This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/PnmMPjc4F5uoJXYfqJ1sZSQuC6I.roa
File:                     PnmMPjc4F5uoJXYfqJ1sZSQuC6I.roa (raw, json)
Hash identifier:          /5mkx4+jtWUqD/pZZ8CzGZwV8K0K77VUycNPiYZySbQ=
Subject key identifier:   3E:79:8C:3E:37:38:17:9B:A8:25:76:1F:A8:9D:6C:65:24:2E:0B:A2
Certificate issuer:       /CN=17ffee25052c0aabf6cb371e3f2e076f44fc1c3c
Certificate serial:       019B77587C46018864C46186EBC387EB5767
Authority key identifier: 17:FF:EE:25:05:2C:0A:AB:F6:CB:37:1E:3F:2E:07:6F:44:FC:1C:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F__uJQUsCqv2yzcePy4Hb0T8HDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/PnmMPjc4F5uoJXYfqJ1sZSQuC6I.roa
Signing time:             Thu 01 Jan 2026 02:17:26 +0000
ROA not before:           Thu 01 Jan 2026 02:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199513
IP address blocks:        194.102.62.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/F__uJQUsCqv2yzcePy4Hb0T8HDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/F__uJQUsCqv2yzcePy4Hb0T8HDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F__uJQUsCqv2yzcePy4Hb0T8HDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:7c:46:01:88:64:c4:61:86:eb:c3:87:eb:57:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17ffee25052c0aabf6cb371e3f2e076f44fc1c3c
        Validity
            Not Before: Jan  1 02:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e798c3e3738179ba825761fa89d6c65242e0ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ff:30:ec:df:fe:39:3f:f2:7b:59:b3:88:6e:
                    36:83:eb:2b:86:6b:63:d8:7b:da:98:61:c3:e2:da:
                    9e:d3:5c:d8:e5:19:ec:69:c4:b5:0c:e8:89:c6:ba:
                    ff:6e:71:1c:88:71:07:b5:52:7a:7e:86:63:89:de:
                    02:3d:de:99:70:40:6d:ad:32:26:03:f4:99:5a:d8:
                    29:b5:48:74:b9:0b:9f:7e:8c:8f:7f:a9:11:c2:a7:
                    d2:d2:01:be:19:b4:2f:e4:87:b3:64:af:41:53:71:
                    3b:05:76:72:dd:fe:72:d6:31:16:c7:ba:5d:2e:5f:
                    81:19:ec:d5:4b:00:28:1c:98:e3:34:f6:e8:2a:63:
                    1f:2e:39:34:27:38:c4:3a:44:fe:c2:9c:71:76:47:
                    b9:52:5e:37:36:5a:04:b8:6c:93:c2:5a:8a:4a:30:
                    51:59:41:ba:6b:d6:d6:b6:8d:eb:78:84:9d:9c:80:
                    cb:3b:d2:12:50:0f:12:95:2c:1b:e5:6f:37:a4:97:
                    17:fd:88:27:75:aa:a6:18:dd:ff:06:e2:af:4a:89:
                    7d:ed:4e:b5:8c:05:4b:dd:e4:64:30:17:4e:ca:53:
                    c6:65:8b:ae:e3:0e:15:77:93:72:0f:96:94:8b:6f:
                    b7:ff:de:89:b1:d8:c7:58:2a:05:60:04:3b:aa:82:
                    ee:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:79:8C:3E:37:38:17:9B:A8:25:76:1F:A8:9D:6C:65:24:2E:0B:A2
            X509v3 Authority Key Identifier:
                keyid:17:FF:EE:25:05:2C:0A:AB:F6:CB:37:1E:3F:2E:07:6F:44:FC:1C:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F__uJQUsCqv2yzcePy4Hb0T8HDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/PnmMPjc4F5uoJXYfqJ1sZSQuC6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/F__uJQUsCqv2yzcePy4Hb0T8HDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:0c:13:34:fd:12:c1:f7:ba:39:29:08:32:ad:ce:54:e5:13:
         f7:1e:67:3f:83:d6:a4:c3:a1:f4:6e:36:58:f2:80:d5:bc:44:
         59:f7:0a:7d:ba:13:86:e0:52:bf:98:4f:f2:34:76:b8:e2:39:
         b3:92:1d:86:20:18:47:2a:7f:94:75:30:91:9f:f3:4b:12:e3:
         cf:8c:c2:22:91:33:68:c7:70:55:b6:c3:30:9c:51:c7:c0:be:
         af:0b:cc:eb:4e:2c:df:80:ee:4b:c9:1a:2a:25:1e:5f:33:ec:
         49:d9:0d:98:24:72:40:06:74:0d:bd:47:ba:26:56:f2:ed:20:
         af:07:f2:14:dc:ac:7d:73:fc:4a:a1:ec:fc:25:3b:1c:d2:1f:
         3c:9e:f6:f6:3d:06:c2:26:76:eb:8e:b8:cf:b9:bb:dc:e7:76:
         06:4c:c8:99:d6:67:9c:57:26:38:c3:26:f4:f5:43:3f:94:67:
         52:6e:4f:af:69:55:47:45:53:35:7d:38:e4:bf:f0:d3:3e:f9:
         d0:ce:89:25:fc:53:5d:30:30:5a:f8:b1:7f:f0:c7:21:89:e5:
         d5:be:71:42:90:63:54:a9:77:d5:24:97:7e:a2:63:f8:e3:80:
         9b:11:8f:34:70:5b:8b:dd:70:36:e0:7a:b6:f7:66:c9:f0:62:
         15:8b:0d:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WHxGAYhkxGGG68OH61dnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZmZlZTI1MDUyYzBhYWJmNmNiMzcxZTNmMmUwNzZmNDRm
YzFjM2MwHhcNMjYwMTAxMDIxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc5OGMzZTM3MzgxNzliYTgyNTc2MWZhODlkNmM2NTI0MmUwYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/8w7N/+OT/ye1mziG42g+srhmtj
2HvamGHD4tqe01zY5RnsacS1DOiJxrr/bnEciHEHtVJ6foZjid4CPd6ZcEBtrTIm
A/SZWtgptUh0uQuffoyPf6kRwqfS0gG+GbQv5IezZK9BU3E7BXZy3f5y1jEWx7pd
Ll+BGezVSwAoHJjjNPboKmMfLjk0JzjEOkT+wpxxdke5Ul43NloEuGyTwlqKSjBR
WUG6a9bWto3reISdnIDLO9ISUA8SlSwb5W83pJcX/YgndaqmGN3/BuKvSol97U61
jAVL3eRkMBdOylPGZYuu4w4Vd5NyD5aUi2+3/96JsdjHWCoFYAQ7qoLukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD55jD43OBebqCV2H6idbGUkLguiMB8GA1UdIwQY
MBaAFBf/7iUFLAqr9ss3Hj8uB29E/Bw8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRl9fdUpRVXNDcXYyeXpjZVB5NEhiMFQ4SER3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8wNDUyMjItNWFjZS00ZTdlLTk1YjIt
YTJlODgwZmQ1ODUwLzEvUG5tTVBqYzRGNXVvSlhZZnFKMXNaU1F1QzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8wNDUyMjItNWFjZS00ZTdlLTk1YjItYTJlODgwZmQ1ODUw
LzEvRl9fdUpRVXNDcXYyeXpjZVB5NEhiMFQ4SER3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmY+MA0G
CSqGSIb3DQEBCwUAA4IBAQCCDBM0/RLB97o5KQgyrc5U5RP3Hmc/g9akw6H0bjZY
8oDVvERZ9wp9uhOG4FK/mE/yNHa44jmzkh2GIBhHKn+UdTCRn/NLEuPPjMIikTNo
x3BVtsMwnFHHwL6vC8zrTizfgO5LyRoqJR5fM+xJ2Q2YJHJABnQNvUe6Jlby7SCv
B/IU3Kx9c/xKoez8JTsc0h88nvb2PQbCJnbrjrjPubvc53YGTMiZ1mecVyY4wyb0
9UM/lGdSbk+vaVVHRVM1fTjkv/DTPvnQzokl/FNdMDBa+LF/8MchieXVvnFCkGNU
qXfVJJd+omP444CbEY80cFuL3XA24Hq292bJ8GIViw23
-----END CERTIFICATE-----