This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/PHmeAWFFkKXBgymR37GK6QvhrCY.roa
File:                     PHmeAWFFkKXBgymR37GK6QvhrCY.roa (raw, json)
Hash identifier:          /Zgxh895ZAIwexVdKt7yfvsXzhRHS6wWMCxO8hY8aNA=
Subject key identifier:   3C:79:9E:01:61:45:90:A5:C1:83:29:91:DF:B1:8A:E9:0B:E1:AC:26
Certificate issuer:       /CN=d79785de62dcf9e7930babd7b1d39c5853d1944f
Certificate serial:       019B7DCA3B006D05F6BE0CC8B1C2AEF8BC4E
Authority key identifier: D7:97:85:DE:62:DC:F9:E7:93:0B:AB:D7:B1:D3:9C:58:53:D1:94:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/PHmeAWFFkKXBgymR37GK6QvhrCY.roa
Signing time:             Fri 02 Jan 2026 08:19:23 +0000
ROA not before:           Fri 02 Jan 2026 08:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212689
IP address blocks:        37.10.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/15eF3mLc-eeTC6vXsdOcWFPRlE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/15eF3mLc-eeTC6vXsdOcWFPRlE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:3b:00:6d:05:f6:be:0c:c8:b1:c2:ae:f8:bc:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79785de62dcf9e7930babd7b1d39c5853d1944f
        Validity
            Not Before: Jan  2 08:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c799e01614590a5c1832991dfb18ae90be1ac26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f7:d4:76:c0:b1:f6:b1:b1:a4:6f:37:05:8f:
                    0a:8e:5e:66:37:b3:0b:23:aa:aa:72:59:a9:ed:22:
                    1b:21:bb:1e:e8:f4:e4:73:06:83:2d:0c:8b:86:83:
                    7e:07:e4:53:a2:16:df:79:ed:48:76:13:3d:73:15:
                    89:ea:68:b8:13:1f:e9:e1:43:9e:ca:74:75:de:68:
                    ba:54:0a:35:83:40:fb:2d:b3:f9:53:a3:a7:64:53:
                    f0:26:3a:ab:92:1a:7f:28:e7:21:5a:5c:26:5c:34:
                    4c:b9:29:5e:6a:14:45:4e:dd:ae:40:9d:99:29:d0:
                    46:a7:91:08:4f:b8:ca:12:12:ed:2b:4c:15:2e:4c:
                    35:41:c5:f3:e9:8e:cc:d6:49:f8:3a:72:d4:54:96:
                    15:15:66:7b:77:9c:75:a4:f2:06:66:7e:6a:20:d5:
                    bf:aa:36:99:e5:c5:58:d0:a5:09:06:7a:c8:9a:1b:
                    b7:ad:3d:fe:2b:32:90:06:23:0b:56:75:a1:94:a0:
                    c8:ae:39:19:97:97:7f:22:b3:c9:76:da:d7:c8:de:
                    bd:f1:9d:2a:62:c0:a7:3f:c5:7c:83:c1:c1:38:cc:
                    33:9c:8a:79:fb:a4:6b:2e:4b:26:82:ce:49:cf:a5:
                    bd:cf:33:e4:be:dd:95:32:ec:cb:1f:e2:18:32:40:
                    b5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:79:9E:01:61:45:90:A5:C1:83:29:91:DF:B1:8A:E9:0B:E1:AC:26
            X509v3 Authority Key Identifier:
                keyid:D7:97:85:DE:62:DC:F9:E7:93:0B:AB:D7:B1:D3:9C:58:53:D1:94:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/PHmeAWFFkKXBgymR37GK6QvhrCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/15eF3mLc-eeTC6vXsdOcWFPRlE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:6b:62:3f:3a:a7:45:cf:d1:f4:f0:8f:15:77:d8:35:90:75:
         a4:1a:30:bf:b6:06:87:c0:1b:29:e9:67:a6:8a:72:35:a4:c2:
         56:b9:70:ce:9f:10:08:58:ef:bd:25:56:4f:b5:8e:fd:55:72:
         0b:69:6a:86:1d:6b:f4:4e:6b:f3:33:0c:c2:e2:f8:00:87:bc:
         1f:fa:56:b9:04:91:24:12:58:59:2a:fc:64:1e:4c:5c:9b:71:
         17:28:05:bb:22:b4:fc:72:67:79:7c:71:7d:79:ff:47:32:e2:
         c6:17:a0:79:7b:6a:a4:31:c3:be:7c:2d:e6:fa:78:7e:32:92:
         9f:ce:51:34:51:32:10:17:4c:3f:32:9e:30:0d:99:ab:e5:0c:
         d6:aa:90:fe:43:14:dc:5c:18:6f:c8:5c:6a:b6:20:57:8d:81:
         48:d0:ea:d3:76:63:cb:9e:81:dc:23:fa:40:ab:fe:14:1c:c6:
         dd:6b:87:eb:92:10:9a:96:a3:35:77:b7:d1:e5:de:59:43:e4:
         fe:c3:a0:d7:f0:6d:b4:9d:04:de:4a:77:58:d7:53:8f:b0:34:
         a9:ff:6f:4d:b1:a5:15:54:42:01:cf:f5:8d:2e:d3:9f:09:35:
         d0:52:6f:5d:4b:aa:18:29:8d:32:85:26:8b:eb:ac:6e:66:b4:
         c0:77:1c:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yjsAbQX2vgzIscKu+LxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OTc4NWRlNjJkY2Y5ZTc5MzBiYWJkN2IxZDM5YzU4NTNk
MTk0NGYwHhcNMjYwMTAyMDgxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzc5OWUwMTYxNDU5MGE1YzE4MzI5OTFkZmIxOGFlOTBiZTFhYzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPfUdsCx9rGxpG83BY8Kjl5mN7ML
I6qqclmp7SIbIbse6PTkcwaDLQyLhoN+B+RTohbfee1IdhM9cxWJ6mi4Ex/p4UOe
ynR13mi6VAo1g0D7LbP5U6OnZFPwJjqrkhp/KOchWlwmXDRMuSleahRFTt2uQJ2Z
KdBGp5EIT7jKEhLtK0wVLkw1QcXz6Y7M1kn4OnLUVJYVFWZ7d5x1pPIGZn5qINW/
qjaZ5cVY0KUJBnrImhu3rT3+KzKQBiMLVnWhlKDIrjkZl5d/IrPJdtrXyN698Z0q
YsCnP8V8g8HBOMwznIp5+6RrLksmgs5Jz6W9zzPkvt2VMuzLH+IYMkC1OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx5ngFhRZClwYMpkd+xiukL4awmMB8GA1UdIwQY
MBaAFNeXhd5i3Pnnkwur17HTnFhT0ZRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTVlRjNtTGMtZWVUQzZ2WHNkT2NXRlBSbEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi83Zjk3MjgtOTU1OS00MjYzLWJjZmEt
NzU4NTVkYjcxNTFmLzEvUEhtZUFXRkZrS1hCZ3ltUjM3R0s2UXZockNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi83Zjk3MjgtOTU1OS00MjYzLWJjZmEtNzU4NTVkYjcxNTFm
LzEvMTVlRjNtTGMtZWVUQzZ2WHNkT2NXRlBSbEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJQoIMA0G
CSqGSIb3DQEBCwUAA4IBAQAUa2I/OqdFz9H08I8Vd9g1kHWkGjC/tgaHwBsp6Wem
inI1pMJWuXDOnxAIWO+9JVZPtY79VXILaWqGHWv0TmvzMwzC4vgAh7wf+la5BJEk
ElhZKvxkHkxcm3EXKAW7IrT8cmd5fHF9ef9HMuLGF6B5e2qkMcO+fC3m+nh+MpKf
zlE0UTIQF0w/Mp4wDZmr5QzWqpD+QxTcXBhvyFxqtiBXjYFI0OrTdmPLnoHcI/pA
q/4UHMbda4frkhCalqM1d7fR5d5ZQ+T+w6DX8G20nQTeSndY11OPsDSp/29NsaUV
VEIBz/WNLtOfCTXQUm9dS6oYKY0yhSaL66xuZrTAdxxp
-----END CERTIFICATE-----