This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/pIAhj8amHnd0fjLTUVpUmZpe45o.roa
File:                     pIAhj8amHnd0fjLTUVpUmZpe45o.roa (raw, json)
Hash identifier:          F6Vq2qEf6nCrdvdX7pWrP/aHN1l9RhEoh7QDzNTcEVU=
Subject key identifier:   A4:80:21:8F:C6:A6:1E:77:74:7E:32:D3:51:5A:54:99:9A:5E:E3:9A
Certificate issuer:       /CN=2ffb641d3ca2ec1157f477321789cec0cc5f29a4
Certificate serial:       019B797EEA22F6522B8B97EDB2C8068665DB
Authority key identifier: 2F:FB:64:1D:3C:A2:EC:11:57:F4:77:32:17:89:CE:C0:CC:5F:29:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/pIAhj8amHnd0fjLTUVpUmZpe45o.roa
Signing time:             Thu 01 Jan 2026 12:18:39 +0000
ROA not before:           Thu 01 Jan 2026 12:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56655
IP address blocks:        195.35.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:ea:22:f6:52:2b:8b:97:ed:b2:c8:06:86:65:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ffb641d3ca2ec1157f477321789cec0cc5f29a4
        Validity
            Not Before: Jan  1 12:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a480218fc6a61e77747e32d3515a54999a5ee39a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ac:8b:72:f4:4b:7e:d4:86:82:6d:99:30:0e:
                    70:ca:56:3a:32:13:5b:2b:e7:de:ed:72:e7:02:f9:
                    2c:ca:91:bd:c9:c5:6d:4e:d3:b6:01:4a:49:6b:8b:
                    c2:56:94:90:85:d5:2e:e2:f2:df:5e:e2:d2:07:08:
                    1c:8b:11:c4:e5:95:e0:5e:fd:99:67:4c:b6:27:04:
                    48:b1:e4:db:5e:17:7c:a2:76:aa:4f:77:a0:2d:ed:
                    ab:43:93:63:f3:1c:03:ea:07:07:1f:23:96:f6:5a:
                    4f:ef:e9:d8:f4:f1:09:5f:3c:06:0a:cf:3f:72:6f:
                    f2:57:4f:a4:44:be:37:8c:3c:c6:8f:9e:13:2f:f2:
                    c1:37:d7:26:86:aa:7f:5f:8b:a1:c3:aa:b7:51:45:
                    57:fe:68:e8:fe:07:b5:7e:31:2d:76:a7:f5:86:c7:
                    3e:0c:0b:ef:01:52:44:8a:e2:57:9d:6f:96:65:e1:
                    13:7e:e0:68:49:fe:95:0c:31:55:9b:4d:2a:62:9b:
                    a8:88:ee:bf:8e:0e:40:b7:8b:6d:b3:04:19:cb:ea:
                    6d:ee:8b:f6:20:1d:b5:6d:84:fb:ab:6d:69:a0:43:
                    72:99:9f:e9:74:14:56:18:8a:91:f9:b3:a8:07:fd:
                    d5:30:44:05:47:90:4a:3a:c1:64:4e:5f:58:60:a0:
                    b5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:80:21:8F:C6:A6:1E:77:74:7E:32:D3:51:5A:54:99:9A:5E:E3:9A
            X509v3 Authority Key Identifier:
                keyid:2F:FB:64:1D:3C:A2:EC:11:57:F4:77:32:17:89:CE:C0:CC:5F:29:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/pIAhj8amHnd0fjLTUVpUmZpe45o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b06fe0-3690-437d-8924-071daa05dabf/1/L_tkHTyi7BFX9HcyF4nOwMxfKaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:9c:d5:93:75:12:9e:fe:7a:48:46:ca:79:74:2e:8c:c6:d9:
         9a:6c:3e:b4:81:57:58:df:0e:aa:f7:8e:11:19:90:bd:99:e9:
         93:41:96:f0:01:54:5e:28:1b:be:42:ed:08:ed:7b:92:84:95:
         8d:80:9b:2d:d6:42:e1:1d:70:c2:5e:35:2b:8d:b1:c9:c1:30:
         22:4d:aa:ac:17:d4:66:f3:5c:9f:4e:cc:63:48:2a:ec:95:1a:
         30:ab:ae:5c:89:16:26:69:c2:23:af:a4:df:2a:fa:b2:31:dc:
         93:53:45:2c:d4:8c:74:aa:82:f4:5f:b8:33:21:68:2d:f6:38:
         ad:50:da:9b:9a:0d:15:2e:ea:1f:65:28:04:82:06:56:4e:24:
         9a:c4:6b:5f:e4:fc:8f:41:ef:43:af:a0:4b:69:41:f5:f4:b9:
         52:b7:b5:e5:81:63:49:4f:30:1b:72:34:53:a5:6a:6b:97:75:
         8f:8d:66:c4:e4:dc:a5:54:3f:e3:38:76:ef:7d:68:fd:2c:8a:
         4c:5c:83:94:82:12:8c:6a:4a:80:51:8c:34:23:c2:6f:7b:73:
         c9:12:b7:e4:ee:d6:ae:3c:9c:ef:8a:45:07:26:ee:49:9c:4b:
         61:b7:25:58:98:1d:23:be:cf:a3:e3:50:87:9a:88:51:6c:d2:
         5c:53:1b:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fuoi9lIri5ftssgGhmXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZmI2NDFkM2NhMmVjMTE1N2Y0NzczMjE3ODljZWMwY2M1
ZjI5YTQwHhcNMjYwMTAxMTIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDgwMjE4ZmM2YTYxZTc3NzQ3ZTMyZDM1MTVhNTQ5OTlhNWVlMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6yLcvRLftSGgm2ZMA5wylY6MhNb
K+fe7XLnAvksypG9ycVtTtO2AUpJa4vCVpSQhdUu4vLfXuLSBwgcixHE5ZXgXv2Z
Z0y2JwRIseTbXhd8onaqT3egLe2rQ5Nj8xwD6gcHHyOW9lpP7+nY9PEJXzwGCs8/
cm/yV0+kRL43jDzGj54TL/LBN9cmhqp/X4uhw6q3UUVX/mjo/ge1fjEtdqf1hsc+
DAvvAVJEiuJXnW+WZeETfuBoSf6VDDFVm00qYpuoiO6/jg5At4ttswQZy+pt7ov2
IB21bYT7q21poENymZ/pdBRWGIqR+bOoB/3VMEQFR5BKOsFkTl9YYKC15QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSAIY/Gph53dH4y01FaVJmaXuOaMB8GA1UdIwQY
MBaAFC/7ZB08ouwRV/R3MheJzsDMXymkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTF90a0hUeWk3QkZYOUhjeUY0bk93TXhmS2FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9iMDZmZTAtMzY5MC00MzdkLTg5MjQt
MDcxZGFhMDVkYWJmLzEvcElBaGo4YW1IbmQwZmpMVFVWcFVtWnBlNDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9iMDZmZTAtMzY5MC00MzdkLTg5MjQtMDcxZGFhMDVkYWJm
LzEvTF90a0hUeWk3QkZYOUhjeUY0bk93TXhmS2FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNxMA0G
CSqGSIb3DQEBCwUAA4IBAQB3nNWTdRKe/npIRsp5dC6MxtmabD60gVdY3w6q944R
GZC9memTQZbwAVReKBu+Qu0I7XuShJWNgJst1kLhHXDCXjUrjbHJwTAiTaqsF9Rm
81yfTsxjSCrslRowq65ciRYmacIjr6TfKvqyMdyTU0Us1Ix0qoL0X7gzIWgt9jit
UNqbmg0VLuofZSgEggZWTiSaxGtf5PyPQe9Dr6BLaUH19LlSt7XlgWNJTzAbcjRT
pWprl3WPjWbE5NylVD/jOHbvfWj9LIpMXIOUghKMakqAUYw0I8Jve3PJErfk7tau
PJzvikUHJu5JnEthtyVYmB0jvs+j41CHmohRbNJcUxvY
-----END CERTIFICATE-----