This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/pcfa9kNxHi2aJyxt5hc9roZtJzU.roa
File:                     pcfa9kNxHi2aJyxt5hc9roZtJzU.roa (raw, json)
Hash identifier:          9S6NKqyeBAK6mURGggjkgkgQpfBzxghpe/z/tHMSurg=
Subject key identifier:   A5:C7:DA:F6:43:71:1E:2D:9A:27:2C:6D:E6:17:3D:AE:86:6D:27:35
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F84EF6B6534AFFE78E1769C3D961515
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/pcfa9kNxHi2aJyxt5hc9roZtJzU.roa
Signing time:             Fri 02 Jan 2026 16:22:56 +0000
ROA not before:           Fri 02 Jan 2026 16:22:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201147
IP address blocks:        95.46.176.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:ef:6b:65:34:af:fe:78:e1:76:9c:3d:96:15:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:22:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5c7daf643711e2d9a272c6de6173dae866d2735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5e:de:16:61:2a:21:be:2f:25:0a:f3:08:b1:
                    6e:76:8f:46:3e:2e:e5:8d:ed:9d:03:c5:0f:0e:a4:
                    30:e9:ab:94:eb:8f:0d:b4:0d:70:49:a8:3a:89:db:
                    db:78:89:e9:46:84:aa:cb:18:65:b4:0e:0b:4c:f3:
                    61:61:b7:25:2f:a8:a1:0a:58:91:7d:7b:9b:6f:f6:
                    93:4a:a2:b8:8a:70:61:ed:d7:d9:41:3f:78:61:dd:
                    f3:2d:d1:36:0f:e5:1f:c5:38:64:9d:93:c0:52:2d:
                    33:11:24:59:cf:ac:bf:71:74:19:6e:88:bb:19:6c:
                    b5:6f:37:d8:57:a7:02:82:17:f3:70:5b:ff:ce:da:
                    8c:4c:e3:de:bf:f1:71:f6:e6:d9:62:2f:1b:f7:10:
                    43:3d:43:dd:ca:67:77:57:fd:f5:09:68:43:22:f7:
                    72:73:b6:c8:1a:ca:b2:b4:5c:73:d2:d8:d8:c7:9e:
                    40:93:49:3e:38:fa:c1:ef:2a:83:cc:33:ab:2e:9e:
                    f8:22:1d:10:59:5a:b6:65:9e:52:05:af:0c:6d:bb:
                    67:9f:3a:6e:00:17:c6:f1:96:e9:03:1d:a5:1d:e2:
                    53:61:1c:b6:42:4a:00:8b:33:39:6f:d1:b9:e2:d7:
                    c9:8e:17:0a:a7:45:ef:c8:ce:6d:2a:4e:8c:18:03:
                    02:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:C7:DA:F6:43:71:1E:2D:9A:27:2C:6D:E6:17:3D:AE:86:6D:27:35
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/pcfa9kNxHi2aJyxt5hc9roZtJzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:70:19:a3:18:f4:d7:eb:0a:78:0b:9f:b9:29:f7:04:35:72:
         e6:0d:71:72:f8:a9:65:2a:9f:84:da:d1:e0:90:5c:37:9d:f1:
         89:ea:94:8d:44:3b:7d:ba:52:58:e0:ab:5a:e6:3d:c9:20:00:
         01:b4:d9:c3:65:42:41:b8:c7:3f:ad:db:48:f0:85:c3:84:ca:
         c0:a9:2d:ed:a2:f7:79:e7:8b:94:43:1d:8d:0e:fa:44:1a:e2:
         45:af:b3:e8:36:b3:af:83:10:e9:9a:27:37:eb:f8:d8:2f:cb:
         6f:67:96:92:31:a5:a2:8f:47:d0:36:2e:59:ae:2d:38:d3:2c:
         36:3b:08:51:b8:86:cd:eb:41:4d:1a:95:26:f2:e9:48:10:6f:
         52:ab:eb:59:5f:a5:ff:ff:0e:a7:08:40:87:7a:dd:82:fd:67:
         b1:6c:8c:a5:a5:62:11:e9:1f:3a:12:7e:0d:ae:c0:93:ce:50:
         03:2c:ec:18:d0:0e:8a:79:f6:86:7e:c0:f8:89:fc:93:4f:8e:
         80:e5:2c:fa:2b:9d:e4:27:d3:bd:83:66:8b:27:26:d0:bd:42:
         20:95:95:f5:a6:6a:f5:cf:c1:0c:80:5b:d2:a6:89:3b:47:ed:
         de:09:de:23:94:db:7f:50:4f:22:0b:05:cc:d8:88:5a:f7:06:
         e7:87:f3:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hO9rZTSv/njhdpw9lhUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMjU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWM3ZGFmNjQzNzExZTJkOWEyNzJjNmRlNjE3M2RhZTg2NmQyNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF7eFmEqIb4vJQrzCLFudo9GPi7l
je2dA8UPDqQw6auU648NtA1wSag6idvbeInpRoSqyxhltA4LTPNhYbclL6ihCliR
fXubb/aTSqK4inBh7dfZQT94Yd3zLdE2D+UfxThknZPAUi0zESRZz6y/cXQZboi7
GWy1bzfYV6cCghfzcFv/ztqMTOPev/Fx9ubZYi8b9xBDPUPdymd3V/31CWhDIvdy
c7bIGsqytFxz0tjYx55Ak0k+OPrB7yqDzDOrLp74Ih0QWVq2ZZ5SBa8Mbbtnnzpu
ABfG8ZbpAx2lHeJTYRy2QkoAizM5b9G54tfJjhcKp0XvyM5tKk6MGAMCGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXH2vZDcR4tmicsbeYXPa6GbSc1MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcGNmYTlrTnhIaTJhSnl4dDVoYzlyb1p0SnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXy6wMA0G
CSqGSIb3DQEBCwUAA4IBAQA9cBmjGPTX6wp4C5+5KfcENXLmDXFy+KllKp+E2tHg
kFw3nfGJ6pSNRDt9ulJY4Kta5j3JIAABtNnDZUJBuMc/rdtI8IXDhMrAqS3tovd5
54uUQx2NDvpEGuJFr7PoNrOvgxDpmic36/jYL8tvZ5aSMaWij0fQNi5Zri040yw2
OwhRuIbN60FNGpUm8ulIEG9Sq+tZX6X//w6nCECHet2C/WexbIylpWIR6R86En4N
rsCTzlADLOwY0A6KefaGfsD4ifyTT46A5Sz6K53kJ9O9g2aLJybQvUIglZX1pmr1
z8EMgFvSpok7R+3eCd4jlNt/UE8iCwXM2Iha9wbnh/Mq
-----END CERTIFICATE-----