This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/PtYo6MwEWy1vpndhzACUN02erEo.roa
File:                     PtYo6MwEWy1vpndhzACUN02erEo.roa (raw, json)
Hash identifier:          3/Pp/u1BR3pOxJGz3l7tc76JM7PepsEG/RPZ3ABSNvU=
Subject key identifier:   3E:D6:28:E8:CC:04:5B:2D:6F:A6:77:61:CC:00:94:37:4D:9E:AC:4A
Certificate issuer:       /CN=ace3634464861bd4bf8c5bc7e3c9bfd3d246a4dd
Certificate serial:       019B7EA679EF887954C1FC8B07507902E414
Authority key identifier: AC:E3:63:44:64:86:1B:D4:BF:8C:5B:C7:E3:C9:BF:D3:D2:46:A4:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rONjRGSGG9S_jFvH48m_09JGpN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/PtYo6MwEWy1vpndhzACUN02erEo.roa
Signing time:             Fri 02 Jan 2026 12:19:57 +0000
ROA not before:           Fri 02 Jan 2026 12:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8455
IP address blocks:        195.248.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/rONjRGSGG9S_jFvH48m_09JGpN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/rONjRGSGG9S_jFvH48m_09JGpN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rONjRGSGG9S_jFvH48m_09JGpN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:79:ef:88:79:54:c1:fc:8b:07:50:79:02:e4:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ace3634464861bd4bf8c5bc7e3c9bfd3d246a4dd
        Validity
            Not Before: Jan  2 12:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ed628e8cc045b2d6fa67761cc0094374d9eac4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e4:ef:e1:6e:17:ae:fb:fa:6a:ca:61:ef:21:
                    70:3e:9f:32:ab:5e:5e:96:3a:53:80:ad:56:92:99:
                    54:87:d2:f2:ef:80:71:d1:ff:c0:08:3f:f2:89:01:
                    66:61:42:86:86:36:90:73:74:95:c4:50:c0:80:f2:
                    3f:e0:1e:19:57:fb:2b:b6:a4:ae:bb:0a:d4:81:3b:
                    1c:87:93:0d:73:37:e7:2a:de:91:da:ee:62:8f:d2:
                    7c:e4:37:e4:d9:12:ff:f9:67:4b:cf:50:8e:9d:e1:
                    1a:dc:98:c6:2c:dc:d5:2d:76:4b:f8:83:d7:6c:70:
                    15:7c:64:50:2c:3a:4c:0b:f0:b7:9e:d5:87:4f:3c:
                    09:c1:f9:84:da:ce:17:ba:2f:61:0b:54:2c:71:95:
                    46:b0:8b:af:0e:a4:88:15:7c:21:56:86:26:10:61:
                    4d:dc:47:11:33:cd:ab:39:5e:c3:64:42:ba:9e:0d:
                    7a:61:86:99:a9:38:5b:31:ee:0e:2a:c6:79:ff:02:
                    50:b1:32:8c:66:0e:32:c8:04:61:4d:c3:48:ef:45:
                    13:68:20:5c:9c:89:91:4b:2c:de:36:60:12:07:5d:
                    63:76:39:ce:19:8b:1a:e4:ba:7b:0b:55:b4:b0:6f:
                    df:1e:37:69:08:03:fc:db:1c:8a:60:9a:13:fa:d7:
                    3a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D6:28:E8:CC:04:5B:2D:6F:A6:77:61:CC:00:94:37:4D:9E:AC:4A
            X509v3 Authority Key Identifier:
                keyid:AC:E3:63:44:64:86:1B:D4:BF:8C:5B:C7:E3:C9:BF:D3:D2:46:A4:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rONjRGSGG9S_jFvH48m_09JGpN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/PtYo6MwEWy1vpndhzACUN02erEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0ef59-1842-4ca3-9865-067cc4426c28/1/rONjRGSGG9S_jFvH48m_09JGpN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b4:85:23:3a:6a:a0:07:13:d7:e0:fd:98:84:6b:78:9a:b9:
         73:0e:1f:3a:87:36:45:45:8d:82:55:de:cc:19:d1:c7:c5:83:
         d4:18:88:e4:9d:70:3f:c7:5f:fd:c3:19:5d:93:81:82:33:87:
         25:e8:33:a4:df:6a:54:9e:36:be:6a:fb:21:66:ac:df:f4:48:
         69:bb:21:24:4a:d4:6c:eb:de:70:de:97:51:e3:1e:a7:08:88:
         ec:0f:a1:f2:ce:d1:2e:7f:82:12:b5:97:2c:03:89:df:43:c9:
         6d:ac:9c:f0:27:91:8c:fc:34:d1:2e:ad:fb:56:81:cd:10:33:
         d0:49:20:5a:46:db:66:56:90:19:4d:96:a0:5c:ed:d4:8f:48:
         1c:90:e1:8b:7f:47:b2:e5:53:46:d1:e7:f6:db:1e:2d:fb:63:
         67:fa:42:4a:2b:81:31:be:78:8f:53:45:cb:2b:a5:4c:9d:75:
         54:6d:45:b6:62:6e:fe:70:d2:10:65:49:7e:8a:4f:4c:7a:63:
         9d:30:2c:a0:79:80:2b:d3:85:a6:78:23:de:20:24:1c:23:5e:
         af:7d:b7:d0:56:f5:71:d8:e5:c4:ca:ad:f1:8a:7b:bc:7d:e8:
         87:64:09:6a:da:b4:32:e8:1d:e4:df:8f:12:f8:61:10:16:95:
         40:8b:a4:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pnnviHlUwfyLB1B5AuQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZTM2MzQ0NjQ4NjFiZDRiZjhjNWJjN2UzYzliZmQzZDI0
NmE0ZGQwHhcNMjYwMTAyMTIxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQ2MjhlOGNjMDQ1YjJkNmZhNjc3NjFjYzAwOTQzNzRkOWVhYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweTv4W4Xrvv6asph7yFwPp8yq15e
ljpTgK1WkplUh9Ly74Bx0f/ACD/yiQFmYUKGhjaQc3SVxFDAgPI/4B4ZV/srtqSu
uwrUgTsch5MNczfnKt6R2u5ij9J85Dfk2RL/+WdLz1COneEa3JjGLNzVLXZL+IPX
bHAVfGRQLDpMC/C3ntWHTzwJwfmE2s4Xui9hC1QscZVGsIuvDqSIFXwhVoYmEGFN
3EcRM82rOV7DZEK6ng16YYaZqThbMe4OKsZ5/wJQsTKMZg4yyARhTcNI70UTaCBc
nImRSyzeNmASB11jdjnOGYsa5Lp7C1W0sG/fHjdpCAP82xyKYJoT+tc6ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7WKOjMBFstb6Z3YcwAlDdNnqxKMB8GA1UdIwQY
MBaAFKzjY0RkhhvUv4xbx+PJv9PSRqTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck9OalJHU0dHOVNfakZ2SDQ4bV8wOUpHcE4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMGVmNTktMTg0Mi00Y2EzLTk4NjUt
MDY3Y2M0NDI2YzI4LzEvUHRZbzZNd0VXeTF2cG5kaHpBQ1VOMDJlckVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMGVmNTktMTg0Mi00Y2EzLTk4NjUtMDY3Y2M0NDI2YzI4
LzEvck9OalJHU0dHOVNfakZ2SDQ4bV8wOUpHcE4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/hXMA0G
CSqGSIb3DQEBCwUAA4IBAQAgtIUjOmqgBxPX4P2YhGt4mrlzDh86hzZFRY2CVd7M
GdHHxYPUGIjknXA/x1/9wxldk4GCM4cl6DOk32pUnja+avshZqzf9EhpuyEkStRs
695w3pdR4x6nCIjsD6HyztEuf4IStZcsA4nfQ8ltrJzwJ5GM/DTRLq37VoHNEDPQ
SSBaRttmVpAZTZagXO3Uj0gckOGLf0ey5VNG0ef22x4t+2Nn+kJKK4ExvniPU0XL
K6VMnXVUbUW2Ym7+cNIQZUl+ik9MemOdMCygeYAr04WmeCPeICQcI16vfbfQVvVx
2OXEyq3xinu8feiHZAlq2rQy6B3k348S+GEQFpVAi6So
-----END CERTIFICATE-----