This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/PFGIVa0BOcrYn7LDn1lpTGcFlyg.roa
File:                     PFGIVa0BOcrYn7LDn1lpTGcFlyg.roa (raw, json)
Hash identifier:          KajiJYew3aM31pMlayFlO34jp69DaxrhYFWYOe/gl/8=
Subject key identifier:   3C:51:88:55:AD:01:39:CA:D8:9F:B2:C3:9F:59:69:4C:67:05:97:28
Certificate issuer:       /CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
Certificate serial:       019B79113D6037D92A116C7950ABD3653D09
Authority key identifier: 96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/PFGIVa0BOcrYn7LDn1lpTGcFlyg.roa
Signing time:             Thu 01 Jan 2026 10:18:51 +0000
ROA not before:           Thu 01 Jan 2026 10:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213701
IP address blocks:        195.8.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:3d:60:37:d9:2a:11:6c:79:50:ab:d3:65:3d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
        Validity
            Not Before: Jan  1 10:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c518855ad0139cad89fb2c39f59694c67059728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9b:5a:09:35:96:89:e2:b3:56:09:9f:71:8f:
                    79:90:dd:96:26:6a:7f:0a:fd:d1:d1:51:87:ea:16:
                    47:81:fc:f0:20:06:59:d9:2a:7d:1d:4e:7e:44:e6:
                    6f:6b:f4:2d:21:1c:c6:55:58:6e:dc:38:a8:7e:40:
                    e4:85:75:12:11:78:47:ea:a4:33:e5:70:37:98:7b:
                    20:72:05:06:cf:66:b8:9e:20:03:60:8b:5c:b1:07:
                    b6:ee:3a:92:9d:dd:0e:35:36:6f:88:15:b7:f6:ac:
                    23:6c:32:cf:cb:3f:97:1a:0b:bd:f9:c2:9d:2f:52:
                    47:b2:ab:77:b0:1d:aa:3e:82:b8:13:f6:27:77:b8:
                    69:3c:3b:50:de:68:9d:c5:08:22:1b:6a:56:17:c8:
                    d3:94:fe:6a:de:e3:33:e3:42:d2:b5:ad:2e:54:6b:
                    aa:ea:ca:c8:c5:48:8b:20:1e:d9:3a:f8:42:ab:ce:
                    38:c4:f7:cb:3b:11:4f:0f:67:1c:5e:50:19:33:73:
                    67:5b:1c:53:0e:72:99:0d:ef:ce:d6:31:fb:e2:c5:
                    b9:25:4d:2a:c9:24:cd:59:3e:68:02:d1:30:bf:92:
                    7d:3a:ef:46:10:fd:c5:97:56:96:64:33:42:e4:07:
                    a4:bb:be:cc:30:a3:b1:b7:01:56:d8:97:dc:5f:56:
                    ed:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:51:88:55:AD:01:39:CA:D8:9F:B2:C3:9F:59:69:4C:67:05:97:28
            X509v3 Authority Key Identifier:
                keyid:96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/PFGIVa0BOcrYn7LDn1lpTGcFlyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:7a:13:ac:71:97:f6:9c:f3:39:7e:c1:ab:a9:29:11:5b:c4:
         54:48:a5:5f:56:f2:e6:20:37:ec:2b:21:b1:9b:fe:9a:b4:6c:
         7e:01:10:6e:de:51:e8:38:f1:f2:ec:a5:27:91:70:53:4c:ec:
         cc:ff:2b:f4:ab:b8:dc:27:4a:03:e6:b2:09:5d:4b:1a:73:b0:
         fd:50:c8:f1:1a:54:b3:7d:69:c9:a5:c0:1e:65:12:56:ab:77:
         e4:01:39:8f:13:8d:1c:7d:96:cb:6a:c8:80:12:c3:74:6e:97:
         43:cd:81:80:23:55:2e:82:83:e0:3c:89:0a:95:cc:f0:11:fb:
         aa:2e:cf:21:2f:82:0d:85:38:6a:a1:f1:a6:44:ed:d0:05:ae:
         8b:8b:66:ed:91:80:a7:f0:94:78:a6:fc:55:7d:d7:74:0c:af:
         5b:ac:32:8b:44:bb:f0:de:90:45:a7:32:d2:ea:14:c8:ba:1a:
         b5:26:97:f5:b3:24:ea:ae:39:b2:04:f2:66:5f:38:5a:8a:39:
         90:29:95:51:3e:b1:39:a5:5c:fe:90:1a:47:4e:32:8e:61:6a:
         17:b8:e1:8c:ba:68:2c:e1:66:1a:df:fa:8f:00:ff:a3:d4:2d:
         d0:75:9c:9b:06:5a:9f:fc:e0:eb:8c:66:38:ed:93:d2:f3:19:
         bf:23:ce:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ET1gN9kqEWx5UKvTZT0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ODFmYzhjNzMzN2M2YTFkMjBiODQ4MDBkZjg2MmEyN2U1
ZmRiZDcwHhcNMjYwMTAxMTAxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzUxODg1NWFkMDEzOWNhZDg5ZmIyYzM5ZjU5Njk0YzY3MDU5NzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5taCTWWieKzVgmfcY95kN2WJmp/
Cv3R0VGH6hZHgfzwIAZZ2Sp9HU5+ROZva/QtIRzGVVhu3DiofkDkhXUSEXhH6qQz
5XA3mHsgcgUGz2a4niADYItcsQe27jqSnd0ONTZviBW39qwjbDLPyz+XGgu9+cKd
L1JHsqt3sB2qPoK4E/Ynd7hpPDtQ3midxQgiG2pWF8jTlP5q3uMz40LSta0uVGuq
6srIxUiLIB7ZOvhCq844xPfLOxFPD2ccXlAZM3NnWxxTDnKZDe/O1jH74sW5JU0q
ySTNWT5oAtEwv5J9Ou9GEP3Fl1aWZDNC5Aeku77MMKOxtwFW2JfcX1bt/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxRiFWtATnK2J+yw59ZaUxnBZcoMB8GA1UdIwQY
MBaAFJaB/IxzN8ah0guEgA34YqJ+X9vXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzIt
NTNkOTYwOTlkN2IxLzEvUEZHSVZhMEJPY3JZbjdMRG4xbHBUR2NGbHlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzItNTNkOTYwOTlkN2Ix
LzEvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwhiMA0G
CSqGSIb3DQEBCwUAA4IBAQArehOscZf2nPM5fsGrqSkRW8RUSKVfVvLmIDfsKyGx
m/6atGx+ARBu3lHoOPHy7KUnkXBTTOzM/yv0q7jcJ0oD5rIJXUsac7D9UMjxGlSz
fWnJpcAeZRJWq3fkATmPE40cfZbLasiAEsN0bpdDzYGAI1UugoPgPIkKlczwEfuq
Ls8hL4INhThqofGmRO3QBa6Li2btkYCn8JR4pvxVfdd0DK9brDKLRLvw3pBFpzLS
6hTIuhq1Jpf1syTqrjmyBPJmXzhaijmQKZVRPrE5pVz+kBpHTjKOYWoXuOGMumgs
4WYa3/qPAP+j1C3QdZybBlqf/ODrjGY47ZPS8xm/I843
-----END CERTIFICATE-----