This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/pNL3oico6rSRy7HI-qZpBv7USh8.roa
File:                     pNL3oico6rSRy7HI-qZpBv7USh8.roa (raw, json)
Hash identifier:          nkMrE3yZ9+wbGR6nyZRKmZOaTcWk2iFc5i+D0HRUuvk=
Subject key identifier:   A4:D2:F7:A2:27:28:EA:B4:91:CB:B1:C8:FA:A6:69:06:FE:D4:4A:1F
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019B7C808FF205953AC7B8DF6FF416FF3C8E
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/pNL3oico6rSRy7HI-qZpBv7USh8.roa
Signing time:             Fri 02 Jan 2026 02:19:18 +0000
ROA not before:           Fri 02 Jan 2026 02:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        86.104.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:8f:f2:05:95:3a:c7:b8:df:6f:f4:16:ff:3c:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 02:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4d2f7a22728eab491cbb1c8faa66906fed44a1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:60:57:66:90:d4:98:c1:13:6b:d5:fe:b3:54:
                    1c:d7:32:bc:61:da:88:04:c7:16:84:4f:c2:fb:8e:
                    7a:c8:36:08:b2:80:d9:b6:3c:9e:80:02:8e:82:2e:
                    61:61:58:82:bb:10:0c:d2:c6:b5:26:c2:b0:de:4e:
                    e1:70:f8:cb:01:23:28:bd:ea:97:58:a8:e7:7e:a0:
                    6e:14:4b:7b:ce:f7:c5:3c:fa:47:6e:bc:cf:43:2f:
                    72:93:4e:94:fd:99:a0:2c:c9:72:88:82:70:b5:e5:
                    79:43:5f:ff:23:e0:ca:7c:7f:ee:17:3d:e3:6f:58:
                    48:43:26:2d:fd:b0:bc:30:d2:ad:00:2f:0e:d2:eb:
                    89:a5:3a:98:54:0a:3c:be:40:58:1f:ee:62:95:7a:
                    70:f1:f5:bc:f9:e9:1d:76:93:e6:ac:9e:c0:ef:23:
                    f2:fc:a9:e8:ae:93:3d:61:ad:cf:75:b2:d7:27:21:
                    ee:18:0d:63:2f:6a:22:bb:c0:db:cd:9b:46:83:65:
                    ca:11:ef:45:79:35:bb:95:f4:86:e8:57:58:87:a7:
                    56:14:47:33:46:a6:cf:59:68:d5:fa:a9:6c:b8:39:
                    ca:78:20:f6:08:0a:8d:d6:ee:0b:eb:1b:cf:06:c2:
                    16:5f:f9:c8:14:ae:88:cd:86:16:00:17:29:fa:ed:
                    51:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:D2:F7:A2:27:28:EA:B4:91:CB:B1:C8:FA:A6:69:06:FE:D4:4A:1F
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/pNL3oico6rSRy7HI-qZpBv7USh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:d3:d7:bc:b2:a3:f9:e8:23:79:ed:d6:32:06:0c:57:4d:c0:
         67:d2:bc:01:52:b0:81:c4:68:97:b9:3c:4b:5e:8e:50:1b:04:
         b1:7c:e4:67:d7:2c:89:a4:9a:46:e6:20:54:9b:be:a7:4a:ae:
         8a:6e:72:98:49:97:ce:97:3d:b3:cd:07:7a:e7:7b:8b:ae:ad:
         e3:9b:16:c7:f0:ea:bd:b4:ec:d2:50:4d:18:61:d9:ae:a1:59:
         a1:0f:de:56:bd:4a:da:6d:39:50:04:2a:74:d0:d1:09:1a:02:
         c3:57:db:75:15:b2:96:c4:1f:c6:b8:8d:e0:0f:46:6f:dc:9c:
         17:b7:03:f5:da:a2:8f:a5:98:2b:19:9a:a4:e1:8e:92:d6:f5:
         3a:cc:8f:07:0f:c5:c4:81:c3:7e:93:e3:63:9a:7d:f0:86:1f:
         03:e4:67:cd:5e:47:0d:98:80:65:8d:eb:14:8c:aa:69:dd:b6:
         cc:64:51:f1:e2:be:ef:9d:3a:d8:49:0e:93:81:b8:34:9c:4d:
         0b:72:85:69:e2:cc:aa:52:2d:39:86:52:ac:d8:bb:98:18:81:
         5d:14:40:ed:76:f5:46:80:e4:1a:74:a0:62:ad:7f:ca:b5:a8:
         39:f8:92:d4:e9:c0:e0:00:89:be:f0:19:2a:af:3a:da:b0:40:
         2c:94:01:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gI/yBZU6x7jfb/QW/zyOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMTAyMDIxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGQyZjdhMjI3MjhlYWI0OTFjYmIxYzhmYWE2NjkwNmZlZDQ0YTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2BXZpDUmMETa9X+s1Qc1zK8YdqI
BMcWhE/C+456yDYIsoDZtjyegAKOgi5hYViCuxAM0sa1JsKw3k7hcPjLASMoveqX
WKjnfqBuFEt7zvfFPPpHbrzPQy9yk06U/ZmgLMlyiIJwteV5Q1//I+DKfH/uFz3j
b1hIQyYt/bC8MNKtAC8O0uuJpTqYVAo8vkBYH+5ilXpw8fW8+ekddpPmrJ7A7yPy
/KnorpM9Ya3PdbLXJyHuGA1jL2oiu8DbzZtGg2XKEe9FeTW7lfSG6FdYh6dWFEcz
RqbPWWjV+qlsuDnKeCD2CAqN1u4L6xvPBsIWX/nIFK6IzYYWABcp+u1R6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTS96InKOq0kcuxyPqmaQb+1EofMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvcE5MM29pY282clNSeTdISS1xWnBCdjdVU2g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmh9MA0G
CSqGSIb3DQEBCwUAA4IBAQCC09e8sqP56CN57dYyBgxXTcBn0rwBUrCBxGiXuTxL
Xo5QGwSxfORn1yyJpJpG5iBUm76nSq6KbnKYSZfOlz2zzQd653uLrq3jmxbH8Oq9
tOzSUE0YYdmuoVmhD95WvUrabTlQBCp00NEJGgLDV9t1FbKWxB/GuI3gD0Zv3JwX
twP12qKPpZgrGZqk4Y6S1vU6zI8HD8XEgcN+k+Njmn3whh8D5GfNXkcNmIBljesU
jKpp3bbMZFHx4r7vnTrYSQ6Tgbg0nE0LcoVp4syqUi05hlKs2LuYGIFdFEDtdvVG
gOQadKBirX/Ktag5+JLU6cDgAIm+8BkqrzrasEAslAHC
-----END CERTIFICATE-----