This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/PiwQrJXVrX4qSCMDoPit1fwGxYw.roa
File:                     PiwQrJXVrX4qSCMDoPit1fwGxYw.roa (raw, json)
Hash identifier:          maZooA2YaSXCCk76FIXDQQ5gHOUIoguMUZYt68Zbq38=
Subject key identifier:   3E:2C:10:AC:95:D5:AD:7E:2A:48:23:03:A0:F8:AD:D5:FC:06:C5:8C
Certificate issuer:       /CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
Certificate serial:       019B7C11EBCFE8979C3E332E42B680DD3374
Authority key identifier: D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/PiwQrJXVrX4qSCMDoPit1fwGxYw.roa
Signing time:             Fri 02 Jan 2026 00:18:27 +0000
ROA not before:           Fri 02 Jan 2026 00:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        194.143.156.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:eb:cf:e8:97:9c:3e:33:2e:42:b6:80:dd:33:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
        Validity
            Not Before: Jan  2 00:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e2c10ac95d5ad7e2a482303a0f8add5fc06c58c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5c:81:1f:ad:06:10:85:2d:82:d0:2e:52:06:
                    e9:a9:a0:04:26:10:46:99:f5:18:ae:67:7f:a8:b6:
                    b4:e8:87:09:92:a8:4c:64:3b:62:3e:e7:4b:b8:34:
                    5c:a1:f9:5c:1d:1a:69:c9:3e:14:01:8c:92:4a:a3:
                    9a:55:d2:5e:fa:f1:25:15:fc:1c:3b:8f:6c:3b:46:
                    41:f0:07:97:47:ac:92:65:f7:e8:f2:ad:d3:84:6f:
                    63:0a:1b:25:2d:fb:6e:30:a1:7b:a6:ae:28:84:f8:
                    4a:58:b6:87:4d:44:79:3f:64:6f:4c:ee:8a:4c:8a:
                    ff:a2:0f:02:f8:d2:30:e1:d1:13:e6:44:e6:f1:41:
                    e6:e0:1f:c7:f5:68:c4:f6:11:2e:65:56:a2:09:0e:
                    70:4b:15:07:3f:ae:89:30:46:a3:d0:0d:f7:1d:e9:
                    1f:d5:7c:14:b4:bd:73:08:b1:92:d4:4b:bb:b7:fc:
                    ff:71:0a:82:ef:a4:76:63:24:63:d3:ff:2e:53:bb:
                    e7:b5:1a:3f:b1:53:ed:fa:96:dd:7d:88:10:3d:91:
                    4d:31:ec:25:18:7b:3e:46:d7:19:14:9b:4e:7d:b4:
                    c1:c5:e2:a9:e7:b1:9e:5c:88:36:76:59:23:ee:d8:
                    18:dc:ca:a3:2a:e0:92:f9:a2:ee:67:f1:80:93:93:
                    1c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2C:10:AC:95:D5:AD:7E:2A:48:23:03:A0:F8:AD:D5:FC:06:C5:8C
            X509v3 Authority Key Identifier:
                keyid:D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/PiwQrJXVrX4qSCMDoPit1fwGxYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:40:03:2a:75:06:2b:13:ab:8a:59:b1:9e:e4:0a:3f:c1:10:
         69:e1:32:5f:73:ca:06:50:7e:cd:c7:f1:66:44:6c:de:45:f6:
         5c:d5:9c:5e:7d:f8:e5:1e:1f:60:1e:50:cf:43:4a:bb:ab:50:
         85:4e:45:b2:54:b8:84:e3:61:0f:d1:b6:85:7d:ec:f9:47:37:
         39:d8:5c:50:45:d5:89:fe:48:06:41:ac:a7:c5:ac:cc:80:9f:
         3b:d0:8d:4c:ce:10:8f:63:09:54:15:1d:c1:e4:8a:5e:5f:8a:
         7a:14:79:f2:74:f7:fc:3b:ec:6f:4d:f0:a0:26:c3:7c:b4:f7:
         9e:07:c8:01:68:31:46:76:d9:6f:bd:f3:4a:43:06:40:05:55:
         8a:05:d0:16:b3:01:a1:a8:e6:9c:d1:13:0c:1c:13:27:be:fd:
         be:9f:92:01:9e:7a:72:06:c0:62:35:ca:c2:6c:9b:aa:f8:e0:
         04:25:ce:3d:fe:e1:f7:92:c5:d9:c0:93:e6:a1:8a:04:90:ec:
         62:43:f5:39:39:ba:a7:36:7e:a6:5a:45:2d:2b:34:3e:e8:6b:
         bc:88:a4:9b:48:6a:c8:6e:c9:ac:ce:43:a9:bb:22:10:71:e0:
         e1:74:d2:b7:39:66:f4:00:26:a4:0e:35:6e:e2:11:99:0b:3f:
         7b:ce:17:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EevP6JecPjMuQraA3TN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOGMzODg2YzZlZjUyMjdjMjQ2MjI0Y2M4OTRhODRhNTNi
Y2Y1MWEwHhcNMjYwMTAyMDAxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTJjMTBhYzk1ZDVhZDdlMmE0ODIzMDNhMGY4YWRkNWZjMDZjNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11yBH60GEIUtgtAuUgbpqaAEJhBG
mfUYrmd/qLa06IcJkqhMZDtiPudLuDRcoflcHRppyT4UAYySSqOaVdJe+vElFfwc
O49sO0ZB8AeXR6ySZffo8q3ThG9jChslLftuMKF7pq4ohPhKWLaHTUR5P2RvTO6K
TIr/og8C+NIw4dET5kTm8UHm4B/H9WjE9hEuZVaiCQ5wSxUHP66JMEaj0A33Hekf
1XwUtL1zCLGS1Eu7t/z/cQqC76R2YyRj0/8uU7vntRo/sVPt+pbdfYgQPZFNMewl
GHs+RtcZFJtOfbTBxeKp57GeXIg2dlkj7tgY3MqjKuCS+aLuZ/GAk5Mc9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4sEKyV1a1+KkgjA6D4rdX8BsWMMB8GA1UdIwQY
MBaAFNKMOIbG71InwkYiTMiUqEpTvPUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgt
ZmM0MjE2MjFmZTA4LzEvUGl3UXJKWFZyWDRxU0NNRG9QaXQxZndHeFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgtZmM0MjE2MjFmZTA4
LzEvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwo+cMA0G
CSqGSIb3DQEBCwUAA4IBAQCVQAMqdQYrE6uKWbGe5Ao/wRBp4TJfc8oGUH7Nx/Fm
RGzeRfZc1ZxeffjlHh9gHlDPQ0q7q1CFTkWyVLiE42EP0baFfez5Rzc52FxQRdWJ
/kgGQaynxazMgJ870I1MzhCPYwlUFR3B5IpeX4p6FHnydPf8O+xvTfCgJsN8tPee
B8gBaDFGdtlvvfNKQwZABVWKBdAWswGhqOac0RMMHBMnvv2+n5IBnnpyBsBiNcrC
bJuq+OAEJc49/uH3ksXZwJPmoYoEkOxiQ/U5ObqnNn6mWkUtKzQ+6Gu8iKSbSGrI
bsmszkOpuyIQceDhdNK3OWb0ACakDjVu4hGZCz97zhdw
-----END CERTIFICATE-----