This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/PIJcLY46PYSHoDgSOZxEPuH417I.roa
File:                     PIJcLY46PYSHoDgSOZxEPuH417I.roa (raw, json)
Hash identifier:          srTkWvbqzoKRLCgdMr4N/amg9swAtdMCENwqQ8aPPow=
Subject key identifier:   3C:82:5C:2D:8E:3A:3D:84:87:A0:38:12:39:9C:44:3E:E1:F8:D7:B2
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       019B7DC9506A309DC2AFEBFEC06A642AF243
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/PIJcLY46PYSHoDgSOZxEPuH417I.roa
Signing time:             Fri 02 Jan 2026 08:18:23 +0000
ROA not before:           Fri 02 Jan 2026 08:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5650
IP address blocks:        213.177.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:50:6a:30:9d:c2:af:eb:fe:c0:6a:64:2a:f2:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jan  2 08:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c825c2d8e3a3d8487a03812399c443ee1f8d7b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1f:28:1b:b8:4f:a1:c6:75:2f:57:3d:66:e3:
                    f8:e1:8e:79:57:00:49:7b:44:19:24:29:46:16:67:
                    4b:dd:21:22:7a:3d:f8:f1:6d:8d:07:7d:b6:32:65:
                    84:16:e3:0d:15:b1:1d:6e:8c:3f:a2:6c:4e:07:e7:
                    ab:7d:44:c9:bb:86:2d:fd:c3:88:d3:cb:c5:7d:73:
                    26:80:74:f1:d1:d5:6e:9d:b0:75:8e:75:bd:f2:51:
                    8f:f9:01:90:a9:9b:3c:02:35:6e:e0:5b:74:b5:8d:
                    14:b7:e3:ec:b5:4b:fc:98:48:25:b0:86:9f:b5:1e:
                    48:1b:93:24:2f:b9:10:25:64:c4:8c:5a:bd:81:dd:
                    38:9a:2e:60:1b:6d:21:89:09:fc:9c:6c:61:c7:51:
                    b8:51:2e:2a:6c:f1:ce:79:c6:6c:70:5d:5f:79:a6:
                    d1:05:38:7f:a3:44:d6:3b:be:ff:a5:82:24:a8:d2:
                    db:88:65:fa:c3:a5:0e:9d:45:9e:92:39:b7:2c:a6:
                    57:ec:10:19:09:57:42:9f:85:df:68:13:fc:8a:3d:
                    ae:ac:62:60:63:80:41:e3:f3:b0:7a:42:12:69:21:
                    e8:84:49:16:f6:61:b0:ac:2c:3a:f0:47:53:66:fc:
                    c6:4e:80:a1:57:4f:c4:8a:2b:ab:da:b4:d2:81:52:
                    67:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:82:5C:2D:8E:3A:3D:84:87:A0:38:12:39:9C:44:3E:E1:F8:D7:B2
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/PIJcLY46PYSHoDgSOZxEPuH417I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.177.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:05:7d:31:e2:a3:4d:d5:1a:e9:b2:1e:f9:bd:af:04:c6:7e:
         9d:46:1a:dc:13:26:8b:12:a8:a6:e5:a9:fe:0f:e8:3a:19:f9:
         45:ab:51:3f:50:86:43:bc:f8:a4:8a:65:cd:bc:c0:2e:8e:dd:
         21:a3:43:df:e3:56:84:4b:e4:f7:1e:5b:28:a5:00:04:78:99:
         99:b0:94:a7:bb:33:6c:45:25:50:60:e4:f8:97:d3:10:6a:04:
         a2:02:59:77:0e:84:79:ee:f4:78:b9:c2:4a:23:7a:1b:bf:51:
         c6:72:75:01:cf:f9:cf:1f:09:3e:01:91:65:1f:82:e5:41:ab:
         1a:2a:5a:48:71:68:6e:91:5d:3c:78:d0:45:db:ad:20:8b:f5:
         e9:6b:af:15:12:2a:af:00:aa:0f:99:8e:ca:87:23:a6:ec:42:
         03:ca:08:9b:d2:62:a7:88:e2:a8:9e:90:31:e0:ee:96:c5:ef:
         a1:c4:8c:83:4f:06:fb:61:0f:ca:0f:98:81:f4:d5:0b:47:5b:
         dd:66:22:59:e2:8b:60:cd:03:af:ac:c3:53:4c:c8:a8:2f:85:
         b4:c5:70:37:75:b6:f6:42:12:14:96:c1:5d:4f:8f:f2:28:f9:
         ab:1b:5a:23:43:67:c4:a1:e6:3e:17:00:62:e3:53:be:f1:ca:
         43:06:a5:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yVBqMJ3Cr+v+wGpkKvJDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjYwMTAyMDgxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzgyNWMyZDhlM2EzZDg0ODdhMDM4MTIzOTljNDQzZWUxZjhkN2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3x8oG7hPocZ1L1c9ZuP44Y55VwBJ
e0QZJClGFmdL3SEiej348W2NB322MmWEFuMNFbEdbow/omxOB+erfUTJu4Yt/cOI
08vFfXMmgHTx0dVunbB1jnW98lGP+QGQqZs8AjVu4Ft0tY0Ut+PstUv8mEglsIaf
tR5IG5MkL7kQJWTEjFq9gd04mi5gG20hiQn8nGxhx1G4US4qbPHOecZscF1feabR
BTh/o0TWO77/pYIkqNLbiGX6w6UOnUWekjm3LKZX7BAZCVdCn4XfaBP8ij2urGJg
Y4BB4/OwekISaSHohEkW9mGwrCw68EdTZvzGToChV0/Eiiur2rTSgVJnCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyCXC2OOj2Eh6A4EjmcRD7h+NeyMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvUElKY0xZNDZQWVNIb0RnU09aeEVQdUg0MTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bGuMA0G
CSqGSIb3DQEBCwUAA4IBAQAqBX0x4qNN1Rrpsh75va8Exn6dRhrcEyaLEqim5an+
D+g6GflFq1E/UIZDvPikimXNvMAujt0ho0Pf41aES+T3HlsopQAEeJmZsJSnuzNs
RSVQYOT4l9MQagSiAll3DoR57vR4ucJKI3obv1HGcnUBz/nPHwk+AZFlH4LlQasa
KlpIcWhukV08eNBF260gi/Xpa68VEiqvAKoPmY7KhyOm7EIDygib0mKniOKonpAx
4O6Wxe+hxIyDTwb7YQ/KD5iB9NULR1vdZiJZ4otgzQOvrMNTTMioL4W0xXA3dbb2
QhIUlsFdT4/yKPmrG1ojQ2fEoeY+FwBi41O+8cpDBqWv
-----END CERTIFICATE-----