This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/pMLFHgvr97zNskO8YN_sDv0Y-aU.roa
File:                     pMLFHgvr97zNskO8YN_sDv0Y-aU.roa (raw, json)
Hash identifier:          OO8vYGJ08onKRzkSKXfvr1cztRsM4kZCRCHxKVslWRc=
Subject key identifier:   A4:C2:C5:1E:0B:EB:F7:BC:CD:B2:43:BC:60:DF:EC:0E:FD:18:F9:A5
Certificate issuer:       /CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
Certificate serial:       019B7A5A9E39B182A392232345E3BC97D768
Authority key identifier: 45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/pMLFHgvr97zNskO8YN_sDv0Y-aU.roa
Signing time:             Thu 01 Jan 2026 16:18:37 +0000
ROA not before:           Thu 01 Jan 2026 16:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42698
IP address blocks:        195.248.252.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:9e:39:b1:82:a3:92:23:23:45:e3:bc:97:d7:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
        Validity
            Not Before: Jan  1 16:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4c2c51e0bebf7bccdb243bc60dfec0efd18f9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:01:b2:e9:ad:84:76:fb:05:a3:a2:ae:99:6e:
                    12:5e:1b:34:a6:c2:4e:d2:7b:8f:c1:b3:c4:f4:6f:
                    cd:31:ba:44:5d:18:b3:25:41:19:38:9d:7b:47:45:
                    6a:ee:f6:45:04:51:84:fc:a7:b1:40:e0:d3:aa:1f:
                    a6:1c:68:33:d3:44:c4:b2:55:5b:d2:1c:a3:75:61:
                    b3:4e:59:1b:9e:19:13:d2:96:96:73:d3:c3:77:c7:
                    52:6a:dd:77:8f:c5:b2:f6:98:03:f6:c4:fa:67:7b:
                    e7:26:cc:9d:dd:ba:61:80:be:3d:76:05:58:d1:4d:
                    dc:e4:3e:3e:d4:5f:00:df:f8:25:04:d1:d8:9f:9f:
                    5a:d4:a2:6b:c3:8b:72:d9:fc:e5:5d:da:bf:75:30:
                    e1:6b:c4:dd:47:52:e4:e6:42:2c:17:36:fc:4c:c1:
                    24:53:be:c0:40:2a:fd:8a:f5:7b:63:0a:e8:0f:47:
                    08:4d:72:88:9d:13:d3:1c:23:1d:06:5a:23:8d:48:
                    fa:0e:92:6d:e9:fa:37:9f:83:9d:88:94:69:0f:a2:
                    af:a3:27:99:06:af:05:57:89:a5:7a:b0:d3:a4:ca:
                    16:3d:c7:c3:9e:f0:46:70:1f:95:3f:f7:3c:f7:82:
                    a4:f4:52:9d:b1:87:5a:e1:90:af:ed:aa:a8:34:07:
                    ca:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C2:C5:1E:0B:EB:F7:BC:CD:B2:43:BC:60:DF:EC:0E:FD:18:F9:A5
            X509v3 Authority Key Identifier:
                keyid:45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/pMLFHgvr97zNskO8YN_sDv0Y-aU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:3e:4f:c1:b9:3e:65:ff:df:06:67:ce:85:c8:9c:da:7c:44:
         cb:db:c1:dc:29:5f:65:38:0b:27:46:e2:2a:50:bc:8d:fe:46:
         a5:4f:1f:d0:93:48:a7:c9:0b:77:38:45:ea:da:22:7a:36:95:
         fc:06:8c:99:4b:f2:37:da:06:01:ee:4d:78:91:26:ff:a6:27:
         b9:0f:e0:c3:fa:5b:6c:a5:68:2b:35:03:56:d7:4c:04:76:22:
         8d:96:82:56:b1:c1:28:a0:9a:7b:85:61:fd:a7:27:f2:0c:f0:
         cd:28:b0:f8:db:67:f7:be:9a:a6:de:e2:d5:9f:d9:c3:4d:8f:
         07:75:41:08:e6:93:c3:b2:76:c5:fc:17:15:66:73:18:b3:f9:
         08:a9:f1:62:8a:ca:5b:c8:a1:a8:cd:58:ff:e7:17:6e:7f:70:
         e9:ff:f8:ca:03:39:ec:8b:bb:6e:b8:43:7c:00:6e:02:ee:bc:
         18:7a:ad:0f:49:7f:69:03:7c:65:3e:97:cc:d5:7d:5c:89:cc:
         87:30:7d:27:cc:27:e8:a7:a3:3a:26:6c:a7:ad:dc:77:73:b6:
         f3:f7:06:99:f0:f9:16:7a:88:83:f0:ff:8f:c6:bb:c6:29:55:
         82:5f:ed:73:02:1d:58:9b:f1:5b:d9:24:25:e3:d6:4f:96:22:
         a4:05:37:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wp45sYKjkiMjReO8l9doMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGI2NzU5YzFhMGNmNWFkODJkYTVjMzkzYmNkMGZmZjdj
N2UyZjAwHhcNMjYwMTAxMTYxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGMyYzUxZTBiZWJmN2JjY2RiMjQzYmM2MGRmZWMwZWZkMThmOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4QGy6a2EdvsFo6KumW4SXhs0psJO
0nuPwbPE9G/NMbpEXRizJUEZOJ17R0Vq7vZFBFGE/KexQODTqh+mHGgz00TEslVb
0hyjdWGzTlkbnhkT0paWc9PDd8dSat13j8Wy9pgD9sT6Z3vnJsyd3bphgL49dgVY
0U3c5D4+1F8A3/glBNHYn59a1KJrw4ty2fzlXdq/dTDha8TdR1Lk5kIsFzb8TMEk
U77AQCr9ivV7YwroD0cITXKInRPTHCMdBlojjUj6DpJt6fo3n4OdiJRpD6KvoyeZ
Bq8FV4mlerDTpMoWPcfDnvBGcB+VP/c894Kk9FKdsYda4ZCv7aqoNAfKWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTCxR4L6/e8zbJDvGDf7A79GPmlMB8GA1UdIwQY
MBaAFEWLZ1nBoM9a2C2lw5O80P/3x+LwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjIt
MDBjOTEzY2IwNTU3LzEvcE1MRkhndnI5N3pOc2tPOFlOX3NEdjBZLWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjItMDBjOTEzY2IwNTU3
LzEvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/j8MA0G
CSqGSIb3DQEBCwUAA4IBAQBBPk/BuT5l/98GZ86FyJzafETL28HcKV9lOAsnRuIq
ULyN/kalTx/Qk0inyQt3OEXq2iJ6NpX8BoyZS/I32gYB7k14kSb/pie5D+DD+lts
pWgrNQNW10wEdiKNloJWscEooJp7hWH9pyfyDPDNKLD422f3vpqm3uLVn9nDTY8H
dUEI5pPDsnbF/BcVZnMYs/kIqfFiispbyKGozVj/5xduf3Dp//jKAznsi7tuuEN8
AG4C7rwYeq0PSX9pA3xlPpfM1X1cicyHMH0nzCfop6M6Jmynrdx3c7bz9waZ8PkW
eoiD8P+PxrvGKVWCX+1zAh1Ym/Fb2SQl49ZPliKkBTdf
-----END CERTIFICATE-----