This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/P-cBT9GtfwAV2Rbt0kBltwGf42I.roa
File:                     P-cBT9GtfwAV2Rbt0kBltwGf42I.roa (raw, json)
Hash identifier:          sRPFuUPV4/Yh7kICP3uHlk73kVCyDpzxlUWN6hEeTyw=
Subject key identifier:   3F:E7:01:4F:D1:AD:7F:00:15:D9:16:ED:D2:40:65:B7:01:9F:E3:62
Certificate issuer:       /CN=d8679f95ca9b656b7ca221be6eb24f95e328b010
Certificate serial:       019BF12100149094C5AD0CC2881D8231BA8E
Authority key identifier: D8:67:9F:95:CA:9B:65:6B:7C:A2:21:BE:6E:B2:4F:95:E3:28:B0:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/P-cBT9GtfwAV2Rbt0kBltwGf42I.roa
Signing time:             Sat 24 Jan 2026 17:50:30 +0000
ROA not before:           Sat 24 Jan 2026 17:50:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213702
IP address blocks:        194.238.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f1:21:00:14:90:94:c5:ad:0c:c2:88:1d:82:31:ba:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8679f95ca9b656b7ca221be6eb24f95e328b010
        Validity
            Not Before: Jan 24 17:50:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fe7014fd1ad7f0015d916edd24065b7019fe362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e9:75:82:44:4c:e6:93:48:08:1a:b7:dd:7b:
                    87:d7:7a:b0:b9:d9:a9:df:dd:43:e2:6d:ed:ea:20:
                    90:ce:e2:fd:2f:33:e6:0e:c0:1e:e6:de:6d:5d:da:
                    97:7e:7e:e8:2a:ef:60:20:be:6f:82:ad:1d:f7:6c:
                    5e:82:11:d6:09:57:fc:e9:3e:bc:89:f2:c0:8c:9c:
                    e9:9f:07:fe:6c:aa:86:4d:83:77:1f:ab:12:37:5d:
                    d4:59:88:18:36:4e:45:dd:07:36:2c:3f:e3:4e:57:
                    ee:32:df:10:2d:41:9a:92:c9:f8:b4:8a:f3:b0:10:
                    7c:bf:6b:c5:a0:06:3e:02:01:c3:f2:50:f3:22:ef:
                    d2:6a:87:c3:09:f6:3a:85:1f:60:a9:ac:48:07:6c:
                    58:c4:7e:38:35:1c:5d:ed:7e:fb:a3:18:17:33:58:
                    1c:26:21:c6:3c:09:85:08:d5:c5:67:c4:2a:45:ec:
                    f3:c1:16:ad:29:2d:20:2b:a3:08:e8:d0:c8:57:88:
                    85:f7:89:20:11:23:f0:07:61:88:24:c4:9f:9e:02:
                    94:b7:3c:6e:92:e6:4f:ee:92:ea:ec:1f:3a:5d:1c:
                    26:1f:28:d1:35:ff:ec:20:7e:47:3f:bf:64:6d:df:
                    92:3b:ff:67:26:55:cf:c6:22:01:49:0b:c2:5e:f2:
                    7e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:E7:01:4F:D1:AD:7F:00:15:D9:16:ED:D2:40:65:B7:01:9F:E3:62
            X509v3 Authority Key Identifier:
                keyid:D8:67:9F:95:CA:9B:65:6B:7C:A2:21:BE:6E:B2:4F:95:E3:28:B0:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2GeflcqbZWt8oiG-brJPleMosBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/P-cBT9GtfwAV2Rbt0kBltwGf42I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c4d05f-10d5-4f8f-9a37-e5229ad5214e/1/2GeflcqbZWt8oiG-brJPleMosBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.238.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:23:fc:d8:6b:df:e2:d3:51:aa:e8:2e:9f:9c:61:a1:52:7e:
         f7:d9:e0:fe:17:73:0f:f9:51:9b:c1:ba:bb:b5:03:3a:4e:22:
         ff:91:80:fe:0e:a4:e7:65:3e:12:21:f5:15:dd:c9:6b:da:7f:
         80:cb:ff:a3:ec:6c:e2:e5:ce:2a:23:80:1c:38:a0:c3:35:1a:
         17:47:0a:22:74:84:cd:5a:57:f9:15:1c:b6:32:c7:f2:33:09:
         d1:35:f1:40:9f:60:e7:fa:06:86:3c:9b:ba:7b:57:9c:89:42:
         da:48:1a:f1:58:5a:bf:28:e3:e5:51:f5:01:c7:4a:6f:5f:d6:
         ca:5f:a7:68:0c:5d:a2:38:6f:f9:c3:1c:16:a8:f3:12:4b:e9:
         42:01:d7:f8:67:0a:68:9b:12:d7:22:fe:44:22:75:46:26:a6:
         a1:58:9d:2c:7f:e8:2e:4f:a8:0d:2a:dc:37:3c:e8:8f:0b:73:
         d1:c3:6f:09:6a:f3:63:ae:f2:c6:e2:84:13:11:91:ed:9d:7a:
         4b:88:c3:e8:74:42:4e:ab:5d:18:b0:c4:fb:9c:41:04:99:4b:
         3f:28:10:86:18:90:9e:3b:08:23:d8:bc:2b:cc:f4:a4:45:a1:
         d4:05:54:64:62:1d:c2:1e:8a:44:c6:13:74:e6:ca:26:13:dd:
         61:5c:d5:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvxIQAUkJTFrQzCiB2CMbqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Njc5Zjk1Y2E5YjY1NmI3Y2EyMjFiZTZlYjI0Zjk1ZTMy
OGIwMTAwHhcNMjYwMTI0MTc1MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmU3MDE0ZmQxYWQ3ZjAwMTVkOTE2ZWRkMjQwNjViNzAxOWZlMzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2el1gkRM5pNICBq33XuH13qwudmp
391D4m3t6iCQzuL9LzPmDsAe5t5tXdqXfn7oKu9gIL5vgq0d92xeghHWCVf86T68
ifLAjJzpnwf+bKqGTYN3H6sSN13UWYgYNk5F3Qc2LD/jTlfuMt8QLUGaksn4tIrz
sBB8v2vFoAY+AgHD8lDzIu/SaofDCfY6hR9gqaxIB2xYxH44NRxd7X77oxgXM1gc
JiHGPAmFCNXFZ8QqRezzwRatKS0gK6MI6NDIV4iF94kgESPwB2GIJMSfngKUtzxu
kuZP7pLq7B86XRwmHyjRNf/sIH5HP79kbd+SO/9nJlXPxiIBSQvCXvJ+ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/nAU/RrX8AFdkW7dJAZbcBn+NiMB8GA1UdIwQY
MBaAFNhnn5XKm2VrfKIhvm6yT5XjKLAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdlZmxjcWJaV3Q4b2lHLWJySlBsZU1vc0JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jNGQwNWYtMTBkNS00ZjhmLTlhMzct
ZTUyMjlhZDUyMTRlLzEvUC1jQlQ5R3Rmd0FWMlJidDBrQmx0d0dmNDJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jNGQwNWYtMTBkNS00ZjhmLTlhMzctZTUyMjlhZDUyMTRl
LzEvMkdlZmxjcWJaV3Q4b2lHLWJySlBsZU1vc0JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwu45MA0G
CSqGSIb3DQEBCwUAA4IBAQAMI/zYa9/i01Gq6C6fnGGhUn732eD+F3MP+VGbwbq7
tQM6TiL/kYD+DqTnZT4SIfUV3clr2n+Ay/+j7Gzi5c4qI4AcOKDDNRoXRwoidITN
Wlf5FRy2MsfyMwnRNfFAn2Dn+gaGPJu6e1eciULaSBrxWFq/KOPlUfUBx0pvX9bK
X6doDF2iOG/5wxwWqPMSS+lCAdf4ZwpomxLXIv5EInVGJqahWJ0sf+guT6gNKtw3
POiPC3PRw28JavNjrvLG4oQTEZHtnXpLiMPodEJOq10YsMT7nEEEmUs/KBCGGJCe
Owgj2LwrzPSkRaHUBVRkYh3CHopExhN05somE91hXNUl
-----END CERTIFICATE-----