This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/pBY-m3fTvRgCKA2fhrrC18yYXXo.roa
File:                     pBY-m3fTvRgCKA2fhrrC18yYXXo.roa (raw, json)
Hash identifier:          rEOIvVPIx9D8zhJT04AIosT1AdrWPH4fBg2A4YDwjlQ=
Subject key identifier:   A4:16:3E:9B:77:D3:BD:18:02:28:0D:9F:86:BA:C2:D7:CC:98:5D:7A
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       019B7910FC97BE250A3ED7821002FF4A6536
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/pBY-m3fTvRgCKA2fhrrC18yYXXo.roa
Signing time:             Thu 01 Jan 2026 10:18:34 +0000
ROA not before:           Thu 01 Jan 2026 10:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12387
IP address blocks:        195.4.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:fc:97:be:25:0a:3e:d7:82:10:02:ff:4a:65:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan  1 10:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4163e9b77d3bd1802280d9f86bac2d7cc985d7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5d:c0:8b:3b:95:a0:37:8a:e0:c4:60:96:41:
                    0f:3c:2c:71:19:94:5f:e5:f8:cd:ff:64:3f:c8:03:
                    a7:2a:a3:71:cf:7f:fb:89:0f:2e:80:c3:cc:63:b7:
                    7d:3b:16:5a:b1:90:59:c6:b0:d5:07:95:c6:e2:47:
                    b4:99:18:ab:d6:8e:1f:84:29:6e:cd:0c:30:dc:a4:
                    1d:01:89:8e:c3:1f:74:72:09:ac:88:43:ef:a3:d2:
                    fe:b5:a5:de:fa:e2:b0:4f:94:ee:ce:2c:d2:3b:ad:
                    10:2f:97:2b:51:0b:f9:f6:15:89:f2:1b:42:38:11:
                    d1:40:26:93:f0:46:3d:37:3e:4f:5b:44:5e:a2:95:
                    1e:52:db:df:e2:dd:e4:f5:fd:b3:f1:5a:8c:03:a8:
                    ea:c7:0a:1f:fe:01:44:d9:06:03:47:53:81:34:a3:
                    54:3e:14:fb:9d:c9:d8:08:25:5b:3a:34:53:84:ab:
                    75:22:ba:7c:b5:5b:b2:1b:3b:f6:94:5f:cf:53:cf:
                    6f:47:8f:4f:20:30:f1:cb:38:ce:93:08:d1:59:f7:
                    c3:00:1e:53:69:96:6e:ee:8b:a6:c8:aa:5e:2d:8a:
                    8f:e3:75:73:6e:a7:22:85:77:8f:8c:4d:d6:05:41:
                    12:11:c3:9f:b2:d9:90:dc:00:23:08:31:3a:ef:14:
                    85:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:16:3E:9B:77:D3:BD:18:02:28:0D:9F:86:BA:C2:D7:CC:98:5D:7A
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/pBY-m3fTvRgCKA2fhrrC18yYXXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.4.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:a8:77:42:7d:6a:36:7b:70:44:42:82:ec:45:78:73:26:be:
         4a:be:c1:fc:73:d9:da:7c:99:09:60:5f:bb:ff:05:15:f4:9f:
         dc:f8:a0:2e:a6:07:ca:4a:31:eb:04:7c:fe:90:a5:17:82:d8:
         ad:d0:60:70:33:ed:36:71:2e:d7:6d:93:25:97:51:9f:8b:78:
         ee:8c:c1:fa:f4:5a:08:29:2b:ee:ec:30:dd:a3:75:eb:dc:a9:
         3c:30:b6:ad:9e:5f:51:b0:6e:24:3a:71:b8:22:4d:6f:e8:75:
         00:21:f6:c1:ff:b7:68:96:e3:13:25:81:50:52:31:8d:51:3a:
         10:60:57:da:10:fd:d7:a9:4f:11:f3:76:90:88:14:31:99:27:
         ff:ae:48:93:43:29:59:ef:6a:b1:96:12:d2:07:76:f2:1a:77:
         3a:dc:50:6b:4c:db:6c:d3:8c:5d:3c:52:75:4c:a5:b4:12:bf:
         53:0e:a7:c8:8d:d8:23:e9:9b:46:56:85:f0:36:ee:3c:9f:1d:
         6a:9e:28:05:b7:07:de:34:62:c4:f9:ff:a8:10:4c:13:8a:15:
         7e:d9:1f:a7:b4:0c:52:c6:1a:9b:49:bc:f3:a3:be:f2:db:7b:
         cd:b5:6b:a3:e6:38:9c:1a:24:5f:93:bd:96:69:12:6f:2b:d6:
         1f:0e:da:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EPyXviUKPteCEAL/SmU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjYwMTAxMTAxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE2M2U5Yjc3ZDNiZDE4MDIyODBkOWY4NmJhYzJkN2NjOTg1ZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoV3AizuVoDeK4MRglkEPPCxxGZRf
5fjN/2Q/yAOnKqNxz3/7iQ8ugMPMY7d9OxZasZBZxrDVB5XG4ke0mRir1o4fhClu
zQww3KQdAYmOwx90cgmsiEPvo9L+taXe+uKwT5TuzizSO60QL5crUQv59hWJ8htC
OBHRQCaT8EY9Nz5PW0ReopUeUtvf4t3k9f2z8VqMA6jqxwof/gFE2QYDR1OBNKNU
PhT7ncnYCCVbOjRThKt1Irp8tVuyGzv2lF/PU89vR49PIDDxyzjOkwjRWffDAB5T
aZZu7oumyKpeLYqP43VzbqcihXePjE3WBUESEcOfstmQ3AAjCDE67xSFZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQWPpt3070YAigNn4a6wtfMmF16MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvcEJZLW0zZlR2UmdDS0EyZmhyckMxOHlZWFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwwSwMA0G
CSqGSIb3DQEBCwUAA4IBAQCnqHdCfWo2e3BEQoLsRXhzJr5KvsH8c9nafJkJYF+7
/wUV9J/c+KAupgfKSjHrBHz+kKUXgtit0GBwM+02cS7XbZMll1Gfi3jujMH69FoI
KSvu7DDdo3Xr3Kk8MLatnl9RsG4kOnG4Ik1v6HUAIfbB/7doluMTJYFQUjGNUToQ
YFfaEP3XqU8R83aQiBQxmSf/rkiTQylZ72qxlhLSB3byGnc63FBrTNts04xdPFJ1
TKW0Er9TDqfIjdgj6ZtGVoXwNu48nx1qnigFtwfeNGLE+f+oEEwTihV+2R+ntAxS
xhqbSbzzo77y23vNtWuj5jicGiRfk72WaRJvK9YfDtqE
-----END CERTIFICATE-----