH3W9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:ac:6d:14:4d:15:5e:75:20:e3:50:27:e4:c5:02:60:5a:a8:
         e8:e6:21:ee:cb:22:b5:fb:79:60:8d:19:d6:9a:1b:28:8e:92:
         91:b5:fd:92:a5:38:08:3d:8e:cf:c8:4e:e8:18:af:31:3b:4d:
         cb:39:46:27:6b:e2:b8:f6:5f:d5:29:10:e6:55:ec:d2:b0:a3:
         53:c5:d9:ce:78:30:c8:5a:ac:d9:b9:01:a5:89:4e:68:b4:fa:
         05:a0:9f:98:0f:01:85:f6:8f:b6:7a:2c:d8:37:aa:63:a0:d5:
         fb:1f:61:2e:77:5a:36:84:bf:b9:8c:fd:32:da:11:47:2b:6c:
         a2:cf:1d:20:16:be:55:28:e2:bf:7b:31:4a:c3:3a:49:c2:34:
         21:66:4a:21:63:9a:1d:9b:74:13:57:3e:fd:bc:ff:93:30:a4:
         10:f4:d8:24:8e:5c:32:85:66:a3:62:bf:71:d2:3a:0d:56:d2:
         63:3d:32:f1:73:1f:f2:f0:ce:9b:d1:2b:9c:24:5e:31:5c:f6:
         45:f5:44:1a:f1:75:5a:90:5f:4a:69:c8:93:38:9c:ef:96:2c:
         6e:ee:cf:8b:07:3c:5e:35:89:84:79:49:82:8a:95:61:40:d4:
         ea:c8:7a:cc:de:7b:97:83:df:e3:0f:5d:23:0b:13:33:7e:fa:
         e7:ef:07:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pXdu/uDmiDg+SsaUn/NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMTE3OWYwYTM1Y2YwN2MxNjI5NjcyNjYyODY2Y2EwMDFm
NzViZDMwHhcNMjYwMTAyMTIxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzU0YmU5MzEzYTczMWJjZGQ5ZGRhY2I2ZDQ3OWEwODk2MGYzYjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGNsqCwbBZtqMttdMtOsaq6tQMfC
zSqzon59I4km2UqlI8/RZ2FA2TFsR6gsX8m2Rh5ZDAK2fOtnSah57TjepkOmgjpf
Nc5ImI1g4eBj0fzS912BM68nXStclinFKHYCzQyDzEBwMopiqd1xjeb9/V+1enl8
0mg44MAOZ09CbmwYlMYz5Dkvj2SHZAVAJKzeR8W1xxswHjOR+3L7bFLb7/BeBC3m
315KzUztgz9dQe5jg2X1Rd/WNczs66ZD4H0VpEC/Z2ExfhER/xKPrKV5vk4cu4Aw
/97fSAckVAvFrx7zA7MkDCtCtJfAPBFeYbPdlYZ/4ZdUVTUOolYk1bMukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINUvpMTpzG83Z3ay21HmgiWDzscMB8GA1UdIwQY
MBaAFI4RefCjXPB8FilnJmKGbKAB91vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamhGNThLTmM4SHdXS1djbVlvWnNvQUgzVzlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9lZThmOTAtZWYyYi00M2MwLWIwYzAt
NGNiYzY3MjE5YjRhLzEvZzFTLWt4T25NYnpkbmRyTGJVZWFDSllQT3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9lZThmOTAtZWYyYi00M2MwLWIwYzAtNGNiYzY3MjE5YjRh
LzEvamhGNThLTmM4SHdXS1djbVlvWnNvQUgzVzlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4OLMA0G
CSqGSIb3DQEBCwUAA4IBAQBErG0UTRVedSDjUCfkxQJgWqjo5iHuyyK1+3lgjRnW
mhsojpKRtf2SpTgIPY7PyE7oGK8xO03LOUYna+K49l/VKRDmVezSsKNTxdnOeDDI
WqzZuQGliU5otPoFoJ+YDwGF9o+2eizYN6pjoNX7H2Eud1o2hL+5jP0y2hFHK2yi
zx0gFr5VKOK/ezFKwzpJwjQhZkohY5odm3QTVz79vP+TMKQQ9NgkjlwyhWajYr9x
0joNVtJjPTLxcx/y8M6b0SucJF4xXPZF9UQa8XVakF9KaciTOJzvlixu7s+LBzxe
NYmEeUmCipVhQNTqyHrM3nuXg9/jD10jCxMzfvrn7wdW
-----END CERTIFICATE-----