This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/PfRCWz_RRE2kD5vWtnERS-N65d4.roa
File:                     PfRCWz_RRE2kD5vWtnERS-N65d4.roa (raw, json)
Hash identifier:          xRaVYo4q/J7eOOj/4zAeXlJzoYxOtT9RrxlVcfQLuyY=
Subject key identifier:   3D:F4:42:5B:3F:D1:44:4D:A4:0F:9B:D6:B6:71:11:4B:E3:7A:E5:DE
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019B7BA3FBABF9919CC758C1D78CF3321F8E
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/PfRCWz_RRE2kD5vWtnERS-N65d4.roa
Signing time:             Thu 01 Jan 2026 22:18:22 +0000
ROA not before:           Thu 01 Jan 2026 22:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21030
IP address blocks:        194.67.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:fb:ab:f9:91:9c:c7:58:c1:d7:8c:f3:32:1f:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jan  1 22:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3df4425b3fd1444da40f9bd6b671114be37ae5de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6b:b9:2d:e9:bb:36:1b:ee:b3:ba:cd:46:5f:
                    5c:1b:5f:36:e2:fd:9b:03:4b:ed:28:27:a6:94:0f:
                    c8:f0:03:7c:bc:8a:99:f6:1f:70:c5:1b:06:12:a4:
                    ce:7a:ab:2e:a2:9c:a0:19:65:25:df:99:fe:cc:cb:
                    e6:4b:bd:14:ca:92:96:a6:57:0e:67:34:14:3a:25:
                    56:29:89:97:6f:f4:7f:60:ce:9a:3f:d4:c2:6a:7c:
                    c1:ac:5c:db:7b:4d:c6:46:cd:41:b3:5d:4c:81:ee:
                    d0:6e:70:26:38:ad:44:38:2e:a0:1c:45:b1:87:2a:
                    9b:70:40:2a:ac:79:9a:3d:c7:b0:27:be:7f:e5:93:
                    0b:e8:20:1f:6a:86:27:c2:78:14:a8:93:ca:e3:aa:
                    cb:2f:33:84:99:35:7d:08:9b:fa:c6:4b:9a:8d:58:
                    3b:48:4e:dc:35:b0:5e:9a:30:42:d3:c6:07:92:4b:
                    b5:93:f0:37:c9:2a:c3:da:f0:e3:42:40:fa:d9:68:
                    84:6c:58:d7:d8:20:e1:43:87:16:69:67:22:61:6a:
                    d0:7c:50:b0:a2:e3:83:9f:0d:08:da:0d:6d:af:29:
                    4d:33:22:a5:9b:02:3b:5f:41:8a:6b:d7:f1:0b:4d:
                    ca:66:f2:73:36:c7:0b:78:3a:d1:0c:51:a4:6b:b6:
                    39:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F4:42:5B:3F:D1:44:4D:A4:0F:9B:D6:B6:71:11:4B:E3:7A:E5:DE
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/PfRCWz_RRE2kD5vWtnERS-N65d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.67.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c0:f3:e0:40:3e:a9:b5:a4:03:4d:4a:70:2f:d3:7c:04:66:
         22:f3:91:22:73:56:2f:01:df:11:f6:d8:d3:a7:d8:9a:24:86:
         f2:04:59:4a:48:52:7d:8f:bb:b5:be:51:c5:89:ef:56:d5:80:
         c8:d4:b9:ac:ac:a4:1a:d3:33:95:e5:7c:38:44:f4:1b:e1:cb:
         3f:7b:aa:d9:8d:f2:ac:74:0b:a5:c7:4d:55:ac:2e:9b:68:6c:
         c6:36:20:2b:64:a7:c3:e3:f2:1f:01:2c:5b:46:be:a5:e1:0e:
         62:16:56:0d:c1:ce:7a:44:64:81:6f:be:bf:d1:28:69:8e:a1:
         b6:c3:05:ca:6c:0e:95:af:0d:5b:2e:1c:8c:a3:e8:88:c3:20:
         d1:9c:1d:cb:02:7b:a9:ea:a1:6e:a3:18:ae:2f:45:50:00:20:
         7c:0f:e9:17:eb:ee:f6:26:35:c9:d7:4f:5b:3c:0a:21:15:70:
         e7:73:e7:3b:b3:28:c3:c3:70:12:50:15:8a:7f:ae:54:73:b5:
         b2:01:a1:9c:4b:cc:bd:cc:89:05:86:f1:f9:4e:73:87:60:bb:
         e6:13:6d:c0:06:80:a2:d5:8d:d4:42:6a:05:d4:07:89:0c:59:
         a3:c1:ac:fd:18:6e:d5:24:bc:87:4b:55:2a:26:ee:59:09:bb:
         da:2a:18:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o/ur+ZGcx1jB14zzMh+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjYwMTAxMjIxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGY0NDI1YjNmZDE0NDRkYTQwZjliZDZiNjcxMTE0YmUzN2FlNWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2u5Lem7Nhvus7rNRl9cG1824v2b
A0vtKCemlA/I8AN8vIqZ9h9wxRsGEqTOeqsuopygGWUl35n+zMvmS70UypKWplcO
ZzQUOiVWKYmXb/R/YM6aP9TCanzBrFzbe03GRs1Bs11Mge7QbnAmOK1EOC6gHEWx
hyqbcEAqrHmaPcewJ75/5ZML6CAfaoYnwngUqJPK46rLLzOEmTV9CJv6xkuajVg7
SE7cNbBemjBC08YHkku1k/A3ySrD2vDjQkD62WiEbFjX2CDhQ4cWaWciYWrQfFCw
ouODnw0I2g1trylNMyKlmwI7X0GKa9fxC03KZvJzNscLeDrRDFGka7Y5HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD30Qls/0URNpA+b1rZxEUvjeuXeMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvUGZSQ1d6X1JSRTJrRDV2V3RuRVJTLU42NWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkPAMA0G
CSqGSIb3DQEBCwUAA4IBAQAGwPPgQD6ptaQDTUpwL9N8BGYi85Eic1YvAd8R9tjT
p9iaJIbyBFlKSFJ9j7u1vlHFie9W1YDI1LmsrKQa0zOV5Xw4RPQb4cs/e6rZjfKs
dAulx01VrC6baGzGNiArZKfD4/IfASxbRr6l4Q5iFlYNwc56RGSBb76/0ShpjqG2
wwXKbA6Vrw1bLhyMo+iIwyDRnB3LAnup6qFuoxiuL0VQACB8D+kX6+72JjXJ109b
PAohFXDnc+c7syjDw3ASUBWKf65Uc7WyAaGcS8y9zIkFhvH5TnOHYLvmE23ABoCi
1Y3UQmoF1AeJDFmjwaz9GG7VJLyHS1UqJu5ZCbvaKhgs
-----END CERTIFICATE-----