This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pLnB-wlvKscUs88yLrgsE2aCjPg.roa
File:                     pLnB-wlvKscUs88yLrgsE2aCjPg.roa (raw, json)
Hash identifier:          IA5vrxUbi5M1gV6doNRIvWcvIWaGuB4DMRcKJ7P2oPY=
Subject key identifier:   A4:B9:C1:FB:09:6F:2A:C7:14:B3:CF:32:2E:B8:2C:13:66:82:8C:F8
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019B7C801DAFFF21ACABF3B606F9C8D26650
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pLnB-wlvKscUs88yLrgsE2aCjPg.roa
Signing time:             Fri 02 Jan 2026 02:18:49 +0000
ROA not before:           Fri 02 Jan 2026 02:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41951
IP address blocks:        193.252.16.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:1d:af:ff:21:ac:ab:f3:b6:06:f9:c8:d2:66:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  2 02:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4b9c1fb096f2ac714b3cf322eb82c1366828cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:44:69:8c:27:12:b1:13:39:96:b9:59:69:9a:
                    37:8a:96:2b:57:5e:9c:0e:b3:a2:a6:51:f0:17:1a:
                    e2:25:be:d5:75:a2:b0:f9:96:83:62:7f:21:3a:26:
                    2c:ca:05:89:64:b5:dd:24:ca:5a:fc:36:38:7c:35:
                    81:99:0d:fb:fd:e3:0c:06:4e:93:77:ed:62:ad:ef:
                    7a:cd:92:58:db:c5:74:6d:07:fb:a0:25:64:93:64:
                    ca:8b:de:94:74:51:2a:14:62:93:ed:62:38:45:84:
                    29:67:7b:c1:94:11:20:9b:9b:0f:22:9f:2d:eb:c1:
                    95:a9:51:20:3b:9e:75:fd:ee:a6:e6:9a:40:b2:de:
                    59:47:0a:49:d9:75:cf:01:20:b0:e1:4c:fd:e2:86:
                    52:85:1e:55:c3:ad:95:b8:8f:95:77:38:e2:31:a7:
                    85:56:55:86:f3:b5:b7:cc:37:63:31:25:db:52:00:
                    84:9e:96:0e:a9:38:b7:38:78:2f:ed:ea:98:de:6b:
                    3f:af:f6:2d:45:c8:d1:70:c6:03:16:40:f6:75:7e:
                    8d:89:66:35:97:77:e2:68:e5:08:87:41:8f:83:ab:
                    d1:54:cf:32:48:2a:f7:f6:8f:e3:12:1a:de:83:99:
                    22:23:c9:90:97:93:0c:79:18:7d:bb:8d:84:cf:c4:
                    73:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:B9:C1:FB:09:6F:2A:C7:14:B3:CF:32:2E:B8:2C:13:66:82:8C:F8
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pLnB-wlvKscUs88yLrgsE2aCjPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.252.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:0b:29:e5:d8:61:cc:21:a4:78:d1:ac:d5:dd:e8:80:34:fb:
         1c:69:41:0f:dd:a2:7e:8a:35:c2:25:51:8a:9a:76:96:f4:99:
         89:fc:13:57:94:8d:83:b5:20:68:f7:85:cd:13:7c:e2:22:cf:
         a0:8f:d2:b5:48:8e:b2:f5:1c:e3:e9:6d:cb:b1:3b:de:17:38:
         79:96:2e:0b:aa:c3:1c:6e:3e:ec:a9:47:84:ef:47:12:e5:1b:
         9f:41:af:10:4b:a1:8b:b2:d6:d9:4d:6c:91:c0:db:94:49:4e:
         06:63:df:f9:5f:13:8d:4c:35:9b:83:0f:1e:54:bd:b8:00:92:
         59:c4:f9:c6:69:32:bf:fe:04:4e:cd:42:11:97:84:49:4c:e6:
         4a:d6:df:66:14:c4:42:04:de:b7:9c:c8:cc:a2:dd:50:a6:41:
         10:b1:a3:58:39:b9:08:2e:d4:8b:4f:8b:bc:e8:7c:4f:39:b4:
         4b:cd:b8:e1:5a:3f:cf:df:1d:54:af:79:81:a5:57:0e:8b:1d:
         71:f3:c7:6d:92:17:d4:35:00:f8:d4:35:6d:1d:aa:1f:af:9e:
         58:22:bd:2d:9f:4b:ab:d8:c3:54:b6:77:10:8a:12:30:5b:92:
         14:1d:a8:20:77:d9:ae:ee:a6:2e:a9:29:e6:9a:b0:1f:df:e5:
         39:0c:b2:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gB2v/yGsq/O2BvnI0mZQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjYwMTAyMDIxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGI5YzFmYjA5NmYyYWM3MTRiM2NmMzIyZWI4MmMxMzY2ODI4Y2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1URpjCcSsRM5lrlZaZo3ipYrV16c
DrOiplHwFxriJb7VdaKw+ZaDYn8hOiYsygWJZLXdJMpa/DY4fDWBmQ37/eMMBk6T
d+1ire96zZJY28V0bQf7oCVkk2TKi96UdFEqFGKT7WI4RYQpZ3vBlBEgm5sPIp8t
68GVqVEgO551/e6m5ppAst5ZRwpJ2XXPASCw4Uz94oZShR5Vw62VuI+VdzjiMaeF
VlWG87W3zDdjMSXbUgCEnpYOqTi3OHgv7eqY3ms/r/YtRcjRcMYDFkD2dX6NiWY1
l3fiaOUIh0GPg6vRVM8ySCr39o/jEhreg5kiI8mQl5MMeRh9u42Ez8Rz1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKS5wfsJbyrHFLPPMi64LBNmgoz4MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvcExuQi13bHZLc2NVczg4eUxyZ3NFMmFDalBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwfwQMA0G
CSqGSIb3DQEBCwUAA4IBAQBgCynl2GHMIaR40azV3eiANPscaUEP3aJ+ijXCJVGK
mnaW9JmJ/BNXlI2DtSBo94XNE3ziIs+gj9K1SI6y9Rzj6W3LsTveFzh5li4LqsMc
bj7sqUeE70cS5RufQa8QS6GLstbZTWyRwNuUSU4GY9/5XxONTDWbgw8eVL24AJJZ
xPnGaTK//gROzUIRl4RJTOZK1t9mFMRCBN63nMjMot1QpkEQsaNYObkILtSLT4u8
6HxPObRLzbjhWj/P3x1Ur3mBpVcOix1x88dtkhfUNQD41DVtHaofr55YIr0tn0ur
2MNUtncQihIwW5IUHaggd9mu7qYuqSnmmrAf3+U5DLIT
-----END CERTIFICATE-----