This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/42PKmGxLZWltjo2RjF8-O2uhH1I.roa
File:                     42PKmGxLZWltjo2RjF8-O2uhH1I.roa (raw, json)
Hash identifier:          NUqXlQ+o+ZJwF4uY9fuVeTvOTArxxOzENBFKqJ5J5nw=
Subject key identifier:   E3:63:CA:98:6C:4B:65:69:6D:8E:8D:91:8C:5F:3E:3B:6B:A1:1F:52
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       019B7A5B677FA3C99335D72BB5E0F2F9EC5B
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/42PKmGxLZWltjo2RjF8-O2uhH1I.roa
Signing time:             Thu 01 Jan 2026 16:19:29 +0000
ROA not before:           Thu 01 Jan 2026 16:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        194.151.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 10:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:67:7f:a3:c9:93:35:d7:2b:b5:e0:f2:f9:ec:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Jan  1 16:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e363ca986c4b65696d8e8d918c5f3e3b6ba11f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:b4:0c:c2:d2:0e:55:13:8f:f3:20:92:bc:
                    ff:a7:a9:db:f0:21:39:76:78:11:ca:4e:c2:c2:53:
                    0c:6f:4d:88:8b:d4:04:49:a0:04:fb:44:48:b4:02:
                    e2:77:c5:0f:44:58:8c:2d:2a:13:fa:0a:41:68:e4:
                    5a:8c:67:e4:65:fc:f3:3c:24:d1:fe:9d:fa:51:40:
                    74:b9:66:27:c5:d9:d3:2e:57:07:31:1d:c9:3c:19:
                    b8:07:3e:2c:21:2a:09:1b:96:99:55:df:04:67:ab:
                    94:a9:67:e6:39:24:f5:12:02:df:7a:04:5d:89:cc:
                    19:ae:db:b6:5a:39:03:6d:47:9b:72:47:d6:14:fd:
                    53:d0:c5:93:e2:b0:06:6c:e4:46:96:6f:48:5a:cf:
                    dd:cd:c1:64:21:c8:f2:77:26:c2:44:a1:f5:ca:58:
                    bb:ea:da:0d:a8:54:46:81:fe:48:3b:ec:fe:ab:53:
                    db:71:85:e6:26:01:67:d2:8f:b9:f5:71:a3:ce:e4:
                    fc:96:6d:8d:9c:3e:ea:a0:2e:c8:18:ea:16:c9:b6:
                    b3:8e:11:d5:98:61:0f:3a:73:b0:88:0a:37:c2:70:
                    a7:57:3d:19:18:0f:00:6b:c5:b1:aa:f6:d3:1b:9e:
                    7b:ca:97:db:08:c2:3e:06:4c:d1:f6:79:f6:9d:59:
                    74:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:63:CA:98:6C:4B:65:69:6D:8E:8D:91:8C:5F:3E:3B:6B:A1:1F:52
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/42PKmGxLZWltjo2RjF8-O2uhH1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.151.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:53:86:35:66:5b:ba:1c:b4:85:d9:6b:31:bf:c4:92:e8:5f:
         ce:92:d2:ba:2c:5a:82:ac:75:19:5f:7f:61:f2:ee:09:e0:d0:
         2b:bf:85:6e:90:13:e8:70:a2:b6:e0:d0:73:0d:2f:56:de:44:
         c2:87:65:3c:57:26:3a:7b:29:1c:35:09:6f:95:5c:c6:0f:89:
         6c:e3:3a:cc:aa:14:ae:c0:7c:18:2b:24:0a:1c:30:ad:76:0f:
         ca:50:69:fb:66:0e:08:81:54:d1:82:4b:b8:79:06:65:fc:a3:
         87:98:0c:3e:a9:03:37:d6:32:ec:cf:ef:78:f9:f4:f7:a5:53:
         b0:e7:9f:57:af:e6:8a:40:05:9a:82:76:b1:96:f1:4b:b1:6e:
         81:8b:33:6b:76:7c:68:57:cb:da:76:99:7e:9f:26:23:b7:e6:
         dc:d3:07:8a:2a:74:ac:bb:3f:e2:78:c6:d8:d0:6d:1e:4b:bc:
         45:c0:bb:85:5e:e6:8a:2c:80:1b:e5:89:3f:8a:e4:6f:b3:96:
         65:c7:62:ab:1a:68:6d:8b:9d:9e:4a:fb:8d:49:06:9f:97:61:
         21:24:ec:e9:66:69:df:3f:ac:0d:b9:53:12:2d:17:3c:56:3b:
         4c:b1:76:e7:5b:17:67:ed:6d:67:72:5e:9e:4c:69:23:d6:07:
         4c:8b:01:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W2d/o8mTNdcrteDy+exbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjYwMTAxMTYxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYzY2E5ODZjNGI2NTY5NmQ4ZThkOTE4YzVmM2UzYjZiYTExZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqra0DMLSDlUTj/Mgkrz/p6nb8CE5
dngRyk7CwlMMb02Ii9QESaAE+0RItALid8UPRFiMLSoT+gpBaORajGfkZfzzPCTR
/p36UUB0uWYnxdnTLlcHMR3JPBm4Bz4sISoJG5aZVd8EZ6uUqWfmOST1EgLfegRd
icwZrtu2WjkDbUebckfWFP1T0MWT4rAGbORGlm9IWs/dzcFkIcjydybCRKH1yli7
6toNqFRGgf5IO+z+q1PbcYXmJgFn0o+59XGjzuT8lm2NnD7qoC7IGOoWybazjhHV
mGEPOnOwiAo3wnCnVz0ZGA8Aa8WxqvbTG557ypfbCMI+BkzR9nn2nVl0vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONjyphsS2VpbY6NkYxfPjtroR9SMB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEvNDJQS21HeExaV2x0am8yUmpGOC1PMnVoSDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpfLMA0G
CSqGSIb3DQEBCwUAA4IBAQB9U4Y1Zlu6HLSF2Wsxv8SS6F/OktK6LFqCrHUZX39h
8u4J4NArv4VukBPocKK24NBzDS9W3kTCh2U8VyY6eykcNQlvlVzGD4ls4zrMqhSu
wHwYKyQKHDCtdg/KUGn7Zg4IgVTRgku4eQZl/KOHmAw+qQM31jLsz+94+fT3pVOw
559Xr+aKQAWagnaxlvFLsW6BizNrdnxoV8vadpl+nyYjt+bc0weKKnSsuz/ieMbY
0G0eS7xFwLuFXuaKLIAb5Yk/iuRvs5Zlx2KrGmhti52eSvuNSQafl2EhJOzpZmnf
P6wNuVMSLRc8VjtMsXbnWxdn7W1ncl6eTGkj1gdMiwH4
-----END CERTIFICATE-----