This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/PchT168ujFib-nY79tBpP-zJgdY.roa
File:                     PchT168ujFib-nY79tBpP-zJgdY.roa (raw, json)
Hash identifier:          X54RZoJH7rp6pAWMbh3u6FOekQubaYZ6ugL/JB3twaM=
Subject key identifier:   3D:C8:53:D7:AF:2E:8C:58:9B:FA:76:3B:F6:D0:69:3F:EC:C9:81:D6
Certificate issuer:       /CN=d47d8aaa10edcf5d0814039153997bfbf4d35ba9
Certificate serial:       019B77C706F856E627DC617ABF11C528A9E5
Authority key identifier: D4:7D:8A:AA:10:ED:CF:5D:08:14:03:91:53:99:7B:FB:F4:D3:5B:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1H2KqhDtz10IFAORU5l7-_TTW6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/PchT168ujFib-nY79tBpP-zJgdY.roa
Signing time:             Thu 01 Jan 2026 04:18:10 +0000
ROA not before:           Thu 01 Jan 2026 04:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208972
IP address blocks:        91.229.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/1H2KqhDtz10IFAORU5l7-_TTW6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/1H2KqhDtz10IFAORU5l7-_TTW6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1H2KqhDtz10IFAORU5l7-_TTW6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:06:f8:56:e6:27:dc:61:7a:bf:11:c5:28:a9:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d47d8aaa10edcf5d0814039153997bfbf4d35ba9
        Validity
            Not Before: Jan  1 04:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3dc853d7af2e8c589bfa763bf6d0693fecc981d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:81:c6:e7:a3:01:ef:cb:98:3b:e0:aa:b4:f6:
                    54:3f:b3:64:f3:3a:d5:30:62:a8:5e:80:89:80:0f:
                    fc:ab:ef:fe:82:03:64:b1:71:76:78:6c:b8:1f:45:
                    62:9f:88:2e:b8:07:2b:f2:53:16:14:28:94:8f:25:
                    96:48:96:5e:30:ee:0d:53:57:4d:89:54:f7:6b:0e:
                    c0:b4:aa:3b:81:ef:38:cb:85:a8:4e:f3:56:f6:85:
                    31:7a:64:98:3e:56:8d:87:b7:2b:27:ad:59:e9:6d:
                    d0:84:7c:22:35:d1:3e:0e:c9:99:ee:d9:00:66:36:
                    7a:74:c9:1c:de:86:a7:44:37:e3:11:86:db:4d:10:
                    0a:71:f3:93:16:bb:c9:43:fb:6f:9a:eb:6d:b4:e5:
                    2d:86:3b:09:09:2c:5d:fd:58:73:76:c9:83:60:45:
                    d6:56:e5:27:62:ae:25:b7:61:44:b4:d0:ad:03:70:
                    be:1a:f6:0c:f6:f6:9b:ed:ff:74:19:60:76:ae:37:
                    f4:66:b9:de:c6:4e:9f:27:e1:da:66:c8:3a:97:6b:
                    b9:87:e5:6f:e2:55:57:e4:28:57:6f:ae:bb:4d:1d:
                    ac:bb:09:b4:af:c9:97:43:55:ae:17:78:5e:d5:b0:
                    da:0c:14:7a:2d:16:e4:fc:01:c8:c1:8b:9c:80:cd:
                    18:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C8:53:D7:AF:2E:8C:58:9B:FA:76:3B:F6:D0:69:3F:EC:C9:81:D6
            X509v3 Authority Key Identifier:
                keyid:D4:7D:8A:AA:10:ED:CF:5D:08:14:03:91:53:99:7B:FB:F4:D3:5B:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1H2KqhDtz10IFAORU5l7-_TTW6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/PchT168ujFib-nY79tBpP-zJgdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/1H2KqhDtz10IFAORU5l7-_TTW6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:c6:b8:78:b4:76:12:f4:ad:ac:f8:ea:7c:57:4a:a0:65:40:
         bd:a0:60:08:72:15:77:cb:8a:b8:56:e0:b2:90:67:19:3d:56:
         15:a0:51:73:a3:e6:4c:52:54:e9:01:4e:97:a8:6c:50:d5:21:
         ae:60:3e:b4:ac:ef:da:54:66:14:4b:60:98:37:9b:ee:83:a9:
         bd:42:c8:0b:8f:08:70:eb:28:fe:24:fd:cf:e9:7d:f4:96:70:
         a7:02:68:c6:47:57:6f:f3:65:53:f3:cb:78:8f:51:7b:85:28:
         fc:a5:4c:f5:a7:57:6e:26:62:a6:a3:f4:06:1c:73:17:09:a0:
         0e:4e:1d:ec:5b:e2:d8:fa:13:88:2e:08:b4:65:15:38:33:0d:
         37:50:b6:79:52:48:01:a3:a5:4a:3f:7a:50:30:b6:f3:f0:20:
         20:5e:cb:3d:e4:30:80:20:00:02:c9:ab:2e:aa:34:42:df:77:
         37:8f:d2:f7:2b:83:53:60:f8:1a:1a:51:1a:ad:2b:fe:e4:7c:
         2e:51:b1:b1:c8:ed:05:9f:a5:e4:bb:4d:91:98:36:bb:a4:9e:
         2f:22:ad:15:46:42:8b:a7:e6:8b:4c:1b:c2:22:91:ad:2a:14:
         f0:b8:a5:78:a2:21:a2:61:a6:07:3d:ee:49:45:db:68:0b:b7:
         da:9d:4c:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xwb4VuYn3GF6vxHFKKnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0N2Q4YWFhMTBlZGNmNWQwODE0MDM5MTUzOTk3YmZiZjRk
MzViYTkwHhcNMjYwMTAxMDQxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGM4NTNkN2FmMmU4YzU4OWJmYTc2M2JmNmQwNjkzZmVjYzk4MWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YHG56MB78uYO+CqtPZUP7Nk8zrV
MGKoXoCJgA/8q+/+ggNksXF2eGy4H0Vin4guuAcr8lMWFCiUjyWWSJZeMO4NU1dN
iVT3aw7AtKo7ge84y4WoTvNW9oUxemSYPlaNh7crJ61Z6W3QhHwiNdE+DsmZ7tkA
ZjZ6dMkc3oanRDfjEYbbTRAKcfOTFrvJQ/tvmutttOUthjsJCSxd/VhzdsmDYEXW
VuUnYq4lt2FEtNCtA3C+GvYM9vab7f90GWB2rjf0Zrnexk6fJ+HaZsg6l2u5h+Vv
4lVX5ChXb667TR2suwm0r8mXQ1WuF3he1bDaDBR6LRbk/AHIwYucgM0Y5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3IU9evLoxYm/p2O/bQaT/syYHWMB8GA1UdIwQY
MBaAFNR9iqoQ7c9dCBQDkVOZe/v001upMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUgyS3FoRHR6MTBJRkFPUlU1bDctX1RUVzZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy82ZGNjNTAtMDI1Yy00YzIwLTg2OTkt
YmNlZDU3OWMwYjdiLzEvUGNoVDE2OHVqRmliLW5ZNzl0QnBQLXpKZ2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy82ZGNjNTAtMDI1Yy00YzIwLTg2OTktYmNlZDU3OWMwYjdi
LzEvMUgyS3FoRHR6MTBJRkFPUlU1bDctX1RUVzZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XUMA0G
CSqGSIb3DQEBCwUAA4IBAQANxrh4tHYS9K2s+Op8V0qgZUC9oGAIchV3y4q4VuCy
kGcZPVYVoFFzo+ZMUlTpAU6XqGxQ1SGuYD60rO/aVGYUS2CYN5vug6m9QsgLjwhw
6yj+JP3P6X30lnCnAmjGR1dv82VT88t4j1F7hSj8pUz1p1duJmKmo/QGHHMXCaAO
Th3sW+LY+hOILgi0ZRU4Mw03ULZ5UkgBo6VKP3pQMLbz8CAgXss95DCAIAACyasu
qjRC33c3j9L3K4NTYPgaGlEarSv+5HwuUbGxyO0Fn6Xku02RmDa7pJ4vIq0VRkKL
p+aLTBvCIpGtKhTwuKV4oiGiYaYHPe5JRdtoC7fanUwH
-----END CERTIFICATE-----