This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/PCKbpUrsaDiKcyTcrby9C6-A1iY.roa
File:                     PCKbpUrsaDiKcyTcrby9C6-A1iY.roa (raw, json)
Hash identifier:          6o4LfU7KghzGs2owPl+zeQuXnOZtrVqoJ1WQ+lTrimg=
Subject key identifier:   3C:22:9B:A5:4A:EC:68:38:8A:73:24:DC:AD:BC:BD:0B:AF:80:D6:26
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019B7FF22AA5C6B9B16B778F97BF7580FF07
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/PCKbpUrsaDiKcyTcrby9C6-A1iY.roa
Signing time:             Fri 02 Jan 2026 18:22:15 +0000
ROA not before:           Fri 02 Jan 2026 18:22:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398478
IP address blocks:        222.167.192.0/21 maxlen: 24
                          222.167.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:2a:a5:c6:b9:b1:6b:77:8f:97:bf:75:80:ff:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Jan  2 18:22:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c229ba54aec68388a7324dcadbcbd0baf80d626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0d:39:db:e0:00:6d:25:1c:72:2d:d0:f2:d4:
                    3d:b0:47:f8:07:f3:87:17:79:9f:cb:6c:46:c6:88:
                    c3:c9:2b:1d:c0:0f:9d:d2:06:ae:62:c5:71:2b:cc:
                    e8:c8:42:42:c3:45:2c:6c:22:24:0a:8c:38:d1:1f:
                    9f:f6:71:13:9c:80:fe:71:97:74:68:e3:e4:19:0f:
                    f9:b4:61:39:85:f2:a5:4f:8a:c8:87:bc:e3:c9:03:
                    af:08:e8:c5:de:fd:5d:c5:b8:3c:d1:6b:5a:bf:bf:
                    43:41:06:1f:09:1f:92:72:84:0a:1a:68:41:99:a2:
                    6a:e8:3b:48:c5:e1:65:7c:97:e6:2b:9b:e4:cb:3a:
                    5f:8f:5f:15:85:9a:06:24:69:8d:57:d1:be:5c:0f:
                    45:91:50:66:b3:78:06:a1:a5:94:c0:3b:72:26:8b:
                    46:00:13:1c:05:6f:cc:68:eb:8d:39:b5:a2:88:c5:
                    26:6a:e5:27:f8:e2:c8:b7:52:0d:31:4a:5e:cf:f4:
                    88:71:ec:35:2f:d2:2f:54:19:d7:8a:7c:be:9b:04:
                    f2:2e:88:8f:ab:cf:c3:05:d8:3b:09:ef:04:e9:f8:
                    d9:58:02:4f:59:63:83:9e:cf:0d:95:db:b2:14:4b:
                    f5:c7:8f:33:3b:5c:25:49:52:6c:30:ef:12:b1:90:
                    7a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:22:9B:A5:4A:EC:68:38:8A:73:24:DC:AD:BC:BD:0B:AF:80:D6:26
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/PCKbpUrsaDiKcyTcrby9C6-A1iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.167.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         29:f9:d8:a7:5f:8f:d1:f7:1f:bb:94:e0:01:25:0f:a7:91:d3:
         55:92:04:3e:41:2e:78:87:8c:ba:4f:d5:98:71:6a:76:a2:10:
         a6:09:9b:7d:ca:f1:8a:9c:15:db:7c:95:20:05:9e:a6:85:8c:
         10:32:e9:bb:4e:70:f2:aa:dc:12:2d:45:b6:52:f4:87:99:87:
         e4:ac:00:da:57:6c:05:9c:bb:61:bd:c4:39:19:78:af:36:d4:
         c6:ac:fa:ab:a4:49:09:74:08:77:4a:c9:f0:a0:4f:b8:72:3d:
         b4:e1:f3:ab:df:08:a8:9c:ed:f5:41:c4:3a:21:31:0b:22:b7:
         c6:64:dc:63:60:0c:05:1f:91:45:b1:b4:e4:8c:e0:bf:f0:61:
         58:b0:55:f4:02:0b:99:42:4a:ba:03:1a:fd:be:8a:07:d8:94:
         8a:fd:59:69:fc:b2:dd:91:ea:6c:43:38:8c:17:af:9c:80:a6:
         c8:47:13:1a:44:06:51:91:c4:13:0c:3e:b3:7e:9e:1a:5b:08:
         fc:2a:41:e1:d1:b1:c5:97:f5:73:7a:83:d3:08:a7:0e:bd:df:
         6e:41:65:b3:80:22:98:a4:77:d0:a6:d9:cd:dc:86:38:cc:60:
         f2:3a:d9:95:d1:5a:65:48:7f:b1:a3:c1:69:9a:cd:6d:c3:57:
         d4:97:85:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8iqlxrmxa3ePl791gP8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMTAyMTgyMjE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzIyOWJhNTRhZWM2ODM4OGE3MzI0ZGNhZGJjYmQwYmFmODBkNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog052+AAbSUcci3Q8tQ9sEf4B/OH
F3mfy2xGxojDySsdwA+d0gauYsVxK8zoyEJCw0UsbCIkCow40R+f9nETnID+cZd0
aOPkGQ/5tGE5hfKlT4rIh7zjyQOvCOjF3v1dxbg80Wtav79DQQYfCR+ScoQKGmhB
maJq6DtIxeFlfJfmK5vkyzpfj18VhZoGJGmNV9G+XA9FkVBms3gGoaWUwDtyJotG
ABMcBW/MaOuNObWiiMUmauUn+OLIt1INMUpez/SIcew1L9IvVBnXiny+mwTyLoiP
q8/DBdg7Ce8E6fjZWAJPWWODns8NlduyFEv1x48zO1wlSVJsMO8SsZB63wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwim6VK7Gg4inMk3K28vQuvgNYmMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvUENLYnBVcnNhRGlLY3lUY3JieTlDNi1BMWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE3qfAMA0G
CSqGSIb3DQEBCwUAA4IBAQAp+dinX4/R9x+7lOABJQ+nkdNVkgQ+QS54h4y6T9WY
cWp2ohCmCZt9yvGKnBXbfJUgBZ6mhYwQMum7TnDyqtwSLUW2UvSHmYfkrADaV2wF
nLthvcQ5GXivNtTGrPqrpEkJdAh3SsnwoE+4cj204fOr3wionO31QcQ6ITELIrfG
ZNxjYAwFH5FFsbTkjOC/8GFYsFX0AguZQkq6Axr9vooH2JSK/Vlp/LLdkepsQziM
F6+cgKbIRxMaRAZRkcQTDD6zfp4aWwj8KkHh0bHFl/VzeoPTCKcOvd9uQWWzgCKY
pHfQptnN3IY4zGDyOtmV0VplSH+xo8Fpms1tw1fUl4Xo
-----END CERTIFICATE-----