This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/YOBJXpEHAMny3YxgbXhGFE9H1Dc.roa
File:                     YOBJXpEHAMny3YxgbXhGFE9H1Dc.roa (raw, json)
Hash identifier:          ubjGl6NH+8cXpUPkiXxOW4R61YalXFLiA+y8Gn0QEic=
Subject key identifier:   60:E0:49:5E:91:07:00:C9:F2:DD:8C:60:6D:78:46:14:4F:47:D4:37
Certificate issuer:       /CN=a939cc1621ee3010ae98e127bd254a7833fd2827
Certificate serial:       019B7F82F7C703806D5770B1B9CB7E2A6C4D
Authority key identifier: A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/YOBJXpEHAMny3YxgbXhGFE9H1Dc.roa
Signing time:             Fri 02 Jan 2026 16:20:48 +0000
ROA not before:           Fri 02 Jan 2026 16:20:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42489
IP address blocks:        31.133.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:f7:c7:03:80:6d:57:70:b1:b9:cb:7e:2a:6c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a939cc1621ee3010ae98e127bd254a7833fd2827
        Validity
            Not Before: Jan  2 16:20:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60e0495e910700c9f2dd8c606d7846144f47d437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:dc:b4:3c:a6:49:68:3e:39:d7:67:7b:a7:01:
                    20:0f:61:a2:0e:65:dc:00:37:9f:1f:54:bc:3e:00:
                    a2:10:25:9f:dd:9b:69:d2:f9:71:0a:b4:f6:e7:88:
                    d6:86:88:52:08:18:51:6a:48:7b:36:ba:1b:7f:6c:
                    63:d1:e0:03:15:54:3e:4d:cb:66:98:64:34:9c:14:
                    f9:ab:5d:52:f7:2d:ed:e0:b0:41:c4:ff:8d:a0:a9:
                    f5:fd:e4:69:bc:d0:4b:fa:5d:13:f0:15:b6:04:f5:
                    b3:35:77:e0:6a:7c:1f:fc:e7:d6:59:d0:af:22:4e:
                    31:f8:99:09:f7:4e:9a:16:f9:70:22:c6:86:b9:98:
                    1e:4d:2f:88:b8:27:be:2c:7a:9c:cd:50:d3:b6:da:
                    35:5b:1a:3b:1a:ad:0c:d1:f6:49:2e:8d:03:1c:ae:
                    bf:ab:a9:53:0a:05:90:b9:76:53:51:b3:c5:3a:22:
                    4f:60:47:e2:62:6b:6c:3f:1f:df:e3:ae:a2:2f:85:
                    78:36:dd:e1:04:87:ff:25:25:33:9e:ee:fb:7f:30:
                    ce:93:d5:15:f0:ea:4f:b4:d4:29:86:96:6a:7d:45:
                    e1:ed:54:3d:04:da:e6:29:c7:9e:53:ff:35:cf:fa:
                    da:4f:5e:2e:e4:89:3d:b9:bd:48:93:f2:e8:fb:0d:
                    d0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E0:49:5E:91:07:00:C9:F2:DD:8C:60:6D:78:46:14:4F:47:D4:37
            X509v3 Authority Key Identifier:
                keyid:A9:39:CC:16:21:EE:30:10:AE:98:E1:27:BD:25:4A:78:33:FD:28:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qTnMFiHuMBCumOEnvSVKeDP9KCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/YOBJXpEHAMny3YxgbXhGFE9H1Dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d5bf72-3115-4c71-a1bf-b06194d13c6b/1/qTnMFiHuMBCumOEnvSVKeDP9KCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:89:fe:a3:95:64:cb:b6:14:85:ed:8e:de:e0:c3:64:5a:90:
         f6:d8:8b:c4:61:af:21:d6:db:fc:fe:2b:62:f2:fd:f6:94:64:
         f3:60:a3:b9:5e:72:28:3f:90:15:07:f5:84:08:cb:88:0b:80:
         b3:9f:8f:04:c7:94:76:97:7d:45:ca:90:0c:d0:ae:2d:d4:59:
         69:a9:02:e9:75:3b:e2:9c:a0:b9:ff:24:b9:92:12:af:bd:7b:
         5a:99:94:ea:3a:a7:ae:a2:bd:ff:ee:67:f8:e6:d6:6f:c0:67:
         d7:c8:d2:84:ac:1a:66:76:b8:fa:56:02:bb:43:2c:0e:dd:8a:
         ab:61:df:4b:24:9d:7d:9b:b6:6c:b0:c6:63:20:c6:98:39:1d:
         65:d8:0b:b0:10:a0:b4:38:07:fe:36:07:69:02:a4:a9:e1:17:
         89:3a:d4:e7:94:c4:d2:70:01:72:8b:76:25:cf:8e:6e:6d:58:
         37:d2:08:8e:77:5c:3e:b3:75:81:86:ca:dd:64:03:a2:18:fa:
         0d:3e:b1:a9:06:7c:a2:47:a2:ed:98:8f:3d:db:55:bd:50:fb:
         70:dd:50:40:ba:12:14:ee:34:7d:a7:30:84:e0:07:9e:eb:74:
         63:56:ed:85:f1:64:20:c6:8b:d1:26:f0:f9:6a:b8:a3:18:1f:
         0c:66:9b:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gvfHA4BtV3Cxuct+KmxNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MzljYzE2MjFlZTMwMTBhZTk4ZTEyN2JkMjU0YTc4MzNm
ZDI4MjcwHhcNMjYwMTAyMTYyMDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGUwNDk1ZTkxMDcwMGM5ZjJkZDhjNjA2ZDc4NDYxNDRmNDdkNDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dy0PKZJaD4512d7pwEgD2GiDmXc
ADefH1S8PgCiECWf3Ztp0vlxCrT254jWhohSCBhRakh7Nrobf2xj0eADFVQ+Tctm
mGQ0nBT5q11S9y3t4LBBxP+NoKn1/eRpvNBL+l0T8BW2BPWzNXfganwf/OfWWdCv
Ik4x+JkJ906aFvlwIsaGuZgeTS+IuCe+LHqczVDTtto1Wxo7Gq0M0fZJLo0DHK6/
q6lTCgWQuXZTUbPFOiJPYEfiYmtsPx/f466iL4V4Nt3hBIf/JSUznu77fzDOk9UV
8OpPtNQphpZqfUXh7VQ9BNrmKceeU/81z/raT14u5Ik9ub1Ik/Lo+w3Q0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDgSV6RBwDJ8t2MYG14RhRPR9Q3MB8GA1UdIwQY
MBaAFKk5zBYh7jAQrpjhJ70lSngz/SgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYt
YjA2MTk0ZDEzYzZiLzEvWU9CSlhwRUhBTW55M1l4Z2JYaEdGRTlIMURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kNWJmNzItMzExNS00YzcxLWExYmYtYjA2MTk0ZDEzYzZi
LzEvcVRuTUZpSHVNQkN1bU9FbnZTVktlRFA5S0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4V0MA0G
CSqGSIb3DQEBCwUAA4IBAQBGif6jlWTLthSF7Y7e4MNkWpD22IvEYa8h1tv8/iti
8v32lGTzYKO5XnIoP5AVB/WECMuIC4Czn48Ex5R2l31FypAM0K4t1FlpqQLpdTvi
nKC5/yS5khKvvXtamZTqOqeuor3/7mf45tZvwGfXyNKErBpmdrj6VgK7QywO3Yqr
Yd9LJJ19m7ZssMZjIMaYOR1l2AuwEKC0OAf+NgdpAqSp4ReJOtTnlMTScAFyi3Yl
z45ubVg30giOd1w+s3WBhsrdZAOiGPoNPrGpBnyiR6LtmI8921W9UPtw3VBAuhIU
7jR9pzCE4Aee63RjVu2F8WQgxovRJvD5arijGB8MZps1
-----END CERTIFICATE-----