This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pIcoyToimyF7i1dzfEhaVCGcbC0.roa
File:                     pIcoyToimyF7i1dzfEhaVCGcbC0.roa (raw, json)
Hash identifier:          +WXJYdbn5DWzmwp5OTrQs25XNaQLNWWRZ33YNV1JRKU=
Subject key identifier:   A4:87:28:C9:3A:22:9B:21:7B:8B:57:73:7C:48:5A:54:21:9C:6C:2D
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019B7C8021AFB3DFEEA2A801337B336D9F17
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pIcoyToimyF7i1dzfEhaVCGcbC0.roa
Signing time:             Fri 02 Jan 2026 02:18:50 +0000
ROA not before:           Fri 02 Jan 2026 02:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198855
IP address blocks:        90.83.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:21:af:b3:df:ee:a2:a8:01:33:7b:33:6d:9f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  2 02:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a48728c93a229b217b8b57737c485a54219c6c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:02:d8:7e:9b:7b:91:82:3a:ca:f2:4a:4f:7e:
                    a2:75:7e:a5:56:39:6f:40:9a:e6:7e:e1:e0:72:69:
                    5f:95:eb:65:51:ef:d8:14:57:a6:84:cb:a5:66:c7:
                    72:a9:90:c9:c8:31:bc:49:5b:0d:d3:e6:11:d3:f9:
                    b4:8d:fe:85:45:45:1f:a5:79:d6:2b:1f:04:3c:8c:
                    51:9b:bd:e8:a2:6c:81:fd:8a:b2:19:30:8b:2e:81:
                    59:63:05:f2:94:46:cc:ea:7f:31:2e:62:d1:00:db:
                    b5:0a:32:fe:f5:e9:2d:ad:08:f1:46:16:bb:ac:d5:
                    c5:06:79:87:d2:61:ef:a3:51:03:d5:20:62:b0:24:
                    66:50:18:62:59:a1:86:fb:44:50:f0:f2:70:2a:06:
                    41:58:72:c7:9d:d6:bb:2a:99:83:6f:2c:a0:e3:26:
                    3f:13:b9:24:d8:99:f6:61:7a:39:65:b6:3c:73:f4:
                    c3:01:ca:dc:97:d1:27:21:80:8f:32:df:55:78:2d:
                    47:45:bd:af:3f:0c:06:23:88:30:9b:3d:70:e7:1a:
                    34:60:c4:7f:80:3b:80:9b:b2:b8:75:51:bd:d5:14:
                    bf:db:3a:cf:1c:f2:fb:92:54:93:47:9f:80:ad:18:
                    d7:30:e9:65:50:3e:2a:b0:39:15:96:9d:10:51:d8:
                    aa:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:87:28:C9:3A:22:9B:21:7B:8B:57:73:7C:48:5A:54:21:9C:6C:2D
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pIcoyToimyF7i1dzfEhaVCGcbC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.83.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:30:4d:ae:bf:9b:71:7f:f3:9d:9c:18:f2:16:71:51:de:e6:
         5e:f3:14:8e:4e:e2:41:76:19:00:cc:1e:e7:c4:3e:54:87:c6:
         a8:97:88:39:29:a0:01:11:91:90:fa:93:a8:a0:3e:77:63:b2:
         71:e7:f2:5f:f1:ed:5d:aa:47:e5:36:2c:0d:92:6a:41:79:c9:
         96:25:de:8e:95:23:5b:ca:75:6d:bc:99:ae:37:66:2a:2d:1a:
         44:39:2e:b6:d1:0b:d0:69:d2:9d:9c:2c:e3:c3:cb:7b:cd:09:
         ce:30:f9:5e:27:7c:99:27:eb:cf:11:19:f2:89:72:74:c3:c7:
         16:db:01:76:d1:23:17:58:bb:37:64:50:4c:9c:98:54:89:78:
         0c:33:fe:ad:05:58:72:a8:5e:09:6d:20:1a:79:b2:7c:ab:bf:
         03:25:d0:b6:24:d9:bd:7b:d0:c3:65:1f:9e:c6:70:65:b1:d0:
         58:18:47:6a:67:26:81:70:e7:24:7f:ef:cb:ff:95:e5:24:ad:
         78:d0:8c:1e:0a:b9:23:94:8c:8f:23:bb:ce:2a:22:ca:3f:56:
         dc:4c:a4:d0:b2:fb:c0:89:f3:c7:37:24:fc:e1:2b:ee:0b:ae:
         21:87:5d:75:a6:36:c9:4d:12:32:88:f8:d4:18:fa:2d:99:21:
         3d:c7:7a:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gCGvs9/uoqgBM3szbZ8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjYwMTAyMDIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDg3MjhjOTNhMjI5YjIxN2I4YjU3NzM3YzQ4NWE1NDIxOWM2YzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQLYfpt7kYI6yvJKT36idX6lVjlv
QJrmfuHgcmlfletlUe/YFFemhMulZsdyqZDJyDG8SVsN0+YR0/m0jf6FRUUfpXnW
Kx8EPIxRm73oomyB/YqyGTCLLoFZYwXylEbM6n8xLmLRANu1CjL+9ektrQjxRha7
rNXFBnmH0mHvo1ED1SBisCRmUBhiWaGG+0RQ8PJwKgZBWHLHnda7KpmDbyyg4yY/
E7kk2Jn2YXo5ZbY8c/TDAcrcl9EnIYCPMt9VeC1HRb2vPwwGI4gwmz1w5xo0YMR/
gDuAm7K4dVG91RS/2zrPHPL7klSTR5+ArRjXMOllUD4qsDkVlp0QUdiqZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSHKMk6Ipshe4tXc3xIWlQhnGwtMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvcEljb3lUb2lteUY3aTFkemZFaGFWQ0djYkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWlN8MA0G
CSqGSIb3DQEBCwUAA4IBAQBbME2uv5txf/OdnBjyFnFR3uZe8xSOTuJBdhkAzB7n
xD5Uh8aol4g5KaABEZGQ+pOooD53Y7Jx5/Jf8e1dqkflNiwNkmpBecmWJd6OlSNb
ynVtvJmuN2YqLRpEOS620QvQadKdnCzjw8t7zQnOMPleJ3yZJ+vPERnyiXJ0w8cW
2wF20SMXWLs3ZFBMnJhUiXgMM/6tBVhyqF4JbSAaebJ8q78DJdC2JNm9e9DDZR+e
xnBlsdBYGEdqZyaBcOckf+/L/5XlJK140IweCrkjlIyPI7vOKiLKP1bcTKTQsvvA
ifPHNyT84SvuC64hh111pjbJTRIyiPjUGPotmSE9x3pJ
-----END CERTIFICATE-----