This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/c1d425-de03-4ebe-b652-da34fcb7b942/1/puAauCowFLGfgpH2sTlBVHLWBTc.roa
File:                     puAauCowFLGfgpH2sTlBVHLWBTc.roa (raw, json)
Hash identifier:          0G+aE9T8CvclKyxOZpNXpaee8LqEvJEggHfWPPQiT5E=
Subject key identifier:   A6:E0:1A:B8:2A:30:14:B1:9F:82:91:F6:B1:39:41:54:72:D6:05:37
Certificate issuer:       /CN=1306c7878f7b3f5da0901dec7473aa2291556e72
Certificate serial:       019B7C7F2AEFBD69D2801BB4502D45BEFD99
Authority key identifier: 13:06:C7:87:8F:7B:3F:5D:A0:90:1D:EC:74:73:AA:22:91:55:6E:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EwbHh497P12gkB3sdHOqIpFVbnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/c1d425-de03-4ebe-b652-da34fcb7b942/1/puAauCowFLGfgpH2sTlBVHLWBTc.roa
Signing time:             Fri 02 Jan 2026 02:17:47 +0000
ROA not before:           Fri 02 Jan 2026 02:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     559
IP address blocks:        138.131.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/c1d425-de03-4ebe-b652-da34fcb7b942/1/EwbHh497P12gkB3sdHOqIpFVbnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/c1d425-de03-4ebe-b652-da34fcb7b942/1/EwbHh497P12gkB3sdHOqIpFVbnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EwbHh497P12gkB3sdHOqIpFVbnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:2a:ef:bd:69:d2:80:1b:b4:50:2d:45:be:fd:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1306c7878f7b3f5da0901dec7473aa2291556e72
        Validity
            Not Before: Jan  2 02:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6e01ab82a3014b19f8291f6b139415472d60537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:90:61:32:05:4a:c4:17:1f:1a:28:1a:cd:eb:
                    84:79:03:21:25:b7:2e:ea:a1:9f:d7:1e:9a:09:15:
                    81:b8:59:86:5c:1a:58:10:16:6a:62:85:23:17:9b:
                    4d:7b:25:c5:9c:02:dd:da:f4:3d:af:e6:b5:f7:3b:
                    c2:52:7e:c3:93:24:b5:db:52:d6:5b:17:54:78:8c:
                    18:15:2f:14:32:b9:61:4b:1a:5c:4a:b3:d4:45:3b:
                    90:56:9d:a9:8e:93:f1:2b:30:cc:0c:b8:22:51:38:
                    1c:8d:23:41:54:50:c9:7e:00:c5:9b:00:4a:26:fe:
                    b0:20:10:07:20:54:90:87:b0:a5:1b:15:65:e1:f6:
                    1a:e6:7a:10:4e:2d:8d:17:3e:6c:c7:27:75:d7:10:
                    85:aa:33:e6:0a:ea:85:28:09:48:18:d4:d4:86:c7:
                    92:c1:b3:c5:5d:37:c0:b0:1d:27:04:65:ad:c1:9d:
                    4f:27:7f:33:0c:15:c6:a4:a8:ad:21:7c:af:d8:e6:
                    d8:91:f7:d9:92:0a:4e:08:2a:1c:11:72:12:2b:34:
                    84:c1:39:d1:6f:05:d2:46:1d:36:ac:03:e8:44:a1:
                    aa:e4:73:d4:4d:e3:c1:6a:5e:c6:4a:2a:43:c1:b4:
                    f3:c2:8a:93:4f:62:07:1f:76:9d:8d:a2:38:0f:2e:
                    0d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E0:1A:B8:2A:30:14:B1:9F:82:91:F6:B1:39:41:54:72:D6:05:37
            X509v3 Authority Key Identifier:
                keyid:13:06:C7:87:8F:7B:3F:5D:A0:90:1D:EC:74:73:AA:22:91:55:6E:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EwbHh497P12gkB3sdHOqIpFVbnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c1d425-de03-4ebe-b652-da34fcb7b942/1/puAauCowFLGfgpH2sTlBVHLWBTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c1d425-de03-4ebe-b652-da34fcb7b942/1/EwbHh497P12gkB3sdHOqIpFVbnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         93:6c:29:32:67:89:9c:8f:1f:72:22:54:be:cb:bd:4a:9a:85:
         b2:26:8a:e2:43:e6:b5:ff:08:a1:de:5a:46:0c:ac:ac:9c:84:
         bf:c9:57:bc:d7:69:42:d3:87:b1:7a:81:7e:a0:f4:b5:8b:48:
         9c:a2:5f:c5:f7:aa:2e:75:33:fb:cb:42:93:bb:f5:11:84:b0:
         9a:b6:dd:04:5f:7b:5d:e6:ee:d2:46:0c:24:5d:2c:01:85:21:
         70:00:bc:17:46:7d:ba:9e:0f:22:a1:5a:80:6b:d2:7f:e9:9e:
         5a:8e:8e:52:eb:fd:b9:ef:f5:e0:9d:f7:ce:9f:8a:58:82:56:
         f0:21:c4:47:f9:21:78:d5:47:ed:da:e1:14:a8:5b:01:e2:27:
         c6:05:0c:10:03:0c:c6:35:66:ae:d1:f2:61:42:ee:77:a7:4c:
         7e:58:f2:64:b2:03:69:9a:4d:c7:6a:8b:1e:72:85:cc:b3:05:
         63:bd:75:fb:06:52:3b:e2:fc:fc:e3:46:a1:64:35:c7:56:3f:
         31:c6:09:24:4e:c7:54:64:fc:1e:41:90:f7:95:bd:88:da:79:
         72:e3:a0:f9:b8:5a:35:14:d8:30:67:22:66:2f:6a:8a:79:3f:
         6c:ea:29:f6:01:d7:3a:10:b7:27:af:62:b3:10:a3:7b:e2:03:
         5d:d8:d8:d2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt8fyrvvWnSgBu0UC1Fvv2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMDZjNzg3OGY3YjNmNWRhMDkwMWRlYzc0NzNhYTIyOTE1
NTZlNzIwHhcNMjYwMTAyMDIxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmUwMWFiODJhMzAxNGIxOWY4MjkxZjZiMTM5NDE1NDcyZDYwNTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZBhMgVKxBcfGigazeuEeQMhJbcu
6qGf1x6aCRWBuFmGXBpYEBZqYoUjF5tNeyXFnALd2vQ9r+a19zvCUn7DkyS121LW
WxdUeIwYFS8UMrlhSxpcSrPURTuQVp2pjpPxKzDMDLgiUTgcjSNBVFDJfgDFmwBK
Jv6wIBAHIFSQh7ClGxVl4fYa5noQTi2NFz5sxyd11xCFqjPmCuqFKAlIGNTUhseS
wbPFXTfAsB0nBGWtwZ1PJ38zDBXGpKitIXyv2ObYkffZkgpOCCocEXISKzSEwTnR
bwXSRh02rAPoRKGq5HPUTePBal7GSipDwbTzwoqTT2IHH3adjaI4Dy4NMwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKbgGrgqMBSxn4KR9rE5QVRy1gU3MB8GA1UdIwQY
MBaAFBMGx4ePez9doJAd7HRzqiKRVW5yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXdiSGg0OTdQMTJna0Izc2RIT3FJcEZWYm5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jMWQ0MjUtZGUwMy00ZWJlLWI2NTIt
ZGEzNGZjYjdiOTQyLzEvcHVBYXVDb3dGTEdmZ3BIMnNUbEJWSExXQlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jMWQ0MjUtZGUwMy00ZWJlLWI2NTItZGEzNGZjYjdiOTQy
LzEvRXdiSGg0OTdQMTJna0Izc2RIT3FJcEZWYm5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAioMwDQYJ
KoZIhvcNAQELBQADggEBAJNsKTJniZyPH3IiVL7LvUqahbImiuJD5rX/CKHeWkYM
rKychL/JV7zXaULTh7F6gX6g9LWLSJyiX8X3qi51M/vLQpO79RGEsJq23QRfe13m
7tJGDCRdLAGFIXAAvBdGfbqeDyKhWoBr0n/pnlqOjlLr/bnv9eCd986filiCVvAh
xEf5IXjVR+3a4RSoWwHiJ8YFDBADDMY1Zq7R8mFC7nenTH5Y8mSyA2maTcdqix5y
hcyzBWO9dfsGUjvi/PzjRqFkNcdWPzHGCSROx1Rk/B5BkPeVvYjaeXLjoPm4WjUU
2DBnImYvaop5P2zqKfYB1zoQtyevYrMQo3viA13Y2NI=
-----END CERTIFICATE-----