This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Ppvy7LfSl_8veNKT3PCYySGa_xM.roa
File:                     Ppvy7LfSl_8veNKT3PCYySGa_xM.roa (raw, json)
Hash identifier:          KAldC7Ag1Jpktoi15FEM8qa7XkOMpiKNKU124uNCHgU=
Subject key identifier:   3E:9B:F2:EC:B7:D2:97:FF:2F:78:D2:93:DC:F0:98:C9:21:9A:FF:13
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019B7C128C53447F981D1D207574B3714DC2
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Ppvy7LfSl_8veNKT3PCYySGa_xM.roa
Signing time:             Fri 02 Jan 2026 00:19:08 +0000
ROA not before:           Fri 02 Jan 2026 00:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213194
IP address blocks:        193.37.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:8c:53:44:7f:98:1d:1d:20:75:74:b3:71:4d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 00:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e9bf2ecb7d297ff2f78d293dcf098c9219aff13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:59:ff:cb:8e:93:3d:63:da:09:8d:a9:b7:50:
                    62:fc:ce:45:c9:76:fb:39:9c:b9:bd:5e:c1:e1:81:
                    cf:a3:76:76:14:f4:b9:86:1f:db:5d:5c:c5:ee:25:
                    17:7f:04:4b:c6:eb:15:88:97:e8:e6:31:3e:ed:81:
                    b1:e5:d4:52:37:a7:74:ff:19:66:fd:d4:ac:21:33:
                    a6:4c:18:13:b9:b8:b4:f7:85:c7:e2:d5:31:1f:58:
                    02:00:1d:97:f1:de:a6:48:3e:76:09:0a:15:6d:25:
                    7b:58:c6:66:5b:d0:e6:cf:38:55:8c:ec:d2:e1:ff:
                    19:c8:ac:04:08:01:e2:89:95:e5:5c:f0:9c:ab:3e:
                    ff:ac:ef:8c:1a:3c:36:c2:f2:90:0f:59:c7:d9:c9:
                    01:96:3b:02:89:56:cd:09:f8:2e:f5:e8:e1:2a:b9:
                    d6:b4:d2:aa:ac:bc:32:79:a5:8a:9d:81:2d:ed:3f:
                    39:c3:f4:ca:5b:96:91:37:71:cd:db:10:33:2b:43:
                    b3:6c:85:f4:7d:fb:f9:30:99:6e:5c:e6:ca:97:76:
                    b4:8e:05:a4:9c:a1:00:4f:bd:b2:b4:75:6e:66:4c:
                    af:25:bb:e8:fa:f4:7e:fd:db:7e:d8:08:58:15:28:
                    b1:cd:49:2e:25:95:cc:e2:ec:0a:5e:bb:f0:45:50:
                    6b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9B:F2:EC:B7:D2:97:FF:2F:78:D2:93:DC:F0:98:C9:21:9A:FF:13
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Ppvy7LfSl_8veNKT3PCYySGa_xM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:b5:46:e6:43:e9:e0:dd:53:da:ed:70:46:ad:3d:64:b8:7a:
         c1:04:03:10:1a:c1:89:ac:33:81:d1:d2:75:8a:bf:4b:b3:af:
         d3:a5:53:35:1f:73:a3:53:73:f2:a3:52:43:ad:3e:0b:9b:61:
         db:a3:88:db:8e:12:2f:b6:26:20:67:32:19:41:da:d5:3e:e9:
         2c:bd:40:04:a8:6e:61:dc:58:bd:0b:c4:35:6d:51:29:11:ef:
         f9:c7:bb:11:28:0c:94:2f:3e:e1:4f:3e:52:04:99:e6:41:b3:
         ec:0b:bf:b7:6c:f1:da:2d:a0:b7:1b:14:f0:dd:a5:bb:3e:9f:
         79:eb:54:8b:2b:3f:cc:14:47:0c:fc:ef:1c:e1:e6:07:0d:13:
         7b:8b:33:e1:0d:f6:a8:32:c2:5a:72:17:9f:61:dd:95:5c:b8:
         de:d7:71:8c:83:40:26:75:74:56:46:14:e3:10:0b:b8:09:81:
         89:1d:94:c3:cd:70:03:77:83:c1:0b:3b:e7:32:a8:b6:72:99:
         aa:ce:ef:d5:b5:64:29:c8:d4:1a:3b:07:a0:ff:8c:d4:c9:11:
         1b:b4:12:ef:a0:08:e2:be:de:09:a9:24:a4:67:21:9e:32:9b:
         59:41:ea:fa:49:65:39:97:3d:b4:48:b0:4d:8f:e3:27:a3:fb:
         70:52:4f:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EoxTRH+YHR0gdXSzcU3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjYwMTAyMDAxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTliZjJlY2I3ZDI5N2ZmMmY3OGQyOTNkY2YwOThjOTIxOWFmZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21n/y46TPWPaCY2pt1Bi/M5FyXb7
OZy5vV7B4YHPo3Z2FPS5hh/bXVzF7iUXfwRLxusViJfo5jE+7YGx5dRSN6d0/xlm
/dSsITOmTBgTubi094XH4tUxH1gCAB2X8d6mSD52CQoVbSV7WMZmW9DmzzhVjOzS
4f8ZyKwECAHiiZXlXPCcqz7/rO+MGjw2wvKQD1nH2ckBljsCiVbNCfgu9ejhKrnW
tNKqrLwyeaWKnYEt7T85w/TKW5aRN3HN2xAzK0OzbIX0ffv5MJluXObKl3a0jgWk
nKEAT72ytHVuZkyvJbvo+vR+/dt+2AhYFSixzUkuJZXM4uwKXrvwRVBr5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6b8uy30pf/L3jSk9zwmMkhmv8TMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvUHB2eTdMZlNsXzh2ZU5LVDNQQ1l5U0dhX3hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSVFMA0G
CSqGSIb3DQEBCwUAA4IBAQBitUbmQ+ng3VPa7XBGrT1kuHrBBAMQGsGJrDOB0dJ1
ir9Ls6/TpVM1H3OjU3Pyo1JDrT4Lm2Hbo4jbjhIvtiYgZzIZQdrVPuksvUAEqG5h
3Fi9C8Q1bVEpEe/5x7sRKAyULz7hTz5SBJnmQbPsC7+3bPHaLaC3GxTw3aW7Pp95
61SLKz/MFEcM/O8c4eYHDRN7izPhDfaoMsJachefYd2VXLje13GMg0AmdXRWRhTj
EAu4CYGJHZTDzXADd4PBCzvnMqi2cpmqzu/VtWQpyNQaOweg/4zUyREbtBLvoAji
vt4JqSSkZyGeMptZQer6SWU5lz20SLBNj+Mno/twUk/U
-----END CERTIFICATE-----