This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/pdSStO6DCaJYyS956WyXq-lA8KU.roa
File:                     pdSStO6DCaJYyS956WyXq-lA8KU.roa (raw, json)
Hash identifier:          pWxBYjsjh5LvNjhkNSAagaIsoVy58B8SoqT9s1TYRxw=
Subject key identifier:   A5:D4:92:B4:EE:83:09:A2:58:C9:2F:79:E9:6C:97:AB:E9:40:F0:A5
Certificate issuer:       /CN=d5585a2e08fe443ce7fd0cbf406f7b9ada2a7cc5
Certificate serial:       019B7A5B90890CF7704509F77638F0D0FB18
Authority key identifier: D5:58:5A:2E:08:FE:44:3C:E7:FD:0C:BF:40:6F:7B:9A:DA:2A:7C:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1VhaLgj-RDzn_Qy_QG97mtoqfMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/pdSStO6DCaJYyS956WyXq-lA8KU.roa
Signing time:             Thu 01 Jan 2026 16:19:39 +0000
ROA not before:           Thu 01 Jan 2026 16:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8717
IP address blocks:        195.128.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/1VhaLgj-RDzn_Qy_QG97mtoqfMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/1VhaLgj-RDzn_Qy_QG97mtoqfMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1VhaLgj-RDzn_Qy_QG97mtoqfMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:90:89:0c:f7:70:45:09:f7:76:38:f0:d0:fb:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5585a2e08fe443ce7fd0cbf406f7b9ada2a7cc5
        Validity
            Not Before: Jan  1 16:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5d492b4ee8309a258c92f79e96c97abe940f0a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cc:9f:dd:b6:65:5d:32:11:ae:46:85:cb:c2:
                    e0:1e:a9:b0:b4:ac:6a:5e:44:8b:81:f8:98:2a:36:
                    63:8e:d6:80:eb:d0:22:db:70:f8:94:29:0d:c2:95:
                    e2:ed:20:cd:ee:ad:5a:14:23:77:c3:84:a4:87:e0:
                    22:fc:5c:f0:11:a7:3b:dd:37:b1:2c:2c:2a:8f:73:
                    f3:71:e0:2f:43:76:8b:02:ca:68:93:5d:7b:27:b8:
                    5d:3c:86:3b:b5:37:4b:26:0f:68:d6:b8:8b:30:0c:
                    6c:59:0f:11:6f:03:f7:59:df:95:f9:60:e6:fe:97:
                    de:fe:c8:67:6a:02:aa:59:c0:4e:a3:28:43:7d:7e:
                    67:fd:a4:e8:09:00:7c:89:5c:c1:f2:9f:e3:d6:a1:
                    e4:c1:36:e2:e5:34:02:84:e8:df:c3:d5:c6:45:1b:
                    fd:9a:46:32:09:d5:c8:d6:0c:d6:3c:99:fd:3e:3c:
                    52:33:ad:30:58:b5:40:62:76:a7:6c:ce:b9:e1:fc:
                    e0:2e:1f:2e:58:ef:ef:0b:eb:9d:e1:26:1d:f4:57:
                    c8:38:77:9e:a5:1e:0d:9b:9b:46:dd:51:f1:21:96:
                    cb:a3:10:84:a6:2a:8f:f6:23:a4:78:05:7b:35:0a:
                    70:97:71:49:dc:bc:fa:bf:bd:c3:8d:be:e1:dd:05:
                    49:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:D4:92:B4:EE:83:09:A2:58:C9:2F:79:E9:6C:97:AB:E9:40:F0:A5
            X509v3 Authority Key Identifier:
                keyid:D5:58:5A:2E:08:FE:44:3C:E7:FD:0C:BF:40:6F:7B:9A:DA:2A:7C:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1VhaLgj-RDzn_Qy_QG97mtoqfMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/pdSStO6DCaJYyS956WyXq-lA8KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/1VhaLgj-RDzn_Qy_QG97mtoqfMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:c0:08:51:64:b4:b7:ae:0b:03:7f:de:b0:61:dd:4d:19:0a:
         4f:48:b6:37:57:6b:b2:2a:8a:04:84:c0:55:78:f9:b7:f1:90:
         c6:13:df:53:fe:a2:2e:52:11:72:77:74:58:e1:df:ff:ac:6b:
         e1:35:96:88:ae:3b:75:ea:69:63:95:67:94:4a:00:5a:e5:91:
         2e:22:e6:04:c9:a3:7a:b3:93:05:ae:f0:58:5e:a0:7c:48:62:
         f4:a2:78:ae:a4:8f:86:bb:31:de:ac:7f:fb:fc:3e:3b:48:8d:
         cf:29:f1:c6:de:2e:e2:c4:e8:1a:82:1c:29:3a:3f:7b:c0:25:
         87:c2:43:2c:29:c8:94:0f:41:66:99:05:9e:a2:df:f5:a5:b6:
         24:97:eb:73:d0:93:36:2a:c3:23:dc:72:8b:ab:07:40:a7:4c:
         a1:de:74:63:00:0e:a0:9a:ea:c3:40:75:5a:72:75:d7:98:40:
         8c:d8:02:74:7b:3a:27:fe:ea:12:7a:d6:1b:1a:70:4a:62:de:
         d2:54:cc:18:17:44:85:af:77:40:3c:64:e7:7f:2a:44:dc:39:
         22:29:85:d8:25:28:32:1b:67:c1:e2:02:18:a2:84:bc:2e:77:
         64:f5:b2:32:dc:0c:18:83:7e:b7:81:cb:70:84:02:76:5b:40:
         af:01:21:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W5CJDPdwRQn3djjw0PsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NTg1YTJlMDhmZTQ0M2NlN2ZkMGNiZjQwNmY3YjlhZGEy
YTdjYzUwHhcNMjYwMTAxMTYxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQ0OTJiNGVlODMwOWEyNThjOTJmNzllOTZjOTdhYmU5NDBmMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsyf3bZlXTIRrkaFy8LgHqmwtKxq
XkSLgfiYKjZjjtaA69Ai23D4lCkNwpXi7SDN7q1aFCN3w4Skh+Ai/FzwEac73Tex
LCwqj3PzceAvQ3aLAspok117J7hdPIY7tTdLJg9o1riLMAxsWQ8RbwP3Wd+V+WDm
/pfe/shnagKqWcBOoyhDfX5n/aToCQB8iVzB8p/j1qHkwTbi5TQChOjfw9XGRRv9
mkYyCdXI1gzWPJn9PjxSM60wWLVAYnanbM654fzgLh8uWO/vC+ud4SYd9FfIOHee
pR4Nm5tG3VHxIZbLoxCEpiqP9iOkeAV7NQpwl3FJ3Lz6v73Djb7h3QVJOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXUkrTugwmiWMkveelsl6vpQPClMB8GA1UdIwQY
MBaAFNVYWi4I/kQ85/0Mv0Bve5raKnzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVZoYUxnai1SRHpuX1F5X1FHOTdtdG9xZk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xMzU2Y2YtYWI3OS00YzY5LTllNTUt
NjI4NDAwNjcxZDBlLzEvcGRTU3RPNkRDYUpZeVM5NTZXeVhxLWxBOEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xMzU2Y2YtYWI3OS00YzY5LTllNTUtNjI4NDAwNjcxZDBl
LzEvMVZoYUxnai1SRHpuX1F5X1FHOTdtdG9xZk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4CGMA0G
CSqGSIb3DQEBCwUAA4IBAQC2wAhRZLS3rgsDf96wYd1NGQpPSLY3V2uyKooEhMBV
ePm38ZDGE99T/qIuUhFyd3RY4d//rGvhNZaIrjt16mljlWeUSgBa5ZEuIuYEyaN6
s5MFrvBYXqB8SGL0oniupI+GuzHerH/7/D47SI3PKfHG3i7ixOgaghwpOj97wCWH
wkMsKciUD0FmmQWeot/1pbYkl+tz0JM2KsMj3HKLqwdAp0yh3nRjAA6gmurDQHVa
cnXXmECM2AJ0ezon/uoSetYbGnBKYt7SVMwYF0SFr3dAPGTnfypE3DkiKYXYJSgy
G2fB4gIYooS8Lndk9bIy3AwYg363gctwhAJ2W0CvASEm
-----END CERTIFICATE-----