This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PvhgX0mf7P4RymC8ZVZ_bVsQUFE.roa
File:                     PvhgX0mf7P4RymC8ZVZ_bVsQUFE.roa (raw, json)
Hash identifier:          oraBL2M5xsDL1BlsW2l8GRTio3SEY3yBM8vrMCiNw1k=
Subject key identifier:   3E:F8:60:5F:49:9F:EC:FE:11:CA:60:BC:65:56:7F:6D:5B:10:50:51
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8569215765F20F8521F635BA06CF44
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PvhgX0mf7P4RymC8ZVZ_bVsQUFE.roa
Signing time:             Fri 02 Jan 2026 16:23:28 +0000
ROA not before:           Fri 02 Jan 2026 16:23:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208046
IP address blocks:        194.87.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:69:21:57:65:f2:0f:85:21:f6:35:ba:06:cf:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ef8605f499fecfe11ca60bc65567f6d5b105051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5e:7e:6a:dc:ec:48:1b:76:6d:90:e8:55:8e:
                    a2:a9:f5:cc:ea:4c:07:6a:46:19:96:d9:53:8a:b9:
                    57:e6:26:4a:94:d3:43:bb:b6:87:39:94:3e:93:75:
                    84:b0:1e:6b:fa:9b:aa:37:d7:c3:cf:6b:27:c7:66:
                    b9:8d:81:5a:85:ef:31:40:83:c7:11:21:cc:7c:f0:
                    9d:3a:5e:51:75:79:1d:23:83:93:77:ee:9c:57:65:
                    5f:e2:95:11:23:44:98:8a:7b:7c:d1:a0:1f:75:47:
                    d9:aa:56:fb:f8:1e:11:8d:a9:17:1d:c8:56:4e:b3:
                    5e:5d:89:93:bc:7c:2f:6a:97:7b:50:38:df:4b:e7:
                    b0:b8:13:5c:38:94:ae:41:92:25:8c:ca:fe:e0:f2:
                    81:2e:d9:bb:0d:ed:a8:e1:ad:3d:74:61:3b:0d:22:
                    2c:c7:a7:89:6d:66:62:b6:48:bb:b4:71:70:b5:46:
                    02:2a:39:e3:b0:17:02:e6:cf:d7:68:30:9b:26:f7:
                    a3:f4:e0:c0:a9:d6:43:57:84:4d:7f:19:db:83:29:
                    ed:7e:66:83:b2:61:e7:6d:7a:64:42:ae:13:c4:91:
                    c2:f1:fc:83:06:b4:38:ca:e9:2e:db:a8:72:84:f0:
                    09:aa:ef:05:1c:f1:8a:bb:47:5b:c0:22:ca:a7:d0:
                    0b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F8:60:5F:49:9F:EC:FE:11:CA:60:BC:65:56:7F:6D:5B:10:50:51
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PvhgX0mf7P4RymC8ZVZ_bVsQUFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:a6:52:de:7b:5f:a4:eb:e8:3c:e0:62:45:0d:20:56:45:c2:
         76:6b:70:31:ad:35:e1:ff:9a:77:b5:f1:ca:44:1d:77:b8:e7:
         e0:66:ae:fd:6b:c7:26:2f:df:c9:da:a5:b4:64:42:7e:b2:6c:
         f8:41:e2:e9:28:19:02:2c:43:b7:87:99:b4:8a:98:f2:4b:e7:
         9c:c9:c6:14:45:b3:ce:b9:fa:89:b1:e5:c7:1f:80:f7:60:e4:
         f4:c6:45:ab:d6:e4:07:e0:b7:db:6c:1e:a5:02:43:4a:08:f4:
         70:7d:15:f3:f8:f9:95:ae:26:e7:f8:8d:4d:ae:55:19:50:73:
         43:9f:ba:52:e9:74:a4:0c:ee:78:e8:e2:0c:bc:3a:84:62:78:
         a2:ef:38:70:19:dc:01:8a:b7:0b:49:f8:d6:e5:29:0c:68:09:
         24:6e:3c:1b:d4:6d:c2:a5:73:12:d2:18:ce:43:86:d3:e0:2c:
         c2:f0:39:68:ab:25:54:a2:55:b9:f2:d0:93:4d:46:82:7a:33:
         15:29:c8:04:f6:c8:b3:bf:ac:ca:17:b1:a3:0d:e2:a3:57:18:
         04:21:ba:ff:d5:37:85:0f:90:2f:54:22:f2:ad:bb:ec:b3:cc:
         f4:e2:f0:19:e1:d4:fb:c7:3f:9f:4b:e0:52:a3:16:88:9d:48:
         58:81:d5:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hWkhV2XyD4Uh9jW6Bs9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWY4NjA1ZjQ5OWZlY2ZlMTFjYTYwYmM2NTU2N2Y2ZDViMTA1MDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0V5+atzsSBt2bZDoVY6iqfXM6kwH
akYZltlTirlX5iZKlNNDu7aHOZQ+k3WEsB5r+puqN9fDz2snx2a5jYFahe8xQIPH
ESHMfPCdOl5RdXkdI4OTd+6cV2Vf4pURI0SYint80aAfdUfZqlb7+B4RjakXHchW
TrNeXYmTvHwvapd7UDjfS+ewuBNcOJSuQZIljMr+4PKBLtm7De2o4a09dGE7DSIs
x6eJbWZitki7tHFwtUYCKjnjsBcC5s/XaDCbJvej9ODAqdZDV4RNfxnbgyntfmaD
smHnbXpkQq4TxJHC8fyDBrQ4yuku26hyhPAJqu8FHPGKu0dbwCLKp9ALEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD74YF9Jn+z+EcpgvGVWf21bEFBRMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUHZoZ1gwbWY3UDRSeW1DOFpWWl9iVnNRVUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcOMA0G
CSqGSIb3DQEBCwUAA4IBAQATplLee1+k6+g84GJFDSBWRcJ2a3AxrTXh/5p3tfHK
RB13uOfgZq79a8cmL9/J2qW0ZEJ+smz4QeLpKBkCLEO3h5m0ipjyS+ecycYURbPO
ufqJseXHH4D3YOT0xkWr1uQH4LfbbB6lAkNKCPRwfRXz+PmVribn+I1NrlUZUHND
n7pS6XSkDO546OIMvDqEYnii7zhwGdwBircLSfjW5SkMaAkkbjwb1G3CpXMS0hjO
Q4bT4CzC8DloqyVUolW58tCTTUaCejMVKcgE9sizv6zKF7GjDeKjVxgEIbr/1TeF
D5AvVCLyrbvss8z04vAZ4dT7xz+fS+BSoxaInUhYgdWR
-----END CERTIFICATE-----