This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/PdB7yHgtRY5AbRPzGQ7Kal7stk0.roa
File:                     PdB7yHgtRY5AbRPzGQ7Kal7stk0.roa (raw, json)
Hash identifier:          ZfhLG4tdAsP3dDzk6eFVvwC/Pe3dDXcwaTLLVzg2Rko=
Subject key identifier:   3D:D0:7B:C8:78:2D:45:8E:40:6D:13:F3:19:0E:CA:6A:5E:EC:B6:4D
Certificate issuer:       /CN=2e7288982add83642f81a3deba8f856f14e0990a
Certificate serial:       019B7FF22F674161B09D8018DE792FE4C2EA
Authority key identifier: 2E:72:88:98:2A:DD:83:64:2F:81:A3:DE:BA:8F:85:6F:14:E0:99:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LnKImCrdg2QvgaPeuo-FbxTgmQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/PdB7yHgtRY5AbRPzGQ7Kal7stk0.roa
Signing time:             Fri 02 Jan 2026 18:22:16 +0000
ROA not before:           Fri 02 Jan 2026 18:22:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        193.100.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/LnKImCrdg2QvgaPeuo-FbxTgmQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/LnKImCrdg2QvgaPeuo-FbxTgmQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LnKImCrdg2QvgaPeuo-FbxTgmQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:2f:67:41:61:b0:9d:80:18:de:79:2f:e4:c2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e7288982add83642f81a3deba8f856f14e0990a
        Validity
            Not Before: Jan  2 18:22:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3dd07bc8782d458e406d13f3190eca6a5eecb64d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:40:ae:4d:ad:8e:f7:c5:d0:24:1e:e2:b7:e3:
                    91:e2:8a:d0:27:4f:a9:75:33:1f:2e:8d:60:e1:a1:
                    5b:e8:65:07:aa:93:78:bb:24:e5:45:95:26:7e:e7:
                    dd:73:f9:d8:22:33:94:b4:90:3b:6c:46:9c:aa:6e:
                    20:b4:ff:10:94:c9:78:7f:ff:28:d7:48:74:7f:7e:
                    ce:e8:18:2a:c2:df:ca:6a:a4:00:4d:ab:17:16:01:
                    d4:11:17:71:dc:02:dc:97:e6:91:73:3e:75:a2:78:
                    02:ab:81:c7:5d:d5:8f:cc:ff:52:4e:66:dd:19:a1:
                    c1:82:73:a2:4b:57:87:1c:93:62:dd:96:34:6c:61:
                    00:db:e5:8f:73:9f:e9:c8:0f:d7:8e:52:8a:6a:1a:
                    96:b7:e4:df:1d:9c:8f:b7:b4:4b:8d:02:29:a7:9e:
                    55:1b:05:c0:11:2d:4f:db:e6:4b:1f:0f:dc:80:94:
                    11:94:7a:8a:a1:e1:89:8b:c1:b3:77:d4:63:2f:31:
                    0d:4a:31:99:c0:90:95:ec:b5:b6:1a:d1:6b:de:3d:
                    e3:1a:70:2d:32:ef:5c:24:bf:5e:24:56:d9:3a:c7:
                    09:6a:fc:97:e9:a1:c9:42:b5:ee:a3:74:a1:32:dd:
                    89:32:ef:44:dd:8b:e0:cd:ee:65:bb:39:ac:18:7d:
                    77:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D0:7B:C8:78:2D:45:8E:40:6D:13:F3:19:0E:CA:6A:5E:EC:B6:4D
            X509v3 Authority Key Identifier:
                keyid:2E:72:88:98:2A:DD:83:64:2F:81:A3:DE:BA:8F:85:6F:14:E0:99:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LnKImCrdg2QvgaPeuo-FbxTgmQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/PdB7yHgtRY5AbRPzGQ7Kal7stk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d5c45a-8448-47b8-b577-af9d695e940f/1/LnKImCrdg2QvgaPeuo-FbxTgmQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:35:f0:fd:65:5e:2f:be:8e:e7:11:20:d3:31:9b:66:23:be:
         8a:69:0b:a8:67:c8:23:a5:ad:52:b1:a9:6b:71:89:d4:f1:82:
         c4:93:71:35:0f:13:b4:1f:09:a7:ec:96:d4:5e:98:4c:b8:2c:
         3e:d3:e0:bb:f1:94:3d:17:4f:d5:64:cc:67:b2:2a:4e:1d:a3:
         02:7a:f7:b5:c8:e2:c7:8c:11:9c:fa:5e:80:e5:67:2c:e2:01:
         76:26:6a:82:9f:74:63:df:a9:de:60:26:32:e2:34:37:9b:06:
         d6:8b:95:fb:df:bf:b5:0c:73:f0:70:fe:20:d5:62:73:ce:7b:
         d2:a2:c8:d5:f3:6a:49:02:bf:0d:87:39:d6:f6:ea:c2:ab:3f:
         20:a3:22:ec:dd:36:9f:ad:e0:7b:67:99:ea:ac:57:af:2b:91:
         46:c5:75:17:15:a2:53:00:39:29:04:25:b9:f9:59:df:a9:d8:
         5f:48:8c:dd:c2:39:e3:75:53:ab:2c:31:b4:98:80:7c:37:dd:
         99:07:f0:79:a6:8f:7a:bc:f7:f3:46:50:88:ff:2d:17:3a:55:
         fa:10:44:24:65:1a:c6:1d:72:c5:cb:09:00:6e:29:17:ac:f7:
         43:2a:60:59:46:b7:ec:c9:6d:39:29:04:45:fd:96:a6:44:dc:
         8f:44:3e:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8i9nQWGwnYAY3nkv5MLqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNzI4ODk4MmFkZDgzNjQyZjgxYTNkZWJhOGY4NTZmMTRl
MDk5MGEwHhcNMjYwMTAyMTgyMjE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQwN2JjODc4MmQ0NThlNDA2ZDEzZjMxOTBlY2E2YTVlZWNiNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkCuTa2O98XQJB7it+OR4orQJ0+p
dTMfLo1g4aFb6GUHqpN4uyTlRZUmfufdc/nYIjOUtJA7bEacqm4gtP8QlMl4f/8o
10h0f37O6Bgqwt/KaqQATasXFgHUERdx3ALcl+aRcz51ongCq4HHXdWPzP9STmbd
GaHBgnOiS1eHHJNi3ZY0bGEA2+WPc5/pyA/XjlKKahqWt+TfHZyPt7RLjQIpp55V
GwXAES1P2+ZLHw/cgJQRlHqKoeGJi8Gzd9RjLzENSjGZwJCV7LW2GtFr3j3jGnAt
Mu9cJL9eJFbZOscJavyX6aHJQrXuo3ShMt2JMu9E3Yvgze5luzmsGH136QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3Qe8h4LUWOQG0T8xkOympe7LZNMB8GA1UdIwQY
MBaAFC5yiJgq3YNkL4Gj3rqPhW8U4JkKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG5LSW1DcmRnMlF2Z2FQZXVvLUZieFRnbVFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kNWM0NWEtODQ0OC00N2I4LWI1Nzct
YWY5ZDY5NWU5NDBmLzEvUGRCN3lIZ3RSWTVBYlJQekdRN0thbDdzdGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kNWM0NWEtODQ0OC00N2I4LWI1NzctYWY5ZDY5NWU5NDBm
LzEvTG5LSW1DcmRnMlF2Z2FQZXVvLUZieFRnbVFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWTjMA0G
CSqGSIb3DQEBCwUAA4IBAQB/NfD9ZV4vvo7nESDTMZtmI76KaQuoZ8gjpa1Ssalr
cYnU8YLEk3E1DxO0Hwmn7JbUXphMuCw+0+C78ZQ9F0/VZMxnsipOHaMCeve1yOLH
jBGc+l6A5Wcs4gF2JmqCn3Rj36neYCYy4jQ3mwbWi5X737+1DHPwcP4g1WJzznvS
osjV82pJAr8NhznW9urCqz8goyLs3TafreB7Z5nqrFevK5FGxXUXFaJTADkpBCW5
+VnfqdhfSIzdwjnjdVOrLDG0mIB8N92ZB/B5po96vPfzRlCI/y0XOlX6EEQkZRrG
HXLFywkAbikXrPdDKmBZRrfsyW05KQRF/ZamRNyPRD6A
-----END CERTIFICATE-----