This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/88c204-bc30-4b9d-b9ec-5686279ec96e/1/PaUq1i1qchD33WEhkgfziRXOQqo.roa
File:                     PaUq1i1qchD33WEhkgfziRXOQqo.roa (raw, json)
Hash identifier:          4jZTQPexjQrBRUzBh0uva4unQWrx3Cy+0TA6XIINReI=
Subject key identifier:   3D:A5:2A:D6:2D:6A:72:10:F7:DD:61:21:92:07:F3:89:15:CE:42:AA
Certificate issuer:       /CN=b2e391169f0c9f21aa8f2e89e7375c72ec674feb
Certificate serial:       019B7BA4C0A3C494EB14C132FE0825C514AD
Authority key identifier: B2:E3:91:16:9F:0C:9F:21:AA:8F:2E:89:E7:37:5C:72:EC:67:4F:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suORFp8MnyGqjy6J5zdccuxnT-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/88c204-bc30-4b9d-b9ec-5686279ec96e/1/PaUq1i1qchD33WEhkgfziRXOQqo.roa
Signing time:             Thu 01 Jan 2026 22:19:13 +0000
ROA not before:           Thu 01 Jan 2026 22:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     553
IP address blocks:        134.34.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/88c204-bc30-4b9d-b9ec-5686279ec96e/1/suORFp8MnyGqjy6J5zdccuxnT-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/88c204-bc30-4b9d-b9ec-5686279ec96e/1/suORFp8MnyGqjy6J5zdccuxnT-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/suORFp8MnyGqjy6J5zdccuxnT-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:c0:a3:c4:94:eb:14:c1:32:fe:08:25:c5:14:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e391169f0c9f21aa8f2e89e7375c72ec674feb
        Validity
            Not Before: Jan  1 22:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3da52ad62d6a7210f7dd61219207f38915ce42aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a8:66:a5:64:20:34:b0:07:4a:f8:a4:ee:4b:
                    29:6e:cb:75:40:5e:ab:f5:bf:37:f8:db:6a:a9:85:
                    5e:27:57:6f:04:c5:9c:35:a6:46:c3:8f:90:ea:82:
                    13:b9:3f:5f:f5:08:34:f3:52:27:37:63:af:11:0f:
                    0e:44:1f:52:64:1b:a0:33:fb:6e:96:ec:b3:80:71:
                    1e:3f:3e:7c:4b:e1:ad:a6:8b:f8:a8:8c:9c:af:77:
                    a9:39:d7:57:e8:43:27:5d:ef:57:c9:e6:16:1c:8b:
                    2f:ae:cd:48:98:0b:38:50:39:19:fb:21:c4:e9:9a:
                    82:55:39:f8:aa:2d:bb:6e:ac:12:27:d5:c9:b0:9c:
                    62:56:2c:78:c5:f5:ba:0e:51:eb:ef:4a:e8:ae:e8:
                    f7:ea:47:08:52:c5:08:fd:6c:16:2d:59:f5:07:29:
                    41:41:ab:b4:7f:e6:36:79:e7:86:9d:c4:ff:fa:f7:
                    9b:56:d6:14:90:b5:98:52:eb:2d:69:c3:e9:82:2d:
                    0d:49:b0:c3:43:77:e2:b2:fd:60:7d:cb:56:4b:69:
                    35:d8:e3:3a:8e:09:2f:a4:87:6c:9a:0e:34:68:1a:
                    36:e5:f9:a7:26:59:eb:ab:59:cb:a5:fc:2a:b6:d2:
                    6a:05:ad:87:ee:3e:fd:d1:6b:b8:06:5a:9a:22:2e:
                    98:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A5:2A:D6:2D:6A:72:10:F7:DD:61:21:92:07:F3:89:15:CE:42:AA
            X509v3 Authority Key Identifier:
                keyid:B2:E3:91:16:9F:0C:9F:21:AA:8F:2E:89:E7:37:5C:72:EC:67:4F:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suORFp8MnyGqjy6J5zdccuxnT-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/88c204-bc30-4b9d-b9ec-5686279ec96e/1/PaUq1i1qchD33WEhkgfziRXOQqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/88c204-bc30-4b9d-b9ec-5686279ec96e/1/suORFp8MnyGqjy6J5zdccuxnT-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.34.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1f:1c:c4:53:bd:87:a3:80:70:8f:9b:47:99:71:78:b6:5b:9a:
         5a:e4:2a:96:bc:1f:a1:7a:e2:62:57:a2:34:f8:e6:77:31:47:
         f6:2c:7d:0d:79:e8:e2:05:80:8e:25:c9:23:54:44:0b:01:ed:
         8c:4e:d1:ac:a2:33:52:80:43:df:c6:31:5e:ac:92:8e:5c:f4:
         96:4c:73:91:b0:90:15:81:ce:c1:02:ad:b0:47:4a:4f:1d:dd:
         c9:7c:06:f3:89:cd:b3:46:45:9f:d3:42:83:ac:2b:bb:e9:10:
         cd:d8:31:b8:39:6c:f4:10:55:00:03:d0:1f:1f:70:31:8e:d0:
         b7:15:be:a2:e8:8c:03:fd:5f:e3:b0:b6:9a:32:e2:56:7c:7d:
         55:b4:5a:b5:22:51:82:21:38:6c:dc:56:86:1c:19:ed:72:bc:
         d0:1e:05:92:29:54:a5:91:df:b8:3d:1f:3f:5c:ad:b3:d2:12:
         da:65:d1:2e:e9:b6:b7:a5:c6:de:df:a2:91:7e:eb:7a:98:35:
         f9:eb:c7:fb:dd:ea:78:07:5f:e2:1d:47:c4:be:2d:58:50:4c:
         c4:78:a0:73:fc:a1:c4:79:38:cd:c1:72:12:79:8d:74:71:ae:
         3f:1e:87:0e:d2:14:66:57:fe:b0:f5:ce:46:5c:a1:50:18:40:
         13:50:c4:9a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7pMCjxJTrFMEy/gglxRStMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTM5MTE2OWYwYzlmMjFhYThmMmU4OWU3Mzc1YzcyZWM2
NzRmZWIwHhcNMjYwMTAxMjIxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGE1MmFkNjJkNmE3MjEwZjdkZDYxMjE5MjA3ZjM4OTE1Y2U0MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtahmpWQgNLAHSvik7kspbst1QF6r
9b83+NtqqYVeJ1dvBMWcNaZGw4+Q6oITuT9f9Qg081InN2OvEQ8ORB9SZBugM/tu
luyzgHEePz58S+Gtpov4qIycr3epOddX6EMnXe9XyeYWHIsvrs1ImAs4UDkZ+yHE
6ZqCVTn4qi27bqwSJ9XJsJxiVix4xfW6DlHr70roruj36kcIUsUI/WwWLVn1BylB
Qau0f+Y2eeeGncT/+vebVtYUkLWYUustacPpgi0NSbDDQ3fisv1gfctWS2k12OM6
jgkvpIdsmg40aBo25fmnJlnrq1nLpfwqttJqBa2H7j790Wu4BlqaIi6Y1QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFD2lKtYtanIQ991hIZIH84kVzkKqMB8GA1UdIwQY
MBaAFLLjkRafDJ8hqo8uiec3XHLsZ0/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VPUkZwOE1ueUdxank2SjV6ZGNjdXhuVC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84OGMyMDQtYmMzMC00YjlkLWI5ZWMt
NTY4NjI3OWVjOTZlLzEvUGFVcTFpMXFjaEQzM1dFaGtnZnppUlhPUXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84OGMyMDQtYmMzMC00YjlkLWI5ZWMtNTY4NjI3OWVjOTZl
LzEvc3VPUkZwOE1ueUdxank2SjV6ZGNjdXhuVC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhiIwDQYJ
KoZIhvcNAQELBQADggEBAB8cxFO9h6OAcI+bR5lxeLZbmlrkKpa8H6F64mJXojT4
5ncxR/YsfQ156OIFgI4lySNURAsB7YxO0ayiM1KAQ9/GMV6sko5c9JZMc5GwkBWB
zsECrbBHSk8d3cl8BvOJzbNGRZ/TQoOsK7vpEM3YMbg5bPQQVQAD0B8fcDGO0LcV
vqLojAP9X+Owtpoy4lZ8fVW0WrUiUYIhOGzcVoYcGe1yvNAeBZIpVKWR37g9Hz9c
rbPSEtpl0S7ptrelxt7fopF+63qYNfnrx/vd6ngHX+IdR8S+LVhQTMR4oHP8ocR5
OM3BchJ5jXRxrj8ehw7SFGZX/rD1zkZcoVAYQBNQxJo=
-----END CERTIFICATE-----