This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/P_0fPPHdVSH1nSzBIL-338Vq_pI.roa
File:                     P_0fPPHdVSH1nSzBIL-338Vq_pI.roa (raw, json)
Hash identifier:          9ditkG70ePQAxXpfek3qBSJPqjGLL2+zJ6g+INtw2EQ=
Subject key identifier:   3F:FD:1F:3C:F1:DD:55:21:F5:9D:2C:C1:20:BF:B7:DF:C5:6A:FE:92
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019B76EAF13D62F745171C1D21777693E482
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/P_0fPPHdVSH1nSzBIL-338Vq_pI.roa
Signing time:             Thu 01 Jan 2026 00:17:47 +0000
ROA not before:           Thu 01 Jan 2026 00:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56850
IP address blocks:        185.248.184.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f1:3d:62:f7:45:17:1c:1d:21:77:76:93:e4:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 00:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ffd1f3cf1dd5521f59d2cc120bfb7dfc56afe92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e8:6d:ca:33:c1:d1:65:de:0c:dd:da:06:3c:
                    d9:26:09:0a:6b:d8:4e:dc:84:40:f3:f6:59:08:a3:
                    a8:35:48:6f:15:ca:28:d7:d8:a6:b6:2c:ad:b0:22:
                    e5:64:bb:b4:66:2c:f1:34:6d:98:a9:b7:81:88:b7:
                    df:07:b2:6a:78:73:4c:06:9d:a7:76:d6:0a:c3:28:
                    5e:f4:c2:da:7a:70:2f:2e:8a:43:34:56:84:c0:83:
                    33:e6:d2:e4:a8:60:5a:83:bf:75:25:86:50:77:94:
                    34:0f:40:20:f3:aa:04:78:bb:69:bc:e2:13:ac:3f:
                    06:ea:a7:3d:db:a4:61:1e:46:a9:88:37:db:6f:42:
                    a9:69:c2:92:07:8a:f8:8f:c5:bd:f8:38:29:93:5d:
                    a8:9c:a7:2c:d1:3d:2a:53:13:25:71:51:19:63:f7:
                    06:66:69:93:52:2e:a9:4a:6c:62:29:2d:77:6e:fb:
                    57:5d:96:df:5b:71:f7:ce:b7:31:d3:94:9b:0d:1c:
                    cb:19:ae:8c:d3:a2:df:4f:2e:c7:21:df:6d:5a:fe:
                    c0:53:6b:51:4f:6b:1b:6b:62:d3:71:c8:5a:a2:3e:
                    8c:ba:be:d3:14:d8:5f:b8:f3:26:74:8c:7e:63:4c:
                    97:6e:12:9f:ff:7b:4d:17:80:c3:1b:ea:0f:44:a4:
                    85:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:FD:1F:3C:F1:DD:55:21:F5:9D:2C:C1:20:BF:B7:DF:C5:6A:FE:92
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/P_0fPPHdVSH1nSzBIL-338Vq_pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:05:d7:dc:30:39:92:7d:3b:c6:ea:74:4e:26:75:3f:ce:22:
         60:ba:11:b2:c6:9a:8f:9a:cc:09:7a:d7:0f:b8:db:ed:74:88:
         77:43:b8:ed:98:1e:5a:7a:d9:6b:0b:c0:d2:10:27:38:0a:9b:
         c4:e9:b0:c9:bf:ff:ca:47:6e:82:54:ff:ce:eb:f0:62:6f:37:
         73:12:43:b4:2d:fc:09:b8:b2:eb:d7:53:b7:28:30:a8:b7:a1:
         18:e2:f1:c7:e3:e9:1d:91:ec:e6:54:80:af:ed:1b:e2:76:3e:
         81:6d:35:be:df:ed:7c:4e:2c:c2:d1:20:4c:4d:2e:fc:0c:59:
         bf:08:5b:c5:a8:56:76:51:f6:12:12:9d:85:c8:3e:b4:b8:d2:
         d9:e1:94:28:81:ac:17:b7:86:e5:b4:87:6e:a8:e3:b0:50:7b:
         15:8e:ef:06:28:7c:09:f6:46:55:b0:57:cb:97:d1:f1:48:1f:
         78:fa:c0:1b:f9:24:95:67:ef:44:45:9c:bf:11:d7:dc:c1:41:
         f9:98:cc:fd:ba:ff:c2:a8:88:78:c9:41:63:39:ad:03:66:87:
         bf:43:8e:c2:45:56:9a:e0:b0:90:f9:d4:55:53:be:82:be:e4:
         1f:2f:58:76:09:83:53:b3:29:54:f8:3f:72:a4:10:f3:84:ca:
         c3:6b:00:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vE9YvdFFxwdIXd2k+SCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMTAxMDAxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmZkMWYzY2YxZGQ1NTIxZjU5ZDJjYzEyMGJmYjdkZmM1NmFmZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+htyjPB0WXeDN3aBjzZJgkKa9hO
3IRA8/ZZCKOoNUhvFcoo19imtiytsCLlZLu0ZizxNG2YqbeBiLffB7JqeHNMBp2n
dtYKwyhe9MLaenAvLopDNFaEwIMz5tLkqGBag791JYZQd5Q0D0Ag86oEeLtpvOIT
rD8G6qc926RhHkapiDfbb0KpacKSB4r4j8W9+Dgpk12onKcs0T0qUxMlcVEZY/cG
ZmmTUi6pSmxiKS13bvtXXZbfW3H3zrcx05SbDRzLGa6M06LfTy7HId9tWv7AU2tR
T2sba2LTcchaoj6Mur7TFNhfuPMmdIx+Y0yXbhKf/3tNF4DDG+oPRKSFbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/9Hzzx3VUh9Z0swSC/t9/Fav6SMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUF8wZlBQSGRWU0gxblN6QklMLTMzOFZxX3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufi4MA0G
CSqGSIb3DQEBCwUAA4IBAQCpBdfcMDmSfTvG6nROJnU/ziJguhGyxpqPmswJetcP
uNvtdIh3Q7jtmB5aetlrC8DSECc4CpvE6bDJv//KR26CVP/O6/BibzdzEkO0LfwJ
uLLr11O3KDCot6EY4vHH4+kdkezmVICv7Rvidj6BbTW+3+18TizC0SBMTS78DFm/
CFvFqFZ2UfYSEp2FyD60uNLZ4ZQogawXt4bltIduqOOwUHsVju8GKHwJ9kZVsFfL
l9HxSB94+sAb+SSVZ+9ERZy/EdfcwUH5mMz9uv/CqIh4yUFjOa0DZoe/Q47CRVaa
4LCQ+dRVU76CvuQfL1h2CYNTsylU+D9ypBDzhMrDawDV
-----END CERTIFICATE-----