This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pTpGty7SoOlULzj4dFHlP8-2JxY.roa
File:                     pTpGty7SoOlULzj4dFHlP8-2JxY.roa (raw, json)
Hash identifier:          jwYePEgcBQVLY261Fm3BhfP9W/eR3MhlrFnRKYIgSt4=
Subject key identifier:   A5:3A:46:B7:2E:D2:A0:E9:54:2F:38:F8:74:51:E5:3F:CF:B6:27:16
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B87EF7C88A168F86A48F854D922BDBF23
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pTpGty7SoOlULzj4dFHlP8-2JxY.roa
Signing time:             Sun 04 Jan 2026 07:36:17 +0000
ROA not before:           Sun 04 Jan 2026 07:36:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        188.66.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:87:ef:7c:88:a1:68:f8:6a:48:f8:54:d9:22:bd:bf:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  4 07:36:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a53a46b72ed2a0e9542f38f87451e53fcfb62716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:52:a6:48:42:33:d5:be:ff:b5:a4:94:65:2b:
                    79:8c:95:4e:3a:31:74:11:2b:d4:29:cb:fc:fa:b1:
                    c7:7a:8b:53:27:1a:45:71:f3:d6:92:fd:fb:ef:9b:
                    5a:2b:15:f6:72:9f:ae:58:34:d5:8a:dd:0a:0c:63:
                    bb:db:ef:d3:5c:a0:c1:9e:7a:06:74:61:f3:42:35:
                    b5:28:51:f9:72:2e:c3:69:69:b8:7b:3f:f1:3f:54:
                    6d:48:7b:17:66:0c:37:fc:90:72:a8:b6:93:5e:3e:
                    5f:94:73:25:47:2e:2a:5b:cc:89:92:32:32:28:98:
                    68:4d:c4:f7:5f:90:e8:9e:4d:3e:59:1c:1c:15:a1:
                    42:ee:32:66:86:4d:a1:46:2b:e5:aa:e9:10:10:b1:
                    c0:d2:ba:f2:25:09:db:39:eb:2a:4a:83:6d:e5:bf:
                    6a:4e:5c:6d:be:04:14:02:4c:46:6e:fb:c3:81:21:
                    ee:49:a7:33:fa:f6:d8:ba:26:56:f4:39:a7:6d:b8:
                    e8:43:37:21:4a:bc:4b:88:7c:ee:71:6e:4f:05:05:
                    ae:ce:57:ca:33:a9:f1:b9:f3:a6:bd:b3:9a:12:f7:
                    bf:3c:f0:22:0a:5d:0c:f1:3a:f9:d4:5d:b4:42:63:
                    4f:a1:4b:19:67:51:7c:a9:d4:2c:98:c0:0d:e4:7d:
                    9f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:3A:46:B7:2E:D2:A0:E9:54:2F:38:F8:74:51:E5:3F:CF:B6:27:16
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pTpGty7SoOlULzj4dFHlP8-2JxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:54:1d:54:a1:c5:e8:dd:5a:bd:d0:48:76:51:cc:42:1e:24:
         39:01:72:ad:b6:50:7b:07:e7:1c:c3:7e:c8:28:56:f3:a1:18:
         7f:e1:eb:ca:a7:14:69:dd:a3:e9:47:20:a1:0c:39:32:28:71:
         a1:39:94:9f:38:65:23:1b:84:3b:5c:b3:fa:62:35:b3:9d:71:
         69:40:80:44:6c:97:74:d8:bb:23:51:ed:78:2d:35:b9:92:87:
         22:36:19:06:e7:3a:44:3a:03:6f:22:b0:c4:99:1b:3a:ac:b0:
         6a:1d:d7:9c:0d:27:38:f5:b4:fc:a3:20:8a:fa:18:b5:22:e3:
         14:5f:86:fa:4f:66:ab:02:1f:fd:a2:63:26:20:56:5a:d4:97:
         a5:4e:8d:1c:65:2a:d7:3c:51:7b:d9:26:16:ff:1d:94:d9:50:
         2a:27:db:fd:aa:9b:86:79:84:3f:be:7e:ed:4a:62:0b:15:fe:
         da:23:16:fd:9f:0a:6a:4f:88:d7:50:27:48:59:72:41:8f:9d:
         a6:ca:99:10:74:a4:f4:b0:4b:30:17:a4:3a:8d:a4:bf:3b:19:
         73:34:8a:4c:45:b3:0c:ea:bd:2d:c6:06:ca:7a:82:9b:0c:78:
         b4:00:2b:3f:cf:54:8b:e3:d7:1f:83:40:b5:64:e6:7d:f3:b4:
         b8:3d:f0:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuH73yIoWj4akj4VNkivb8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMTA0MDczNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTNhNDZiNzJlZDJhMGU5NTQyZjM4Zjg3NDUxZTUzZmNmYjYyNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVKmSEIz1b7/taSUZSt5jJVOOjF0
ESvUKcv8+rHHeotTJxpFcfPWkv3775taKxX2cp+uWDTVit0KDGO72+/TXKDBnnoG
dGHzQjW1KFH5ci7DaWm4ez/xP1RtSHsXZgw3/JByqLaTXj5flHMlRy4qW8yJkjIy
KJhoTcT3X5Donk0+WRwcFaFC7jJmhk2hRivlqukQELHA0rryJQnbOesqSoNt5b9q
TlxtvgQUAkxGbvvDgSHuSacz+vbYuiZW9DmnbbjoQzchSrxLiHzucW5PBQWuzlfK
M6nxufOmvbOaEve/PPAiCl0M8Tr51F20QmNPoUsZZ1F8qdQsmMAN5H2fOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKU6Rrcu0qDpVC84+HRR5T/PticWMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvcFRwR3R5N1NvT2xVTHpqNGRGSGxQOC0ySnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIYMA0G
CSqGSIb3DQEBCwUAA4IBAQCiVB1UocXo3Vq90Eh2UcxCHiQ5AXKttlB7B+ccw37I
KFbzoRh/4evKpxRp3aPpRyChDDkyKHGhOZSfOGUjG4Q7XLP6YjWznXFpQIBEbJd0
2LsjUe14LTW5kociNhkG5zpEOgNvIrDEmRs6rLBqHdecDSc49bT8oyCK+hi1IuMU
X4b6T2arAh/9omMmIFZa1JelTo0cZSrXPFF72SYW/x2U2VAqJ9v9qpuGeYQ/vn7t
SmILFf7aIxb9nwpqT4jXUCdIWXJBj52mypkQdKT0sEswF6Q6jaS/OxlzNIpMRbMM
6r0txgbKeoKbDHi0ACs/z1SL49cfg0C1ZOZ987S4PfBj
-----END CERTIFICATE-----