This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/P1pi-fzHu11nz54MgyJAbBSwILI.roa
File:                     P1pi-fzHu11nz54MgyJAbBSwILI.roa (raw, json)
Hash identifier:          UTJfTUyPTVBn82h248K6mdRAAGmP9nekxHQ3ON0RaUA=
Subject key identifier:   3F:5A:62:F9:FC:C7:BB:5D:67:CF:9E:0C:83:22:40:6C:14:B0:20:B2
Certificate issuer:       /CN=b209308540c4df9b9bb7d6327fa7b5d49008068c
Certificate serial:       019B797F4834895D55CED9EF0DEDE9B8AEF7
Authority key identifier: B2:09:30:85:40:C4:DF:9B:9B:B7:D6:32:7F:A7:B5:D4:90:08:06:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/P1pi-fzHu11nz54MgyJAbBSwILI.roa
Signing time:             Thu 01 Jan 2026 12:19:03 +0000
ROA not before:           Thu 01 Jan 2026 12:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        45.158.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:48:34:89:5d:55:ce:d9:ef:0d:ed:e9:b8:ae:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b209308540c4df9b9bb7d6327fa7b5d49008068c
        Validity
            Not Before: Jan  1 12:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f5a62f9fcc7bb5d67cf9e0c8322406c14b020b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9c:95:86:2d:97:be:a0:a8:67:53:6d:b3:7c:
                    87:a7:d5:c9:79:fc:18:f9:91:8e:d4:66:3a:7a:56:
                    1a:c8:b3:1f:dc:d5:73:6f:d5:b0:23:20:47:8a:02:
                    06:cf:9c:77:f8:6a:dc:76:f4:9b:88:5b:4e:04:07:
                    76:ee:88:29:94:2d:fa:f4:0b:31:60:18:23:19:cb:
                    a0:34:9f:3c:c7:9f:25:4f:7a:45:2c:26:99:b3:90:
                    e2:d3:f4:30:c7:f4:ce:2e:97:ec:cd:ba:e4:58:9d:
                    9a:18:6e:f2:76:60:5e:7e:8b:a7:0a:01:82:e4:52:
                    8e:46:d4:be:28:9d:db:1c:35:89:a2:c3:31:89:b8:
                    ef:91:ac:ff:b6:68:dc:29:2b:7d:13:e0:b7:54:bf:
                    73:00:5c:b4:1e:3b:3a:35:c6:5b:1f:ae:42:f6:c4:
                    79:a4:39:63:6e:6b:b7:75:3e:8e:ee:02:3b:8a:2d:
                    92:e7:45:81:2e:e5:ab:8f:bb:69:c0:7e:99:60:e5:
                    f8:59:d4:0c:69:15:df:f0:3b:97:e7:1b:8c:3d:62:
                    7c:57:2e:0d:84:a2:60:33:85:44:38:5d:bd:28:63:
                    7d:8d:96:af:18:28:34:cc:23:32:73:9f:28:3c:56:
                    ff:61:cc:85:71:a8:5f:85:5e:6e:7f:19:31:16:d4:
                    f1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5A:62:F9:FC:C7:BB:5D:67:CF:9E:0C:83:22:40:6C:14:B0:20:B2
            X509v3 Authority Key Identifier:
                keyid:B2:09:30:85:40:C4:DF:9B:9B:B7:D6:32:7F:A7:B5:D4:90:08:06:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/P1pi-fzHu11nz54MgyJAbBSwILI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:65:da:3f:4b:6b:0a:e1:92:26:5d:79:28:a4:e9:9f:b6:53:
         9d:7c:e0:8d:c5:c9:46:72:37:13:99:f6:ff:17:d0:34:15:2d:
         0e:84:6d:8b:b8:56:d6:9e:db:c0:64:95:5e:37:5b:a2:3a:5b:
         a9:39:ae:14:e9:d6:cd:c3:4c:0a:a6:b7:5b:ca:67:e1:b9:df:
         c8:95:bf:a8:46:44:a3:66:7f:e9:1f:37:f5:cf:39:77:5a:d6:
         eb:b0:f9:22:76:38:06:a2:b6:b4:87:f4:0b:6a:23:cc:82:8d:
         dd:13:b5:1c:03:39:47:b3:8e:b7:82:0e:82:3f:27:29:2b:f4:
         ae:7f:11:fc:30:01:f8:c8:c1:30:06:58:73:a6:69:72:b0:fd:
         e8:a0:93:38:ab:bb:5c:b9:f3:fc:01:99:d6:27:ad:90:91:62:
         2d:0e:a2:9b:6e:c0:64:9a:e8:02:e4:ac:fd:52:3b:a7:49:0e:
         48:59:d1:77:36:c3:ec:a9:87:a4:f7:30:1c:5a:4e:a2:85:81:
         90:f4:e5:e7:40:b5:f3:39:66:7f:bb:37:e2:22:93:52:c6:7a:
         d2:ab:30:1c:8b:d2:89:73:56:45:e1:41:90:6d:83:db:0b:d8:
         64:fd:dc:d1:b8:50:b5:df:2e:50:06:53:7a:80:d5:39:8e:99:
         78:ca:20:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5f0g0iV1VztnvDe3puK73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMDkzMDg1NDBjNGRmOWI5YmI3ZDYzMjdmYTdiNWQ0OTAw
ODA2OGMwHhcNMjYwMTAxMTIxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjVhNjJmOWZjYzdiYjVkNjdjZjllMGM4MzIyNDA2YzE0YjAyMGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5yVhi2XvqCoZ1Nts3yHp9XJefwY
+ZGO1GY6elYayLMf3NVzb9WwIyBHigIGz5x3+GrcdvSbiFtOBAd27ogplC369Asx
YBgjGcugNJ88x58lT3pFLCaZs5Di0/Qwx/TOLpfszbrkWJ2aGG7ydmBefounCgGC
5FKORtS+KJ3bHDWJosMxibjvkaz/tmjcKSt9E+C3VL9zAFy0Hjs6NcZbH65C9sR5
pDljbmu3dT6O7gI7ii2S50WBLuWrj7tpwH6ZYOX4WdQMaRXf8DuX5xuMPWJ8Vy4N
hKJgM4VEOF29KGN9jZavGCg0zCMyc58oPFb/YcyFcahfhV5ufxkxFtTxJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9aYvn8x7tdZ8+eDIMiQGwUsCCyMB8GA1UdIwQY
MBaAFLIJMIVAxN+bm7fWMn+ntdSQCAaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2drd2hVREUzNXVidDlZeWY2ZTExSkFJQm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84ODBlYjItZmE2NS00N2NhLThhMDAt
NjQ4MGMzZDFmNGU0LzEvUDFwaS1mekh1MTFuejU0TWd5SkFiQlN3SUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84ODBlYjItZmE2NS00N2NhLThhMDAtNjQ4MGMzZDFmNGU0
LzEvc2drd2hVREUzNXVidDlZeWY2ZTExSkFJQm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ7YMA0G
CSqGSIb3DQEBCwUAA4IBAQB/Zdo/S2sK4ZImXXkopOmftlOdfOCNxclGcjcTmfb/
F9A0FS0OhG2LuFbWntvAZJVeN1uiOlupOa4U6dbNw0wKprdbymfhud/Ilb+oRkSj
Zn/pHzf1zzl3WtbrsPkidjgGora0h/QLaiPMgo3dE7UcAzlHs463gg6CPycpK/Su
fxH8MAH4yMEwBlhzpmlysP3ooJM4q7tcufP8AZnWJ62QkWItDqKbbsBkmugC5Kz9
UjunSQ5IWdF3NsPsqYek9zAcWk6ihYGQ9OXnQLXzOWZ/uzfiIpNSxnrSqzAci9KJ
c1ZF4UGQbYPbC9hk/dzRuFC13y5QBlN6gNU5jpl4yiAJ
-----END CERTIFICATE-----