This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PnrdOTpYMhxpCL7x1rP8uLUET88.roa
File:                     PnrdOTpYMhxpCL7x1rP8uLUET88.roa (raw, json)
Hash identifier:          D4RwL1lMXcdK2enu3fw3uc2XyVtp3WofeTeB09PZ/L0=
Subject key identifier:   3E:7A:DD:39:3A:58:32:1C:69:08:BE:F1:D6:B3:FC:B8:B5:04:4F:CF
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C8016A842113AE9E55E83D5B477F58F
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PnrdOTpYMhxpCL7x1rP8uLUET88.roa
Signing time:             Fri 02 Jan 2026 02:18:47 +0000
ROA not before:           Fri 02 Jan 2026 02:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35575
IP address blocks:        194.15.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:16:a8:42:11:3a:e9:e5:5e:83:d5:b4:77:f5:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e7add393a58321c6908bef1d6b3fcb8b5044fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:25:97:c5:5f:15:38:7b:f3:fa:db:01:4b:f7:
                    da:7f:1b:aa:7c:38:5d:50:f1:17:7e:9a:a6:99:a2:
                    85:71:3e:3f:e1:51:8a:12:6f:c7:ee:cc:a4:31:49:
                    5f:ed:b6:50:9b:18:dc:45:80:18:29:78:4d:02:5d:
                    6f:3b:db:70:b4:cc:71:d1:45:18:d1:e6:0c:b4:7d:
                    87:64:f3:1c:81:65:4a:dd:37:a6:b3:60:b0:9c:f8:
                    8c:65:87:1b:64:2b:ae:ed:8b:48:f9:c3:94:bd:a3:
                    ab:8f:a8:fd:98:c0:17:f2:38:eb:bd:b4:79:17:36:
                    90:cd:7c:68:6f:e9:c5:54:89:7a:1f:cc:e2:18:1d:
                    76:30:96:e8:5e:0c:ed:aa:02:cb:c4:09:18:15:0c:
                    d5:6f:fb:70:f1:67:e2:ef:72:f8:21:07:66:56:e5:
                    b8:09:05:ac:db:21:ad:85:8f:68:78:a3:98:cb:5d:
                    82:8c:6a:6e:dd:f1:ea:1d:51:66:b3:9e:e1:c7:5b:
                    e2:8b:4a:6d:3d:93:2b:23:a3:1d:2f:1e:20:3a:23:
                    9c:3a:f6:46:c5:98:3e:ef:f1:af:8e:28:8a:a0:89:
                    e7:e8:2d:8d:89:57:02:cd:fc:35:43:a7:d2:12:f3:
                    4f:cd:23:a4:3a:0f:b4:0f:72:50:b9:c3:9b:e0:06:
                    be:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:7A:DD:39:3A:58:32:1C:69:08:BE:F1:D6:B3:FC:B8:B5:04:4F:CF
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/PnrdOTpYMhxpCL7x1rP8uLUET88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:41:e9:2c:e1:91:b8:69:c3:84:d3:69:12:a5:d2:4a:2c:8d:
         3f:2b:14:da:e1:36:da:9b:88:93:fc:31:4c:f4:6c:c3:05:20:
         55:8b:cf:a1:83:fa:dc:86:a3:ed:0f:86:29:39:f8:a3:a3:9c:
         6a:d9:f0:43:96:1a:87:fd:ac:79:db:a4:ea:74:e0:9e:35:d6:
         f1:d0:96:9d:ce:2a:60:2d:a3:a4:cd:0f:7e:b7:fd:d6:3c:a5:
         62:68:61:05:e7:a8:3e:d0:70:34:9b:0a:13:ca:92:42:8a:ca:
         b9:b1:77:80:7f:88:50:ca:32:30:1f:1f:73:e1:48:61:bb:ea:
         29:cf:50:55:74:4f:c9:e0:b1:1c:e2:a1:92:a4:bc:7b:c0:24:
         87:df:dd:d3:fc:ef:fb:72:e9:7b:44:44:7d:29:31:33:1f:78:
         a3:8d:43:1e:3f:89:7d:2b:ca:24:73:89:ce:fc:69:6c:bd:e0:
         f3:c1:6e:c4:b1:cb:23:1d:8a:85:9d:06:90:73:8e:e2:00:44:
         5f:0e:5c:60:ab:d1:f7:7f:ab:2d:56:2a:14:c9:5c:fb:22:d0:
         43:8d:54:5b:e7:68:e1:6e:1f:8b:3b:fd:0e:47:55:e1:8b:f8:
         85:a7:55:5f:35:e1:0b:be:8e:91:5c:5f:d6:1a:c6:c4:b4:44:
         99:0d:81:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gBaoQhE66eVeg9W0d/WPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTdhZGQzOTNhNTgzMjFjNjkwOGJlZjFkNmIzZmNiOGI1MDQ0ZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCWXxV8VOHvz+tsBS/fafxuqfDhd
UPEXfpqmmaKFcT4/4VGKEm/H7sykMUlf7bZQmxjcRYAYKXhNAl1vO9twtMxx0UUY
0eYMtH2HZPMcgWVK3Tems2CwnPiMZYcbZCuu7YtI+cOUvaOrj6j9mMAX8jjrvbR5
FzaQzXxob+nFVIl6H8ziGB12MJboXgztqgLLxAkYFQzVb/tw8Wfi73L4IQdmVuW4
CQWs2yGthY9oeKOYy12CjGpu3fHqHVFms57hx1vii0ptPZMrI6MdLx4gOiOcOvZG
xZg+7/GvjiiKoInn6C2NiVcCzfw1Q6fSEvNPzSOkOg+0D3JQucOb4Aa+QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD563Tk6WDIcaQi+8daz/Li1BE/PMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvUG5yZE9UcFlNaHhwQ0w3eDFyUDh1TFVFVDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg8lMA0G
CSqGSIb3DQEBCwUAA4IBAQBxQeks4ZG4acOE02kSpdJKLI0/KxTa4Tbam4iT/DFM
9GzDBSBVi8+hg/rchqPtD4YpOfijo5xq2fBDlhqH/ax526TqdOCeNdbx0Jadzipg
LaOkzQ9+t/3WPKViaGEF56g+0HA0mwoTypJCisq5sXeAf4hQyjIwHx9z4Uhhu+op
z1BVdE/J4LEc4qGSpLx7wCSH393T/O/7cul7RER9KTEzH3ijjUMeP4l9K8okc4nO
/GlsveDzwW7EscsjHYqFnQaQc47iAERfDlxgq9H3f6stVioUyVz7ItBDjVRb52jh
bh+LO/0OR1Xhi/iFp1VfNeELvo6RXF/WGsbEtESZDYHM
-----END CERTIFICATE-----