This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/PUAOGeZbC3q2hI4As6WIL56mug0.roa
File:                     PUAOGeZbC3q2hI4As6WIL56mug0.roa (raw, json)
Hash identifier:          h0a5phhn/DN6rizIGXnIA2GO7M+qY/ayzPh0XbIIIlg=
Subject key identifier:   3D:40:0E:19:E6:5B:0B:7A:B6:84:8E:00:B3:A5:88:2F:9E:A6:BA:0D
Certificate issuer:       /CN=93a10fa9eca8ec8ddd5e125426438e8df8c87abc
Certificate serial:       019B76EB1F00284CB6655C6E6DB2C766E744
Authority key identifier: 93:A1:0F:A9:EC:A8:EC:8D:DD:5E:12:54:26:43:8E:8D:F8:C8:7A:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6EPqeyo7I3dXhJUJkOOjfjIerw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/PUAOGeZbC3q2hI4As6WIL56mug0.roa
Signing time:             Thu 01 Jan 2026 00:17:58 +0000
ROA not before:           Thu 01 Jan 2026 00:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62031
IP address blocks:        185.198.16.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/k6EPqeyo7I3dXhJUJkOOjfjIerw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/k6EPqeyo7I3dXhJUJkOOjfjIerw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k6EPqeyo7I3dXhJUJkOOjfjIerw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:1f:00:28:4c:b6:65:5c:6e:6d:b2:c7:66:e7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a10fa9eca8ec8ddd5e125426438e8df8c87abc
        Validity
            Not Before: Jan  1 00:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d400e19e65b0b7ab6848e00b3a5882f9ea6ba0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fc:b0:b9:ee:8e:31:66:c7:1b:df:cb:6b:33:
                    df:03:3a:8a:e6:9c:39:9a:aa:f9:89:a2:44:24:b7:
                    fd:f6:20:f3:5c:61:7b:e3:09:1a:e5:ba:35:62:49:
                    e0:86:ba:8c:f9:62:60:eb:93:84:b5:65:31:f7:18:
                    df:8f:47:15:c8:22:19:73:7f:31:f3:4a:3e:73:d5:
                    52:e1:95:b7:6c:9d:a5:90:12:ba:ed:68:ef:81:a0:
                    ea:a0:02:5e:94:fd:11:47:06:00:6b:98:16:30:00:
                    8d:93:fc:02:78:e5:fb:10:f7:11:41:69:5b:2e:2e:
                    da:f7:0a:3c:d6:6e:a5:c5:2c:a7:fd:2d:c8:f7:49:
                    eb:0b:c9:50:ef:64:84:c3:65:6c:0d:45:63:f0:6b:
                    22:3f:c2:a8:bb:cd:51:28:f0:da:45:ac:7c:e1:3e:
                    f4:bb:4f:6f:09:71:42:22:ec:97:72:87:ac:39:eb:
                    02:bf:7d:15:8b:12:fd:28:16:46:b4:cf:44:0a:03:
                    3c:0d:a5:3d:49:d0:a4:5b:99:89:33:24:07:ad:41:
                    14:15:74:1f:7c:6a:e2:b9:2f:47:96:b8:0d:35:17:
                    25:36:6b:17:c1:ca:f4:f1:25:4b:84:2b:66:43:d1:
                    ca:a3:d7:74:74:05:52:45:bd:9c:a9:b0:90:08:f6:
                    87:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:40:0E:19:E6:5B:0B:7A:B6:84:8E:00:B3:A5:88:2F:9E:A6:BA:0D
            X509v3 Authority Key Identifier:
                keyid:93:A1:0F:A9:EC:A8:EC:8D:DD:5E:12:54:26:43:8E:8D:F8:C8:7A:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6EPqeyo7I3dXhJUJkOOjfjIerw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/PUAOGeZbC3q2hI4As6WIL56mug0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/85e00e-d9ae-4074-9662-48790f600c64/1/k6EPqeyo7I3dXhJUJkOOjfjIerw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:48:b7:76:d9:e4:e5:21:07:1a:1a:de:9a:bd:e0:ff:ef:ef:
         7b:fa:39:c1:f5:74:7d:ef:3d:9c:f5:1c:84:15:ce:a6:5f:41:
         68:b9:99:02:ec:4a:57:58:79:9c:42:b5:a5:86:28:1c:cd:5d:
         00:64:93:2c:eb:e6:18:c9:07:e2:47:88:09:e4:70:c0:4b:0e:
         5a:08:a5:df:17:74:b6:53:60:14:01:cc:48:b2:a5:c0:44:48:
         84:e5:64:d4:2d:c0:9b:52:e5:0c:fc:2f:fb:84:b7:f4:c9:dd:
         72:84:ae:1f:ad:73:00:1a:71:da:f3:8d:9f:bf:ef:14:b9:f6:
         aa:c5:06:a1:1f:e8:ec:be:ff:52:e3:41:4b:39:02:14:26:60:
         e2:fc:9f:d6:8b:ea:e7:8f:a2:a5:10:55:b3:eb:65:ff:3a:32:
         65:2b:1f:76:2c:68:14:6e:40:f4:0b:a6:c5:24:e1:9c:d0:44:
         c7:99:fe:27:6e:79:ef:ad:a5:2a:6b:33:69:4a:b6:b0:78:28:
         51:ea:68:ed:41:1d:42:74:f9:c0:25:d0:48:d8:8f:94:04:c6:
         0d:37:76:2d:92:c8:8f:4d:70:0a:92:a2:b4:3a:6d:34:7f:d7:
         fb:c5:1e:c7:3d:9d:fd:8e:57:18:0f:3f:a2:28:05:14:08:f3:
         cd:7c:33:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26x8AKEy2ZVxubbLHZudEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTEwZmE5ZWNhOGVjOGRkZDVlMTI1NDI2NDM4ZThkZjhj
ODdhYmMwHhcNMjYwMTAxMDAxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQwMGUxOWU2NWIwYjdhYjY4NDhlMDBiM2E1ODgyZjllYTZiYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvywue6OMWbHG9/LazPfAzqK5pw5
mqr5iaJEJLf99iDzXGF74wka5bo1YknghrqM+WJg65OEtWUx9xjfj0cVyCIZc38x
80o+c9VS4ZW3bJ2lkBK67WjvgaDqoAJelP0RRwYAa5gWMACNk/wCeOX7EPcRQWlb
Li7a9wo81m6lxSyn/S3I90nrC8lQ72SEw2VsDUVj8GsiP8Kou81RKPDaRax84T70
u09vCXFCIuyXcoesOesCv30VixL9KBZGtM9ECgM8DaU9SdCkW5mJMyQHrUEUFXQf
fGriuS9HlrgNNRclNmsXwcr08SVLhCtmQ9HKo9d0dAVSRb2cqbCQCPaHWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1ADhnmWwt6toSOALOliC+eproNMB8GA1UdIwQY
MBaAFJOhD6nsqOyN3V4SVCZDjo34yHq8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZFUHFleW83STNkWGhKVUprT09qZmpJZXJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84NWUwMGUtZDlhZS00MDc0LTk2NjIt
NDg3OTBmNjAwYzY0LzEvUFVBT0dlWmJDM3EyaEk0QXM2V0lMNTZtdWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84NWUwMGUtZDlhZS00MDc0LTk2NjItNDg3OTBmNjAwYzY0
LzEvazZFUHFleW83STNkWGhKVUprT09qZmpJZXJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucYQMA0G
CSqGSIb3DQEBCwUAA4IBAQArSLd22eTlIQcaGt6aveD/7+97+jnB9XR97z2c9RyE
Fc6mX0FouZkC7EpXWHmcQrWlhigczV0AZJMs6+YYyQfiR4gJ5HDASw5aCKXfF3S2
U2AUAcxIsqXAREiE5WTULcCbUuUM/C/7hLf0yd1yhK4frXMAGnHa842fv+8Uufaq
xQahH+jsvv9S40FLOQIUJmDi/J/Wi+rnj6KlEFWz62X/OjJlKx92LGgUbkD0C6bF
JOGc0ETHmf4nbnnvraUqazNpSraweChR6mjtQR1CdPnAJdBI2I+UBMYNN3YtksiP
TXAKkqK0Om00f9f7xR7HPZ39jlcYDz+iKAUUCPPNfDPq
-----END CERTIFICATE-----