This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/5146d0-3e74-47a1-aa3e-f9995b78a85f/1/PzMpMCVPdUDUUH8GTuka9keIPNQ.roa
File:                     PzMpMCVPdUDUUH8GTuka9keIPNQ.roa (raw, json)
Hash identifier:          IKEP0LVD3JdV2nQIZoc3FzX3XZlJgMd0mFQnJDaVjxI=
Subject key identifier:   3F:33:29:30:25:4F:75:40:D4:50:7F:06:4E:E9:1A:F6:47:88:3C:D4
Certificate issuer:       /CN=5d325befd8b7e85e347104206d8c0ab8a6e0fb4e
Certificate serial:       019B7834A7EF94554005AF5E02DFE8D7B4D0
Authority key identifier: 5D:32:5B:EF:D8:B7:E8:5E:34:71:04:20:6D:8C:0A:B8:A6:E0:FB:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTJb79i36F40cQQgbYwKuKbg-04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/5146d0-3e74-47a1-aa3e-f9995b78a85f/1/PzMpMCVPdUDUUH8GTuka9keIPNQ.roa
Signing time:             Thu 01 Jan 2026 06:17:55 +0000
ROA not before:           Thu 01 Jan 2026 06:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15576
IP address blocks:        91.199.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/5146d0-3e74-47a1-aa3e-f9995b78a85f/1/XTJb79i36F40cQQgbYwKuKbg-04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/5146d0-3e74-47a1-aa3e-f9995b78a85f/1/XTJb79i36F40cQQgbYwKuKbg-04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTJb79i36F40cQQgbYwKuKbg-04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 09:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:a7:ef:94:55:40:05:af:5e:02:df:e8:d7:b4:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d325befd8b7e85e347104206d8c0ab8a6e0fb4e
        Validity
            Not Before: Jan  1 06:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f332930254f7540d4507f064ee91af647883cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6c:77:aa:2a:0b:00:1d:0e:1b:c8:36:f2:8c:
                    9e:9e:82:65:da:2f:08:73:bb:b4:03:e8:b0:58:71:
                    43:2a:1b:87:28:3c:00:e1:7e:2d:2b:e1:ee:e2:23:
                    a9:bb:a6:91:aa:f0:c0:9f:0f:5b:d9:50:c1:47:55:
                    27:53:30:99:27:b5:b2:1f:33:ed:f5:b2:aa:f4:9b:
                    0b:5a:c2:75:af:f8:b0:a2:1f:bf:4c:d1:6e:1f:73:
                    9d:cf:19:dc:ed:72:84:85:c9:86:96:ce:d8:6a:65:
                    8d:1c:32:ee:f8:34:45:85:9f:a2:30:7b:7d:4d:f1:
                    3a:92:7d:be:23:89:cd:65:3e:13:5c:12:7c:42:b0:
                    a7:bc:4b:46:4b:aa:be:b8:b1:dc:60:4b:10:72:88:
                    35:26:bd:d8:02:e2:21:28:a9:ca:17:a6:83:64:b0:
                    a1:57:75:ca:99:ee:49:e3:a4:5a:b7:ab:22:b3:31:
                    f8:9f:d4:d7:94:41:20:88:f9:7d:4e:2a:8b:2d:d4:
                    90:ea:f5:52:0d:96:79:50:33:be:50:33:00:45:14:
                    47:08:e5:fa:69:dc:e1:b9:1a:59:39:66:6d:7a:65:
                    19:aa:8c:13:d1:6d:46:d3:1e:1c:0c:23:a9:de:1a:
                    c0:3b:ee:20:d2:66:3c:68:99:0f:0b:a4:be:72:56:
                    8e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:33:29:30:25:4F:75:40:D4:50:7F:06:4E:E9:1A:F6:47:88:3C:D4
            X509v3 Authority Key Identifier:
                keyid:5D:32:5B:EF:D8:B7:E8:5E:34:71:04:20:6D:8C:0A:B8:A6:E0:FB:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTJb79i36F40cQQgbYwKuKbg-04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5146d0-3e74-47a1-aa3e-f9995b78a85f/1/PzMpMCVPdUDUUH8GTuka9keIPNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5146d0-3e74-47a1-aa3e-f9995b78a85f/1/XTJb79i36F40cQQgbYwKuKbg-04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:7c:7c:bd:47:52:48:17:cd:9c:bd:f2:6a:2e:96:c3:fc:85:
         88:b4:ed:05:60:2a:f4:f9:a4:0d:09:14:19:bb:7a:f1:84:8f:
         20:5b:7b:bd:91:45:da:a2:02:1b:73:ad:68:eb:48:02:b9:ac:
         94:80:8e:5f:51:5a:d7:15:f7:c2:39:6d:52:e1:5d:ee:ff:66:
         15:a1:3f:be:0e:fa:21:53:d8:85:59:b6:cd:a9:d7:ee:0a:da:
         f5:96:9c:c3:9c:74:67:18:8d:4e:32:26:79:2d:a0:e4:96:dc:
         aa:bf:d8:98:55:20:ec:7e:40:9d:a6:3c:b4:2c:b5:6f:c2:85:
         14:ab:4a:e3:3d:f1:17:b6:2f:ec:cb:03:d4:05:92:b4:4b:4d:
         7b:97:80:d2:25:d0:88:6b:50:66:ab:5d:d0:1c:f1:28:ce:bb:
         21:30:31:74:07:87:d8:c3:ea:1a:f9:12:88:cf:63:d3:34:fe:
         0c:f6:97:1d:f0:04:a1:06:5c:e5:9d:cf:99:e1:5f:83:6c:8d:
         f3:2a:5b:f4:01:44:8e:eb:e3:81:21:de:cf:87:a0:37:a4:0b:
         3c:17:a9:c7:79:ca:25:72:9c:a8:87:75:8a:08:7a:fd:09:6c:
         e4:33:25:6a:99:9c:bb:50:fb:89:ab:d3:34:d1:4d:97:e6:27:
         93:50:d9:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NKfvlFVABa9eAt/o17TQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzI1YmVmZDhiN2U4NWUzNDcxMDQyMDZkOGMwYWI4YTZl
MGZiNGUwHhcNMjYwMTAxMDYxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjMzMjkzMDI1NGY3NTQwZDQ1MDdmMDY0ZWU5MWFmNjQ3ODgzY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2x3qioLAB0OG8g28oyenoJl2i8I
c7u0A+iwWHFDKhuHKDwA4X4tK+Hu4iOpu6aRqvDAnw9b2VDBR1UnUzCZJ7WyHzPt
9bKq9JsLWsJ1r/iwoh+/TNFuH3Odzxnc7XKEhcmGls7YamWNHDLu+DRFhZ+iMHt9
TfE6kn2+I4nNZT4TXBJ8QrCnvEtGS6q+uLHcYEsQcog1Jr3YAuIhKKnKF6aDZLCh
V3XKme5J46Rat6siszH4n9TXlEEgiPl9TiqLLdSQ6vVSDZZ5UDO+UDMARRRHCOX6
adzhuRpZOWZtemUZqowT0W1G0x4cDCOp3hrAO+4g0mY8aJkPC6S+claO5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8zKTAlT3VA1FB/Bk7pGvZHiDzUMB8GA1UdIwQY
MBaAFF0yW+/Yt+heNHEEIG2MCrim4PtOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRKYjc5aTM2RjQwY1FRZ2JZd0t1S2JnLTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC81MTQ2ZDAtM2U3NC00N2ExLWFhM2Ut
Zjk5OTViNzhhODVmLzEvUHpNcE1DVlBkVURVVUg4R1R1a2E5a2VJUE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC81MTQ2ZDAtM2U3NC00N2ExLWFhM2UtZjk5OTViNzhhODVm
LzEvWFRKYjc5aTM2RjQwY1FRZ2JZd0t1S2JnLTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fGMA0G
CSqGSIb3DQEBCwUAA4IBAQCLfHy9R1JIF82cvfJqLpbD/IWItO0FYCr0+aQNCRQZ
u3rxhI8gW3u9kUXaogIbc61o60gCuayUgI5fUVrXFffCOW1S4V3u/2YVoT++Dvoh
U9iFWbbNqdfuCtr1lpzDnHRnGI1OMiZ5LaDkltyqv9iYVSDsfkCdpjy0LLVvwoUU
q0rjPfEXti/sywPUBZK0S017l4DSJdCIa1Bmq13QHPEozrshMDF0B4fYw+oa+RKI
z2PTNP4M9pcd8AShBlzlnc+Z4V+DbI3zKlv0AUSO6+OBId7Ph6A3pAs8F6nHecol
cpyoh3WKCHr9CWzkMyVqmZy7UPuJq9M00U2X5ieTUNnm
-----END CERTIFICATE-----