This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/PI1Cwe5-t1RNCc8Txr-eOqKve8U.roa
File:                     PI1Cwe5-t1RNCc8Txr-eOqKve8U.roa (raw, json)
Hash identifier:          cqcsKgj6Vc+YIH58pMQXVnnzU/fxrxV2T1w3NzT/WLQ=
Subject key identifier:   3C:8D:42:C1:EE:7E:B7:54:4D:09:CF:13:C6:BF:9E:3A:A2:AF:7B:C5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019B7C132B95D410B5765050C1160A97F2B5
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/PI1Cwe5-t1RNCc8Txr-eOqKve8U.roa
Signing time:             Fri 02 Jan 2026 00:19:49 +0000
ROA not before:           Fri 02 Jan 2026 00:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202349
IP address blocks:        80.66.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:2b:95:d4:10:b5:76:50:50:c1:16:0a:97:f2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 00:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c8d42c1ee7eb7544d09cf13c6bf9e3aa2af7bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:11:2b:78:53:94:d2:11:a5:bd:2e:2b:0c:0d:
                    7a:39:6e:de:c6:5b:dd:6a:d9:3c:b3:23:ad:fa:bf:
                    87:3b:31:0e:1b:2d:cf:c0:1d:c9:2e:4b:bf:18:6d:
                    82:27:c0:2c:d1:de:81:60:0f:8b:41:a4:13:a2:64:
                    87:85:93:7d:49:e2:1b:e5:59:05:2a:65:a6:fa:e3:
                    6e:6a:4a:a9:b1:cc:20:ae:d8:bd:a2:68:e8:27:84:
                    b2:28:42:0c:8b:58:34:19:a2:d9:dd:8e:08:e9:a8:
                    29:eb:95:4d:81:e6:2c:d1:0d:12:a4:57:ce:5a:d2:
                    ad:aa:c3:03:22:50:fc:d9:db:8d:de:51:d4:55:9b:
                    56:9a:d1:bd:f2:dd:b0:48:ab:84:07:1f:08:73:7f:
                    71:aa:46:63:80:01:10:32:24:de:bc:33:df:40:0b:
                    85:6e:3b:69:a6:98:ca:54:3e:07:4f:52:02:3e:15:
                    c1:4b:dc:52:19:8b:2c:ba:fd:09:9b:49:cc:21:c6:
                    dc:7e:34:c6:da:d9:15:c8:46:b8:c2:8a:2d:8a:71:
                    9c:41:3f:d7:81:e8:7e:f0:3a:e0:02:c9:5c:4b:85:
                    82:6f:3f:4e:5e:80:83:da:d9:de:95:b6:a5:94:a1:
                    60:a3:aa:c1:6e:22:36:10:7d:85:e1:c2:e6:f6:3e:
                    0c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:8D:42:C1:EE:7E:B7:54:4D:09:CF:13:C6:BF:9E:3A:A2:AF:7B:C5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/PI1Cwe5-t1RNCc8Txr-eOqKve8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:e5:a1:85:2b:8d:9d:0c:f6:17:42:22:39:33:4f:39:b8:06:
         bb:60:53:e0:a7:c6:2d:47:8c:82:1c:cd:06:55:d6:7c:d1:ee:
         b4:59:46:be:c2:96:37:8f:93:df:31:45:80:2c:dd:ef:59:06:
         be:51:8d:d9:07:2e:8b:df:1c:44:04:72:9b:f9:a7:c8:c8:ae:
         c9:0d:39:6f:37:db:ac:16:02:78:a3:30:48:1a:df:20:33:55:
         64:4a:ae:24:e5:0c:36:10:0e:ed:ce:8d:b0:cc:63:8b:2e:32:
         ba:0a:c3:e0:a9:c8:59:55:5f:12:c2:28:e7:d9:92:07:4a:ef:
         ce:2e:25:69:37:b5:dd:f1:92:05:1a:dc:b3:19:6e:cd:ab:54:
         9a:cd:e6:c9:2f:63:cf:63:bc:9d:89:8e:de:c8:5c:98:46:4c:
         5f:d7:36:d4:7e:39:5e:0a:8a:db:74:ee:ae:79:f3:78:eb:f4:
         66:0f:61:72:ab:76:1c:6f:7d:a1:34:02:b5:e6:79:7c:22:50:
         42:bf:fb:1f:98:c4:db:38:8f:64:26:5e:8e:26:b8:59:42:1b:
         5a:fb:aa:64:6b:d1:88:a4:09:9e:6f:e1:2f:b4:b6:5a:94:37:
         16:1e:49:9f:52:3f:62:43:d3:ea:42:48:11:f6:3a:b9:09:37:
         84:69:d0:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EyuV1BC1dlBQwRYKl/K1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMTAyMDAxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzhkNDJjMWVlN2ViNzU0NGQwOWNmMTNjNmJmOWUzYWEyYWY3YmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhEreFOU0hGlvS4rDA16OW7exlvd
atk8syOt+r+HOzEOGy3PwB3JLku/GG2CJ8As0d6BYA+LQaQTomSHhZN9SeIb5VkF
KmWm+uNuakqpscwgrti9omjoJ4SyKEIMi1g0GaLZ3Y4I6agp65VNgeYs0Q0SpFfO
WtKtqsMDIlD82duN3lHUVZtWmtG98t2wSKuEBx8Ic39xqkZjgAEQMiTevDPfQAuF
bjtpppjKVD4HT1ICPhXBS9xSGYssuv0Jm0nMIcbcfjTG2tkVyEa4wootinGcQT/X
geh+8DrgAslcS4WCbz9OXoCD2tnelballKFgo6rBbiI2EH2F4cLm9j4MLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyNQsHufrdUTQnPE8a/njqir3vFMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvUEkxQ3dlNS10MVJOQ2M4VHhyLWVPcUt2ZThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQBK5aGFK42dDPYXQiI5M085uAa7YFPgp8YtR4yCHM0G
VdZ80e60WUa+wpY3j5PfMUWALN3vWQa+UY3ZBy6L3xxEBHKb+afIyK7JDTlvN9us
FgJ4ozBIGt8gM1VkSq4k5Qw2EA7tzo2wzGOLLjK6CsPgqchZVV8Swijn2ZIHSu/O
LiVpN7Xd8ZIFGtyzGW7Nq1SazebJL2PPY7ydiY7eyFyYRkxf1zbUfjleCorbdO6u
efN46/RmD2Fyq3Ycb32hNAK15nl8IlBCv/sfmMTbOI9kJl6OJrhZQhta+6pka9GI
pAmeb+EvtLZalDcWHkmfUj9iQ9PqQkgR9jq5CTeEadAE
-----END CERTIFICATE-----