This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/pPqoqszyNflAViMWi46ZOrZTdjY.roa
File:                     pPqoqszyNflAViMWi46ZOrZTdjY.roa (raw, json)
Hash identifier:          9ArEQlpDxpoMCJBHKPMxnNBFpsFnEVif2wzal4CkC4Y=
Subject key identifier:   A4:FA:A8:AA:CC:F2:35:F9:40:56:23:16:8B:8E:99:3A:B6:53:76:36
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       019B7EA614758C48DEB4677FB6BE4F4B03D2
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/pPqoqszyNflAViMWi46ZOrZTdjY.roa
Signing time:             Fri 02 Jan 2026 12:19:31 +0000
ROA not before:           Fri 02 Jan 2026 12:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210021
IP address blocks:        194.127.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:14:75:8c:48:de:b4:67:7f:b6:be:4f:4b:03:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  2 12:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4faa8aaccf235f9405623168b8e993ab6537636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8c:08:15:73:fa:ac:6b:d3:c7:22:e0:0e:32:
                    4f:c2:53:cb:ed:90:7f:b1:9c:3f:9c:d1:17:02:d0:
                    ec:c5:d6:8e:f0:83:23:e1:50:cf:68:15:83:5a:86:
                    e4:e6:5b:97:8d:77:b5:b2:a0:fc:17:37:2c:10:cf:
                    d2:54:dc:a5:3b:e2:cb:00:49:59:70:47:3f:e4:c6:
                    e4:d2:7f:8d:63:27:bb:b8:8c:81:10:46:ac:ed:51:
                    74:46:8f:73:90:a1:f2:ef:09:16:20:cc:5e:dd:06:
                    82:2e:41:4c:bd:45:d3:d5:4d:b1:6f:a2:4f:7f:41:
                    ad:44:46:0e:ec:c6:5c:96:e2:41:cf:41:2b:10:ee:
                    bc:0d:70:eb:8b:e5:4c:90:fa:8c:e4:dc:a0:15:d8:
                    c0:bb:94:dd:a0:ac:49:c8:79:4d:23:bc:40:0c:7a:
                    f1:15:f0:08:c1:af:3a:7d:e0:c4:e1:0b:e6:da:75:
                    98:ea:83:ab:e3:19:ff:66:8c:24:5a:26:8b:de:b4:
                    13:39:b9:67:4a:aa:93:8d:3a:fd:01:de:73:dc:8e:
                    dd:eb:d6:62:88:80:5e:bc:26:1f:a5:70:7b:6a:20:
                    84:00:d1:87:62:57:c1:6b:5e:df:39:2f:8d:22:63:
                    51:0c:7e:b6:3e:ec:d4:c9:c3:e5:27:74:e1:a2:02:
                    e0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:FA:A8:AA:CC:F2:35:F9:40:56:23:16:8B:8E:99:3A:B6:53:76:36
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/pPqoqszyNflAViMWi46ZOrZTdjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:ce:60:63:de:de:11:48:6d:17:73:01:48:78:e0:fc:21:1b:
         c8:52:81:37:d3:77:bc:51:6a:a0:a4:87:e7:1b:a4:8c:de:c2:
         8d:97:81:2a:86:46:ff:bb:06:87:2f:cc:68:a8:79:d3:f7:82:
         3a:42:21:31:aa:e6:17:01:f1:f5:c3:85:2b:0b:72:9d:d0:71:
         cb:7b:21:f9:16:9a:b9:31:58:c9:5a:0a:cc:70:cc:72:8e:2a:
         9c:f2:07:73:02:9a:1e:10:06:c0:1b:b7:7c:99:d0:1d:73:41:
         5f:75:13:22:76:6f:4a:0b:49:38:5a:72:5d:bc:52:1a:6f:a2:
         82:2f:e2:93:94:71:74:9a:67:85:08:fc:6b:a5:35:ea:37:08:
         6d:9f:11:2b:7e:d1:8b:fd:80:00:d4:bc:43:62:12:cb:69:fd:
         0e:35:96:3c:26:1b:79:c0:84:ba:1a:ef:05:93:c8:ed:5f:99:
         21:45:7e:d3:66:8d:ee:46:68:6c:03:12:35:7c:7c:47:4f:95:
         88:2f:6a:17:8b:57:ad:9d:be:3a:e0:79:ea:b6:3e:6b:a5:5a:
         dc:83:8c:37:46:bf:35:71:a3:f3:13:26:5b:2b:18:54:a8:58:
         7c:a3:93:cc:77:c2:fb:9d:b7:65:1d:55:75:71:ff:42:22:a4:
         c6:8d:25:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+phR1jEjetGd/tr5PSwPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjYwMTAyMTIxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGZhYThhYWNjZjIzNWY5NDA1NjIzMTY4YjhlOTkzYWI2NTM3NjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYwIFXP6rGvTxyLgDjJPwlPL7ZB/
sZw/nNEXAtDsxdaO8IMj4VDPaBWDWobk5luXjXe1sqD8FzcsEM/SVNylO+LLAElZ
cEc/5Mbk0n+NYye7uIyBEEas7VF0Ro9zkKHy7wkWIMxe3QaCLkFMvUXT1U2xb6JP
f0GtREYO7MZcluJBz0ErEO68DXDri+VMkPqM5NygFdjAu5TdoKxJyHlNI7xADHrx
FfAIwa86feDE4Qvm2nWY6oOr4xn/ZowkWiaL3rQTOblnSqqTjTr9Ad5z3I7d69Zi
iIBevCYfpXB7aiCEANGHYlfBa17fOS+NImNRDH62PuzUycPlJ3ThogLgcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKT6qKrM8jX5QFYjFouOmTq2U3Y2MB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvcFBxb3FzenlOZmxBVmlNV2k0NlpPclpUZGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9vMA0G
CSqGSIb3DQEBCwUAA4IBAQCzzmBj3t4RSG0XcwFIeOD8IRvIUoE303e8UWqgpIfn
G6SM3sKNl4Eqhkb/uwaHL8xoqHnT94I6QiExquYXAfH1w4UrC3Kd0HHLeyH5Fpq5
MVjJWgrMcMxyjiqc8gdzApoeEAbAG7d8mdAdc0FfdRMidm9KC0k4WnJdvFIab6KC
L+KTlHF0mmeFCPxrpTXqNwhtnxErftGL/YAA1LxDYhLLaf0ONZY8Jht5wIS6Gu8F
k8jtX5khRX7TZo3uRmhsAxI1fHxHT5WIL2oXi1etnb464Hnqtj5rpVrcg4w3Rr81
caPzEyZbKxhUqFh8o5PMd8L7nbdlHVV1cf9CIqTGjSVn
-----END CERTIFICATE-----