This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pL_9VtqV48O_W4pMJlq4v6gmbq8.roa
File:                     pL_9VtqV48O_W4pMJlq4v6gmbq8.roa (raw, json)
Hash identifier:          DQX61IrACv1/aNlspdwXtpIuuY4CwUtsn0D9LwCtDVY=
Subject key identifier:   A4:BF:FD:56:DA:95:E3:C3:BF:5B:8A:4C:26:5A:B8:BF:A8:26:6E:AF
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019B7C8010B05B997BFB5833610F8B20ACAB
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pL_9VtqV48O_W4pMJlq4v6gmbq8.roa
Signing time:             Fri 02 Jan 2026 02:18:46 +0000
ROA not before:           Fri 02 Jan 2026 02:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16550
IP address blocks:        194.2.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:10:b0:5b:99:7b:fb:58:33:61:0f:8b:20:ac:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  2 02:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4bffd56da95e3c3bf5b8a4c265ab8bfa8266eaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:d8:0b:bb:14:b1:a9:25:b7:40:77:0e:f9:
                    03:89:64:d2:76:a7:29:8a:e2:af:bc:2e:1d:ea:64:
                    df:70:8d:3b:3a:ac:74:0a:34:ff:73:53:d1:83:f8:
                    5f:30:58:31:02:fa:89:5f:39:a3:21:e5:01:f6:4e:
                    8b:4e:86:d3:85:ff:ea:74:2c:32:24:60:8c:6f:3f:
                    6c:b8:11:7f:e6:27:fc:5c:92:61:15:6b:c9:70:f6:
                    60:14:50:35:fb:32:63:34:2e:c4:5f:ab:93:d4:a6:
                    3a:e9:b9:75:a6:5a:d2:c3:2a:47:13:fd:9a:a2:9e:
                    e9:42:76:d8:25:5c:89:a1:34:62:a3:b2:02:97:22:
                    42:81:d9:07:45:d3:eb:f6:97:35:8e:3f:a8:9b:ee:
                    92:9f:09:5b:22:8e:7c:47:c5:c1:55:82:cf:b8:b4:
                    05:78:e1:2e:6d:eb:41:c1:5d:b1:26:33:42:a5:d6:
                    58:6d:64:76:a7:01:98:26:2f:40:c7:e8:ec:b8:59:
                    a9:2d:be:67:a1:b9:27:20:98:a8:0c:ca:1d:65:89:
                    89:50:fb:2b:2d:76:74:b4:ba:77:ff:36:d2:69:ec:
                    cf:23:1f:88:fc:50:09:9f:95:c4:42:b6:0e:36:80:
                    05:07:5b:50:6e:f2:c2:eb:bc:5c:68:63:9e:fd:7a:
                    04:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BF:FD:56:DA:95:E3:C3:BF:5B:8A:4C:26:5A:B8:BF:A8:26:6E:AF
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pL_9VtqV48O_W4pMJlq4v6gmbq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.2.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:78:fc:0f:47:d9:d7:23:0d:98:ff:a9:d8:e9:3f:17:42:4d:
         ef:2e:62:be:fe:8d:d1:40:4a:dd:42:9e:1f:a9:4a:6e:43:99:
         e6:37:ba:cd:0f:2d:8d:24:95:23:f4:e1:67:fc:2a:d6:30:43:
         22:be:50:57:16:29:ee:c8:a4:66:e0:61:e6:22:f5:32:4c:34:
         e2:35:bf:fa:44:3d:ab:91:36:fb:b8:6e:75:a2:b3:dd:6a:7e:
         d9:15:1e:28:d4:eb:d0:20:6d:4a:b4:9c:93:00:e7:7b:11:b3:
         fc:ba:77:91:40:c7:3a:94:3c:fb:b9:a0:de:b0:b2:54:fe:60:
         dd:0e:a6:b2:62:a2:0e:19:d8:5b:7c:7b:d7:6b:c3:0f:b4:f6:
         00:6a:29:eb:14:02:b7:94:38:7b:b3:fd:7f:6b:b6:22:82:4f:
         4f:86:e2:db:a8:3d:f7:d7:c1:f9:9d:c8:c3:fd:08:89:f3:0d:
         64:d3:c0:3e:a6:02:d3:50:f3:e2:81:a6:73:c8:d0:16:9d:ea:
         b8:e1:60:57:34:43:c1:11:03:92:f3:07:fb:4e:d0:2b:09:86:
         11:54:31:54:1b:c4:f7:68:bb:f1:19:f7:15:5a:d1:3f:27:92:
         4f:16:d9:68:74:93:7a:e6:14:be:bd:8c:53:b7:69:ac:f9:ef:
         9d:aa:69:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gBCwW5l7+1gzYQ+LIKyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjYwMTAyMDIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJmZmQ1NmRhOTVlM2MzYmY1YjhhNGMyNjVhYjhiZmE4MjY2ZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8vYC7sUsaklt0B3DvkDiWTSdqcp
iuKvvC4d6mTfcI07Oqx0CjT/c1PRg/hfMFgxAvqJXzmjIeUB9k6LTobThf/qdCwy
JGCMbz9suBF/5if8XJJhFWvJcPZgFFA1+zJjNC7EX6uT1KY66bl1plrSwypHE/2a
op7pQnbYJVyJoTRio7IClyJCgdkHRdPr9pc1jj+om+6SnwlbIo58R8XBVYLPuLQF
eOEubetBwV2xJjNCpdZYbWR2pwGYJi9Ax+jsuFmpLb5nobknIJioDModZYmJUPsr
LXZ0tLp3/zbSaezPIx+I/FAJn5XEQrYONoAFB1tQbvLC67xcaGOe/XoE3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKS//VbalePDv1uKTCZauL+oJm6vMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvcExfOVZ0cVY0OE9fVzRwTUpscTR2NmdtYnE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgK+MA0G
CSqGSIb3DQEBCwUAA4IBAQB5ePwPR9nXIw2Y/6nY6T8XQk3vLmK+/o3RQErdQp4f
qUpuQ5nmN7rNDy2NJJUj9OFn/CrWMEMivlBXFinuyKRm4GHmIvUyTDTiNb/6RD2r
kTb7uG51orPdan7ZFR4o1OvQIG1KtJyTAOd7EbP8uneRQMc6lDz7uaDesLJU/mDd
DqayYqIOGdhbfHvXa8MPtPYAainrFAK3lDh7s/1/a7Yigk9PhuLbqD3318H5ncjD
/QiJ8w1k08A+pgLTUPPigaZzyNAWneq44WBXNEPBEQOS8wf7TtArCYYRVDFUG8T3
aLvxGfcVWtE/J5JPFtlodJN65hS+vYxTt2ms+e+dqmlT
-----END CERTIFICATE-----