This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/d3684a-4525-476f-8c48-69d71bf2d353/1/PhYlTTJSDAG5ZShmlzAGSwIOBLM.roa
File:                     PhYlTTJSDAG5ZShmlzAGSwIOBLM.roa (raw, json)
Hash identifier:          v304FWDl/pr5++u+nRKS1u+LXVotGD3ulsE5/EGGhSg=
Subject key identifier:   3E:16:25:4D:32:52:0C:01:B9:65:28:66:97:30:06:4B:02:0E:04:B3
Certificate issuer:       /CN=f7c0ebd9ff7dc6e81f8c3548c7c2e8cdc7967d6f
Certificate serial:       019B7E37759DAE1BB919B37F25DF34AA49ED
Authority key identifier: F7:C0:EB:D9:FF:7D:C6:E8:1F:8C:35:48:C7:C2:E8:CD:C7:96:7D:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98Dr2f99xugfjDVIx8LozceWfW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/d3684a-4525-476f-8c48-69d71bf2d353/1/PhYlTTJSDAG5ZShmlzAGSwIOBLM.roa
Signing time:             Fri 02 Jan 2026 10:18:42 +0000
ROA not before:           Fri 02 Jan 2026 10:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50111
IP address blocks:        193.104.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/d3684a-4525-476f-8c48-69d71bf2d353/1/98Dr2f99xugfjDVIx8LozceWfW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/d3684a-4525-476f-8c48-69d71bf2d353/1/98Dr2f99xugfjDVIx8LozceWfW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98Dr2f99xugfjDVIx8LozceWfW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:75:9d:ae:1b:b9:19:b3:7f:25:df:34:aa:49:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7c0ebd9ff7dc6e81f8c3548c7c2e8cdc7967d6f
        Validity
            Not Before: Jan  2 10:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e16254d32520c01b96528669730064b020e04b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:1d:97:1d:db:79:7b:32:2d:ef:3a:94:8d:dd:
                    5d:f6:22:b8:e5:9a:78:34:35:54:5d:51:ac:6d:e0:
                    34:1f:e4:ec:bd:9a:10:5e:5a:0b:48:6d:75:a0:a6:
                    f1:53:37:f2:8e:d7:e3:a1:d7:26:8e:c6:a5:64:c9:
                    26:b5:09:9a:cc:39:d7:07:96:b4:82:d0:60:4b:05:
                    99:16:6d:b4:e3:e2:0e:6b:d4:63:1b:10:ac:ed:27:
                    e9:10:11:7c:11:d7:5e:bf:6d:9c:48:97:cb:43:17:
                    07:f8:75:1e:a4:19:75:75:92:45:d2:ea:00:9d:4b:
                    54:87:d9:57:12:20:b8:12:ed:89:d7:cd:b2:55:4b:
                    09:f0:60:a2:d8:40:2c:1e:cf:63:c2:f5:f1:50:2a:
                    52:b6:bc:2e:c9:f8:56:83:62:73:49:90:24:e2:e5:
                    29:9e:e1:77:0e:29:1b:22:76:2a:72:c6:f2:ae:f2:
                    30:2b:69:04:ce:7b:bd:84:cd:5f:8e:93:e0:65:7a:
                    6a:70:5c:98:0f:cc:de:1e:70:73:84:db:c5:bd:cc:
                    9e:c0:54:97:91:6e:63:bd:9a:27:fc:cd:b9:59:4f:
                    93:50:ff:bc:71:51:78:d2:2c:26:fb:10:ce:b2:c0:
                    9d:a8:63:1e:0b:73:74:fa:e1:f1:12:2e:09:88:6c:
                    f5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:16:25:4D:32:52:0C:01:B9:65:28:66:97:30:06:4B:02:0E:04:B3
            X509v3 Authority Key Identifier:
                keyid:F7:C0:EB:D9:FF:7D:C6:E8:1F:8C:35:48:C7:C2:E8:CD:C7:96:7D:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98Dr2f99xugfjDVIx8LozceWfW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d3684a-4525-476f-8c48-69d71bf2d353/1/PhYlTTJSDAG5ZShmlzAGSwIOBLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d3684a-4525-476f-8c48-69d71bf2d353/1/98Dr2f99xugfjDVIx8LozceWfW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:22:90:f7:74:92:da:df:72:a5:b8:e2:ac:2f:ad:8e:3d:9f:
         f4:83:24:98:68:7f:14:75:3c:70:77:f0:f8:db:c9:32:b9:e0:
         1d:15:ad:ae:ea:cb:c4:c1:3b:60:b1:37:96:8d:0d:8a:09:97:
         be:62:b5:37:85:63:20:86:bc:52:43:a5:f3:42:2a:9c:9c:7a:
         0b:a9:f1:97:b6:a5:db:69:8c:8a:56:dc:85:57:cf:f4:e4:92:
         24:d0:6a:ad:e2:a1:02:e1:78:c8:63:00:7c:b7:82:c6:a7:40:
         bd:41:c7:df:c4:2e:96:ea:4a:87:30:80:a8:ea:fb:d5:80:f6:
         69:7e:91:68:1e:b1:46:0e:08:78:d7:3f:75:6a:32:ad:f6:6a:
         74:ad:d3:84:e4:a4:42:bd:c5:5c:bc:ce:95:87:4b:3d:bf:59:
         d5:58:ca:fd:2f:89:38:4b:82:0a:f2:3b:bd:6d:a9:d8:48:20:
         ac:7f:b8:cc:66:ce:9b:39:73:d0:24:3f:e4:b7:60:c5:c0:a7:
         af:30:f0:85:49:9e:4f:a6:28:bf:7e:ce:5d:95:8d:ea:61:a3:
         f1:99:0f:2f:5c:fc:04:f1:a1:7a:9b:68:8d:04:81:dd:71:4a:
         d4:db:08:c2:ae:f7:b7:68:6d:1c:84:a2:38:ad:4f:a2:80:4b:
         69:f6:93:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N3Wdrhu5GbN/Jd80qkntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YzBlYmQ5ZmY3ZGM2ZTgxZjhjMzU0OGM3YzJlOGNkYzc5
NjdkNmYwHhcNMjYwMTAyMTAxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTE2MjU0ZDMyNTIwYzAxYjk2NTI4NjY5NzMwMDY0YjAyMGUwNGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3B2XHdt5ezIt7zqUjd1d9iK45Zp4
NDVUXVGsbeA0H+TsvZoQXloLSG11oKbxUzfyjtfjodcmjsalZMkmtQmazDnXB5a0
gtBgSwWZFm204+IOa9RjGxCs7SfpEBF8Eddev22cSJfLQxcH+HUepBl1dZJF0uoA
nUtUh9lXEiC4Eu2J182yVUsJ8GCi2EAsHs9jwvXxUCpStrwuyfhWg2JzSZAk4uUp
nuF3DikbInYqcsbyrvIwK2kEznu9hM1fjpPgZXpqcFyYD8zeHnBzhNvFvcyewFSX
kW5jvZon/M25WU+TUP+8cVF40iwm+xDOssCdqGMeC3N0+uHxEi4JiGz1BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4WJU0yUgwBuWUoZpcwBksCDgSzMB8GA1UdIwQY
MBaAFPfA69n/fcboH4w1SMfC6M3Hln1vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThEcjJmOTl4dWdmakRWSXg4TG96Y2VXZlc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9kMzY4NGEtNDUyNS00NzZmLThjNDgt
NjlkNzFiZjJkMzUzLzEvUGhZbFRUSlNEQUc1WlNobWx6QUdTd0lPQkxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9kMzY4NGEtNDUyNS00NzZmLThjNDgtNjlkNzFiZjJkMzUz
LzEvOThEcjJmOTl4dWdmakRWSXg4TG96Y2VXZlc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWiKMA0G
CSqGSIb3DQEBCwUAA4IBAQBrIpD3dJLa33KluOKsL62OPZ/0gySYaH8UdTxwd/D4
28kyueAdFa2u6svEwTtgsTeWjQ2KCZe+YrU3hWMghrxSQ6XzQiqcnHoLqfGXtqXb
aYyKVtyFV8/05JIk0Gqt4qEC4XjIYwB8t4LGp0C9QcffxC6W6kqHMICo6vvVgPZp
fpFoHrFGDgh41z91ajKt9mp0rdOE5KRCvcVcvM6Vh0s9v1nVWMr9L4k4S4IK8ju9
banYSCCsf7jMZs6bOXPQJD/kt2DFwKevMPCFSZ5Ppii/fs5dlY3qYaPxmQ8vXPwE
8aF6m2iNBIHdcUrU2wjCrve3aG0chKI4rU+igEtp9pNi
-----END CERTIFICATE-----