This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/PYWU_RF9KCEHExOcrGZnBOpnB-4.roa
File:                     PYWU_RF9KCEHExOcrGZnBOpnB-4.roa (raw, json)
Hash identifier:          f0fVXG/hovvTJl8KzpzSKb0MupU8bmPJlIET0byULUM=
Subject key identifier:   3D:85:94:FD:11:7D:28:21:07:13:13:9C:AC:66:67:04:EA:67:07:EE
Certificate issuer:       /CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
Certificate serial:       019B7EA751E1E6871EB19E4951156875DA57
Authority key identifier: F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/PYWU_RF9KCEHExOcrGZnBOpnB-4.roa
Signing time:             Fri 02 Jan 2026 12:20:53 +0000
ROA not before:           Fri 02 Jan 2026 12:20:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207821
IP address blocks:        2a0a:2782::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:51:e1:e6:87:1e:b1:9e:49:51:15:68:75:da:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
        Validity
            Not Before: Jan  2 12:20:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d8594fd117d28210713139cac666704ea6707ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:16:c3:98:b8:87:61:26:68:ea:0f:80:8b:ba:
                    df:13:1c:09:c5:55:b6:ab:d6:de:d6:ac:83:ca:71:
                    21:73:ab:64:27:28:20:a8:75:7d:f4:a4:23:45:3a:
                    c6:fc:a0:cf:db:e9:8b:25:1d:06:78:e6:62:8d:f2:
                    19:cc:24:56:7c:ee:1d:0d:83:a9:04:aa:cc:52:80:
                    5f:17:8d:3e:83:bb:7f:2b:48:ae:c2:c1:b1:23:21:
                    e1:5e:bf:8f:4a:2e:4e:da:84:d6:b2:1f:21:6f:93:
                    23:b7:7f:ce:29:a6:bf:6a:34:5a:8d:db:4c:ae:3e:
                    9d:1c:d5:63:64:3d:07:2a:e8:8e:31:28:8d:17:b4:
                    eb:48:47:7c:a4:f8:20:ea:a3:b9:61:18:d3:ac:09:
                    dc:88:2a:45:96:ea:0b:b9:71:af:08:41:a9:03:87:
                    4d:d1:e6:bc:3c:7b:86:8b:39:2f:da:47:49:4b:56:
                    a5:53:9f:68:51:54:d6:e6:3e:e1:01:71:f0:5d:f9:
                    e2:b9:93:08:7d:37:0c:15:70:16:ae:fb:36:ba:35:
                    3c:bd:d0:60:36:0c:ab:2f:a6:0d:ad:de:b1:8a:81:
                    57:eb:65:6b:e0:13:d3:8a:01:41:93:60:14:55:84:
                    82:b9:cc:1e:c4:90:2b:af:4c:33:b5:f4:db:87:4f:
                    58:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:85:94:FD:11:7D:28:21:07:13:13:9C:AC:66:67:04:EA:67:07:EE
            X509v3 Authority Key Identifier:
                keyid:F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/PYWU_RF9KCEHExOcrGZnBOpnB-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2782::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:9e:5f:e0:81:8e:6a:4c:4c:84:eb:4a:cf:dc:ac:e4:3b:5d:
         89:b2:28:ab:c3:75:66:b8:47:86:c8:65:45:40:a4:3a:09:28:
         18:fd:c9:96:fe:cd:f1:3d:33:55:1c:d8:33:cb:cb:02:ae:4b:
         52:78:2e:4a:9b:67:17:08:08:91:32:10:3d:be:47:4c:3f:03:
         9b:6c:c9:be:9b:3f:5e:4e:b4:50:7e:77:3b:82:2b:e5:6a:5c:
         2d:84:6e:9c:a3:29:33:af:b3:4f:d9:0b:20:0a:9b:48:69:e4:
         ff:32:78:7b:e6:38:3c:89:8e:ab:32:e9:ec:9a:f8:31:a8:a5:
         6c:3b:89:20:94:91:62:2a:65:28:c8:97:19:51:0c:6b:21:6f:
         d4:ee:db:af:2c:00:3a:1b:44:4a:0e:77:05:cb:e4:53:2e:cc:
         29:92:8b:80:71:7a:32:c0:70:ee:5b:da:69:cf:ad:49:c6:78:
         3d:87:3c:b0:03:36:b1:e3:16:23:23:44:48:f8:22:21:2f:cf:
         3b:fe:b1:a9:66:ad:72:79:64:88:8c:2d:b6:37:bf:c2:51:3a:
         e0:51:d4:9e:ff:e2:19:11:85:cb:7c:81:de:f7:09:4a:dd:ff:
         07:cf:1b:86:de:1c:8a:11:5d:b1:ac:0f:eb:62:a7:cf:39:fc:
         bc:07:5f:74
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+p1Hh5ocesZ5JURVoddpXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGJhZTYwOTcwYTJkZmM4NmRkNjA3YzViOTE1YWQ1YzUz
NGI0MTMwHhcNMjYwMTAyMTIyMDUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDg1OTRmZDExN2QyODIxMDcxMzEzOWNhYzY2NjcwNGVhNjcwN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBbDmLiHYSZo6g+Ai7rfExwJxVW2
q9be1qyDynEhc6tkJyggqHV99KQjRTrG/KDP2+mLJR0GeOZijfIZzCRWfO4dDYOp
BKrMUoBfF40+g7t/K0iuwsGxIyHhXr+PSi5O2oTWsh8hb5Mjt3/OKaa/ajRajdtM
rj6dHNVjZD0HKuiOMSiNF7TrSEd8pPgg6qO5YRjTrAnciCpFluoLuXGvCEGpA4dN
0ea8PHuGizkv2kdJS1alU59oUVTW5j7hAXHwXfniuZMIfTcMFXAWrvs2ujU8vdBg
NgyrL6YNrd6xioFX62Vr4BPTigFBk2AUVYSCucwexJArr0wztfTbh09YTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD2FlP0RfSghBxMTnKxmZwTqZwfuMB8GA1UdIwQY
MBaAFPULrmCXCi38ht1gfFuRWtXFNLQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDIt
MzY2NTA2N2RiMjU2LzEvUFlXVV9SRjlLQ0VIRXhPY3JHWm5CT3BuQi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDItMzY2NTA2N2RiMjU2
LzEvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgongjAN
BgkqhkiG9w0BAQsFAAOCAQEAMZ5f4IGOakxMhOtKz9ys5DtdibIoq8N1ZrhHhshl
RUCkOgkoGP3Jlv7N8T0zVRzYM8vLAq5LUnguSptnFwgIkTIQPb5HTD8Dm2zJvps/
Xk60UH53O4Ir5WpcLYRunKMpM6+zT9kLIAqbSGnk/zJ4e+Y4PImOqzLp7Jr4Mail
bDuJIJSRYiplKMiXGVEMayFv1O7brywAOhtESg53BcvkUy7MKZKLgHF6MsBw7lva
ac+tScZ4PYc8sAM2seMWIyNESPgiIS/PO/6xqWatcnlkiIwttje/wlE64FHUnv/i
GRGFy3yB3vcJSt3/B88bht4cihFdsawP62Knzzn8vAdfdA==
-----END CERTIFICATE-----