This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/P57pBOqGneOmABT7mOVT23yR8ZM.roa
File:                     P57pBOqGneOmABT7mOVT23yR8ZM.roa (raw, json)
Hash identifier:          uASaFxIcHVgVBO5AXWjUQ2GkAsE2WCzyWuZIEHId00A=
Subject key identifier:   3F:9E:E9:04:EA:86:9D:E3:A6:00:14:FB:98:E5:53:DB:7C:91:F1:93
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F84B3947AB37945C5AEC5ADE315548D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/P57pBOqGneOmABT7mOVT23yR8ZM.roa
Signing time:             Fri 02 Jan 2026 16:22:41 +0000
ROA not before:           Fri 02 Jan 2026 16:22:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48485
IP address blocks:        146.120.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:b3:94:7a:b3:79:45:c5:ae:c5:ad:e3:15:54:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:22:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f9ee904ea869de3a60014fb98e553db7c91f193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:cb:af:a9:8f:d4:a4:90:72:40:a5:f7:6f:b2:
                    ad:80:ac:d7:5b:10:a5:32:9a:b4:3c:ce:82:66:a8:
                    20:5c:93:5c:d2:4d:de:77:e0:8e:e2:dd:04:ae:7d:
                    af:95:5a:49:cc:b0:30:ce:7a:ca:7e:d9:46:9f:7f:
                    d9:ec:3d:c1:d6:df:c6:a8:79:de:61:99:3a:84:9c:
                    2b:4a:f6:22:88:bb:93:4c:47:a7:d2:cc:d5:76:dc:
                    cb:cb:72:67:64:95:12:92:e2:a7:48:fc:cf:39:df:
                    70:89:d4:ea:78:a1:1d:ad:ec:c0:81:7f:0d:57:79:
                    48:7d:65:2f:73:3e:11:b6:db:fa:f8:76:38:cb:92:
                    a0:f2:9b:68:fe:a9:ec:50:ea:27:e9:5a:0b:e3:41:
                    de:d8:4e:90:5d:c1:64:98:0d:d0:dd:fb:8f:57:5c:
                    96:d0:fb:2f:6f:6d:4e:f2:f6:2f:03:16:a1:06:f8:
                    83:33:1c:26:a1:68:f0:63:ca:53:a9:a2:eb:f5:4a:
                    f9:ce:5b:95:b4:66:a2:44:c9:5f:ca:c0:a5:2f:1a:
                    ee:5f:c1:8d:3e:b3:32:b3:3d:93:63:f9:b5:2d:18:
                    2f:1a:05:fd:f9:b1:f2:8b:4a:3e:d4:b1:5a:90:34:
                    2a:16:08:ab:06:19:1d:3c:3b:60:8b:c8:2b:ad:94:
                    27:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9E:E9:04:EA:86:9D:E3:A6:00:14:FB:98:E5:53:DB:7C:91:F1:93
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/P57pBOqGneOmABT7mOVT23yR8ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:6d:09:15:87:8b:13:e3:72:30:c1:cb:23:f7:33:79:37:48:
         71:e8:fb:c1:b4:ef:67:d4:8f:52:dc:4e:72:97:ba:f0:e3:86:
         06:3f:54:ca:4d:7a:49:37:de:25:de:0f:07:fd:6b:bc:8e:2e:
         21:4c:48:f1:7d:9b:f9:c5:5e:1c:88:c0:d5:55:35:0b:71:c6:
         ca:24:e3:31:43:cc:9f:d3:d6:37:f0:e4:f0:60:c1:fe:bb:25:
         30:00:06:ef:20:91:48:cd:92:cb:29:22:a5:47:54:90:68:b7:
         c4:49:c3:86:9e:7d:58:42:94:08:c8:9a:36:93:b0:b3:55:fe:
         28:e1:bc:26:a4:93:5f:b9:34:db:46:48:77:dc:fc:eb:9a:8e:
         c5:93:34:2b:09:d0:84:a5:3f:ab:87:b8:09:0e:f7:fd:56:5f:
         04:e1:21:54:3a:68:c4:09:63:4b:97:20:53:ce:86:48:55:ad:
         e1:48:db:9b:43:e4:a4:11:08:af:0f:b9:54:90:3c:84:8f:60:
         1a:3e:e9:91:2d:70:ce:dd:aa:9f:14:e2:41:70:37:aa:43:d1:
         ec:e1:38:27:c4:32:d2:02:1a:f3:8e:9b:4b:11:7e:77:c6:1f:
         3f:d9:17:d4:67:83:c5:ea:f7:72:07:34:73:c5:36:c7:57:74:
         65:b0:cc:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hLOUerN5RcWuxa3jFVSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMjQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjllZTkwNGVhODY5ZGUzYTYwMDE0ZmI5OGU1NTNkYjdjOTFmMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA98uvqY/UpJByQKX3b7KtgKzXWxCl
Mpq0PM6CZqggXJNc0k3ed+CO4t0Ern2vlVpJzLAwznrKftlGn3/Z7D3B1t/GqHne
YZk6hJwrSvYiiLuTTEen0szVdtzLy3JnZJUSkuKnSPzPOd9widTqeKEdrezAgX8N
V3lIfWUvcz4Rttv6+HY4y5Kg8pto/qnsUOon6VoL40He2E6QXcFkmA3Q3fuPV1yW
0Psvb21O8vYvAxahBviDMxwmoWjwY8pTqaLr9Ur5zluVtGaiRMlfysClLxruX8GN
PrMysz2TY/m1LRgvGgX9+bHyi0o+1LFakDQqFgirBhkdPDtgi8grrZQnXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+e6QTqhp3jpgAU+5jlU9t8kfGTMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUDU3cEJPcUduZU9tQUJUN21PVlQyM3lSOFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCknhoMA0G
CSqGSIb3DQEBCwUAA4IBAQCwbQkVh4sT43Iwwcsj9zN5N0hx6PvBtO9n1I9S3E5y
l7rw44YGP1TKTXpJN94l3g8H/Wu8ji4hTEjxfZv5xV4ciMDVVTULccbKJOMxQ8yf
09Y38OTwYMH+uyUwAAbvIJFIzZLLKSKlR1SQaLfEScOGnn1YQpQIyJo2k7CzVf4o
4bwmpJNfuTTbRkh33Pzrmo7FkzQrCdCEpT+rh7gJDvf9Vl8E4SFUOmjECWNLlyBT
zoZIVa3hSNubQ+SkEQivD7lUkDyEj2AaPumRLXDO3aqfFOJBcDeqQ9Hs4TgnxDLS
AhrzjptLEX53xh8/2RfUZ4PF6vdyBzRzxTbHV3RlsMwY
-----END CERTIFICATE-----