This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/PPTpKN0G94Qk3SCfG74G6E4gLdw.roa
File:                     PPTpKN0G94Qk3SCfG74G6E4gLdw.roa (raw, json)
Hash identifier:          IpDfPDw0GzTAcezF6u+iyqtASEo3jItEu1XZDEJz9Yk=
Subject key identifier:   3C:F4:E9:28:DD:06:F7:84:24:DD:20:9F:1B:BE:06:E8:4E:20:2D:DC
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       019B7F15645D3E63500E7A627C1F5A2A17BD
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/PPTpKN0G94Qk3SCfG74G6E4gLdw.roa
Signing time:             Fri 02 Jan 2026 14:21:06 +0000
ROA not before:           Fri 02 Jan 2026 14:21:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56789
IP address blocks:        109.107.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:64:5d:3e:63:50:0e:7a:62:7c:1f:5a:2a:17:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 14:21:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3cf4e928dd06f78424dd209f1bbe06e84e202ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b7:20:88:8b:86:a2:55:3b:b2:3e:dd:c9:db:
                    19:de:c1:8e:a5:af:8c:0d:b0:e3:a9:09:fd:18:f6:
                    23:1e:b4:dd:6a:d3:4d:ea:28:46:bd:8c:1c:58:8b:
                    af:ab:82:76:47:f5:40:6f:7e:9f:ef:37:15:81:d3:
                    b1:28:08:70:5b:77:89:20:a0:61:bc:10:d2:13:78:
                    65:24:11:8e:e1:77:a0:71:6d:09:db:ab:44:e6:f7:
                    14:fd:c3:20:d4:ac:58:dd:68:51:da:5b:f8:cf:2f:
                    dd:bd:68:5d:ca:c0:57:14:e5:d4:ca:18:18:e2:5d:
                    47:22:ca:61:51:b0:4d:2a:2f:17:45:d5:f7:37:c2:
                    cc:c5:9c:5c:05:d5:f5:80:fe:6f:63:41:22:11:af:
                    5c:0d:e5:bd:03:81:44:97:6f:27:6b:42:44:ac:2f:
                    04:03:a3:2d:5c:39:2f:f2:ba:e9:19:1c:20:51:a3:
                    51:da:a4:6a:9d:5c:4f:49:55:f8:54:7b:a8:07:90:
                    f2:1d:f0:6e:c3:98:e5:f8:1e:5d:ee:8d:bc:50:0c:
                    23:31:63:4c:ea:11:53:19:a8:4f:40:12:7d:63:57:
                    2a:7a:d5:15:02:79:f4:08:5a:20:75:fa:d6:d1:3b:
                    5e:b2:61:ce:3e:26:f8:63:61:3e:cb:07:c0:8c:d0:
                    ca:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:F4:E9:28:DD:06:F7:84:24:DD:20:9F:1B:BE:06:E8:4E:20:2D:DC
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/PPTpKN0G94Qk3SCfG74G6E4gLdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:8b:be:15:60:bc:1b:11:bf:22:75:b2:bc:e0:e3:d9:f3:82:
         65:d1:6a:d6:2f:f3:44:ce:ba:e8:00:e7:5d:d3:66:32:d4:77:
         23:4c:f1:f6:4f:58:3e:76:ff:0b:85:30:0e:8d:2e:76:2c:1e:
         53:46:88:82:64:e9:f3:d0:4f:b6:d3:c0:59:59:53:32:cf:9a:
         b5:f2:62:8f:3f:86:2f:2e:d9:6e:a8:50:c5:33:82:85:7a:46:
         57:52:1b:7c:d9:fd:b6:7e:eb:54:83:76:3f:20:82:f9:28:92:
         27:6e:54:37:27:48:c0:4b:05:a3:34:2e:16:72:72:55:cb:ee:
         39:7f:22:7d:dc:3f:73:51:c7:3e:f2:a8:9d:2f:fd:39:2a:f6:
         b2:d0:be:39:1b:c1:54:53:11:b1:8d:2a:8e:ff:f6:90:0f:c4:
         d4:ae:2f:d8:be:88:61:f2:ae:53:3d:aa:d3:6a:da:ca:32:27:
         f7:25:f0:7d:d5:e7:c5:e7:23:4a:25:61:b7:16:69:87:b5:94:
         65:45:b7:d7:c2:4d:a7:ca:b0:f4:35:41:27:1e:21:55:d7:79:
         32:98:f0:d1:8a:c4:29:04:25:35:c7:72:90:38:1a:32:37:d7:
         8c:e2:f0:77:6c:0f:ad:a9:98:c1:d5:6b:c1:22:b2:a7:36:ef:
         d2:ae:32:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FWRdPmNQDnpifB9aKhe9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjYwMTAyMTQyMTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Y0ZTkyOGRkMDZmNzg0MjRkZDIwOWYxYmJlMDZlODRlMjAyZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbcgiIuGolU7sj7dydsZ3sGOpa+M
DbDjqQn9GPYjHrTdatNN6ihGvYwcWIuvq4J2R/VAb36f7zcVgdOxKAhwW3eJIKBh
vBDSE3hlJBGO4XegcW0J26tE5vcU/cMg1KxY3WhR2lv4zy/dvWhdysBXFOXUyhgY
4l1HIsphUbBNKi8XRdX3N8LMxZxcBdX1gP5vY0EiEa9cDeW9A4FEl28na0JErC8E
A6MtXDkv8rrpGRwgUaNR2qRqnVxPSVX4VHuoB5DyHfBuw5jl+B5d7o28UAwjMWNM
6hFTGahPQBJ9Y1cqetUVAnn0CFogdfrW0TtesmHOPib4Y2E+ywfAjNDKaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDz06SjdBveEJN0gnxu+BuhOIC3cMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvUFBUcEtOMEc5NFFrM1NDZkc3NEc2RTRnTGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuZMA0G
CSqGSIb3DQEBCwUAA4IBAQBii74VYLwbEb8idbK84OPZ84Jl0WrWL/NEzrroAOdd
02Yy1HcjTPH2T1g+dv8LhTAOjS52LB5TRoiCZOnz0E+208BZWVMyz5q18mKPP4Yv
LtluqFDFM4KFekZXUht82f22futUg3Y/IIL5KJInblQ3J0jASwWjNC4WcnJVy+45
fyJ93D9zUcc+8qidL/05Kvay0L45G8FUUxGxjSqO//aQD8TUri/Yvohh8q5TParT
atrKMif3JfB91efF5yNKJWG3FmmHtZRlRbfXwk2nyrD0NUEnHiFV13kymPDRisQp
BCU1x3KQOBoyN9eM4vB3bA+tqZjB1WvBIrKnNu/SrjK7
-----END CERTIFICATE-----