This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/pQKPikBzd7Oz_I9lHHOOAo5keSk.roa
File:                     pQKPikBzd7Oz_I9lHHOOAo5keSk.roa (raw, json)
Hash identifier:          yDnXs+sIyJdYXEuX7spiKfyy3V1/GMh526F5IcQattQ=
Subject key identifier:   A5:02:8F:8A:40:73:77:B3:B3:FC:8F:65:1C:73:8E:02:8E:64:79:29
Certificate issuer:       /CN=54e610c2abd3664c11204580f748996555c22225
Certificate serial:       019B7C803B5C49C24843C1742A9C19CF5973
Authority key identifier: 54:E6:10:C2:AB:D3:66:4C:11:20:45:80:F7:48:99:65:55:C2:22:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VOYQwqvTZkwRIEWA90iZZVXCIiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/pQKPikBzd7Oz_I9lHHOOAo5keSk.roa
Signing time:             Fri 02 Jan 2026 02:18:57 +0000
ROA not before:           Fri 02 Jan 2026 02:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60893
IP address blocks:        193.0.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/VOYQwqvTZkwRIEWA90iZZVXCIiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/VOYQwqvTZkwRIEWA90iZZVXCIiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VOYQwqvTZkwRIEWA90iZZVXCIiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:3b:5c:49:c2:48:43:c1:74:2a:9c:19:cf:59:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54e610c2abd3664c11204580f748996555c22225
        Validity
            Not Before: Jan  2 02:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5028f8a407377b3b3fc8f651c738e028e647929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:98:ca:5e:f5:6a:53:cb:3e:36:3c:da:93:05:
                    a8:a3:6b:e8:8d:b1:15:a3:21:6a:bb:af:d4:fd:37:
                    64:92:75:83:c2:7f:d5:61:c9:e3:af:f7:ba:ab:6b:
                    ce:33:c1:03:67:1d:db:d3:27:e0:d9:f3:00:0c:25:
                    e7:40:1b:a0:49:64:10:b0:3e:e7:e7:d5:3e:14:5c:
                    0f:7f:02:01:05:69:cd:f4:be:6e:4a:5d:49:01:c7:
                    8b:4a:5e:ed:ab:ca:c4:02:31:42:89:c8:67:04:cb:
                    1a:3f:01:f9:69:14:af:2f:ca:53:60:16:7d:e2:61:
                    d8:2c:da:3c:7a:44:11:74:96:e3:cf:19:da:f7:8f:
                    b5:45:6d:c1:38:81:04:20:4d:71:45:c5:59:17:84:
                    53:d3:81:40:9b:da:ae:d2:76:66:8c:a1:ff:2f:b7:
                    1b:c4:b7:44:c0:d8:8f:83:94:99:c7:02:54:e5:a2:
                    27:45:f4:c4:19:0a:e2:c9:90:a9:e8:9a:35:44:a8:
                    c2:6e:85:77:65:e0:27:28:40:67:a0:1b:85:2b:05:
                    64:ba:32:69:b4:ba:29:14:35:2a:07:48:69:0d:76:
                    35:d7:59:9a:06:dc:d5:da:11:a7:d8:28:ee:b6:ea:
                    10:82:e5:8d:eb:17:5c:43:a5:de:4a:de:ae:d9:1a:
                    e4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:02:8F:8A:40:73:77:B3:B3:FC:8F:65:1C:73:8E:02:8E:64:79:29
            X509v3 Authority Key Identifier:
                keyid:54:E6:10:C2:AB:D3:66:4C:11:20:45:80:F7:48:99:65:55:C2:22:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VOYQwqvTZkwRIEWA90iZZVXCIiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/pQKPikBzd7Oz_I9lHHOOAo5keSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/VOYQwqvTZkwRIEWA90iZZVXCIiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:48:1f:c7:21:63:d8:c7:87:27:88:5a:e6:0b:5f:fb:fe:c3:
         1c:96:31:0f:80:db:2b:32:1e:4b:90:79:da:5c:31:88:e3:91:
         1a:90:cd:7b:17:a0:78:1e:c2:bb:94:ae:a7:0d:86:f2:b2:3c:
         f9:60:7d:66:79:85:86:a0:e4:03:93:fc:ae:10:e3:84:ec:3e:
         e2:ec:4a:00:14:6d:4b:73:78:31:74:12:28:61:c0:83:6e:3c:
         4e:c3:be:17:5d:ee:cb:16:b8:c7:7d:2f:14:e0:23:cc:a7:2f:
         e5:f0:04:f9:a1:d0:74:f5:a1:e0:2e:a3:c4:7e:87:7c:be:ac:
         45:ce:ce:75:61:07:a6:d6:05:f9:b7:c2:a6:d5:27:f2:d9:17:
         3b:7e:84:0a:d2:41:6e:cb:11:42:60:c6:d5:56:f7:ee:64:47:
         cc:5f:67:0a:04:d9:b4:ed:de:91:ad:de:1c:ea:ad:a9:ed:fd:
         02:fa:c5:6e:c4:86:f6:65:bc:7c:ac:03:3b:cc:8b:ab:24:ea:
         2b:10:27:58:69:88:e4:4f:ff:a2:7e:a5:07:47:0f:47:9c:5a:
         f1:ec:44:00:15:4e:39:1b:23:51:8b:57:1a:f6:72:34:de:38:
         dd:fc:ec:15:21:2a:c7:46:28:5a:a3:49:bc:96:b6:cb:98:9e:
         af:d1:b3:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gDtcScJIQ8F0KpwZz1lzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ZTYxMGMyYWJkMzY2NGMxMTIwNDU4MGY3NDg5OTY1NTVj
MjIyMjUwHhcNMjYwMTAyMDIxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTAyOGY4YTQwNzM3N2IzYjNmYzhmNjUxYzczOGUwMjhlNjQ3OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pjKXvVqU8s+NjzakwWoo2vojbEV
oyFqu6/U/TdkknWDwn/VYcnjr/e6q2vOM8EDZx3b0yfg2fMADCXnQBugSWQQsD7n
59U+FFwPfwIBBWnN9L5uSl1JAceLSl7tq8rEAjFCichnBMsaPwH5aRSvL8pTYBZ9
4mHYLNo8ekQRdJbjzxna94+1RW3BOIEEIE1xRcVZF4RT04FAm9qu0nZmjKH/L7cb
xLdEwNiPg5SZxwJU5aInRfTEGQriyZCp6Jo1RKjCboV3ZeAnKEBnoBuFKwVkujJp
tLopFDUqB0hpDXY111maBtzV2hGn2CjutuoQguWN6xdcQ6XeSt6u2RrkuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUCj4pAc3ezs/yPZRxzjgKOZHkpMB8GA1UdIwQY
MBaAFFTmEMKr02ZMESBFgPdImWVVwiIlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk9ZUXdxdlRaa3dSSUVXQTkwaVpaVlhDSWlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9mMjAzM2EtMjBlNy00NjFlLWE1NmIt
NDg5ZWUwZjFlZTYzLzEvcFFLUGlrQnpkN096X0k5bEhIT09BbzVrZVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9mMjAzM2EtMjBlNy00NjFlLWE1NmItNDg5ZWUwZjFlZTYz
LzEvVk9ZUXdxdlRaa3dSSUVXQTkwaVpaVlhDSWlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDpMA0G
CSqGSIb3DQEBCwUAA4IBAQAuSB/HIWPYx4cniFrmC1/7/sMcljEPgNsrMh5LkHna
XDGI45EakM17F6B4HsK7lK6nDYbysjz5YH1meYWGoOQDk/yuEOOE7D7i7EoAFG1L
c3gxdBIoYcCDbjxOw74XXe7LFrjHfS8U4CPMpy/l8AT5odB09aHgLqPEfod8vqxF
zs51YQem1gX5t8Km1Sfy2Rc7foQK0kFuyxFCYMbVVvfuZEfMX2cKBNm07d6Rrd4c
6q2p7f0C+sVuxIb2Zbx8rAM7zIurJOorECdYaYjkT/+ifqUHRw9HnFrx7EQAFU45
GyNRi1ca9nI03jjd/OwVISrHRihao0m8lrbLmJ6v0bNp
-----END CERTIFICATE-----