This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ppu5JmQMTBSanXWIIoDPcUmiq4k.roa
File:                     Ppu5JmQMTBSanXWIIoDPcUmiq4k.roa (raw, json)
Hash identifier:          iCmRjqxeq4ugKpFVFGbwICSLUlG6wKerJeZ8lWB6bx0=
Subject key identifier:   3E:9B:B9:26:64:0C:4C:14:9A:9D:75:88:22:80:CF:71:49:A2:AB:89
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C13734FDFF1EBB1D1CF44B91FEEFF2B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ppu5JmQMTBSanXWIIoDPcUmiq4k.roa
Signing time:             Fri 02 Jan 2026 00:20:08 +0000
ROA not before:           Fri 02 Jan 2026 00:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55201
IP address blocks:        194.5.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:73:4f:df:f1:eb:b1:d1:cf:44:b9:1f:ee:ff:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e9bb926640c4c149a9d75882280cf7149a2ab89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cf:92:d6:b3:5f:ce:8c:b2:3b:5f:af:d2:1b:
                    b7:3d:82:6e:42:7c:18:35:bf:cb:8c:ae:86:28:20:
                    a1:e6:99:1c:a9:81:3e:af:3f:12:84:9f:4e:9f:4e:
                    70:82:2f:3f:44:2a:65:6f:35:b9:15:47:a0:7f:c4:
                    98:82:2f:7e:18:89:0a:c1:a4:32:9e:6a:79:60:83:
                    14:59:73:1f:06:31:8c:95:d0:bc:5c:1f:f0:27:7c:
                    99:c1:d0:dc:e6:34:08:7a:21:e1:3e:04:2c:5a:59:
                    79:d8:f9:f9:ec:ed:c5:e3:e7:fd:cc:d4:41:4d:2c:
                    05:a3:90:a5:e1:ba:ef:de:e4:75:a8:e8:8d:3e:c2:
                    65:cf:2b:dd:ec:9a:8a:b3:8d:2d:71:62:ed:5e:e9:
                    d5:7e:06:7d:29:16:fb:f0:3c:e4:ef:81:e8:36:8c:
                    e1:45:bf:bf:23:cd:de:eb:56:2b:4e:88:3f:9f:78:
                    38:96:27:44:fd:54:da:fb:79:a4:d7:a1:a6:13:7f:
                    64:40:34:0e:ad:ca:64:32:4c:21:40:24:b7:c5:02:
                    5f:8d:d9:cc:f6:6e:8d:72:e6:d6:43:c1:a4:92:fb:
                    09:25:44:13:14:32:1c:b5:67:ec:9d:c6:53:ac:98:
                    b7:00:2d:8d:8b:f1:31:68:06:8c:4a:d4:4a:c7:38:
                    ed:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9B:B9:26:64:0C:4C:14:9A:9D:75:88:22:80:CF:71:49:A2:AB:89
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ppu5JmQMTBSanXWIIoDPcUmiq4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:79:56:53:78:29:c4:b9:80:be:d7:77:f9:d0:5a:b5:2c:c4:
         07:41:68:d9:04:06:b3:2b:07:d1:56:b4:dd:ed:84:df:bb:e0:
         34:17:c8:1b:f8:fb:8b:00:86:30:e9:2f:08:b9:bd:0b:b5:e1:
         0b:bc:94:a7:2b:a1:84:1e:9c:bc:20:e5:b4:40:70:26:76:af:
         65:10:25:75:ad:b0:e1:52:fa:e3:e3:35:18:dc:a1:e5:b5:88:
         d3:75:83:23:b1:ed:de:2b:36:4a:b0:8a:56:7e:9e:7a:9b:65:
         b2:9f:6e:af:a1:80:64:ef:0a:a0:39:3f:01:3d:d6:4e:47:95:
         9b:f3:09:73:e5:7d:41:2f:d6:35:b4:28:51:d2:25:f1:7f:a0:
         40:f6:ed:36:2c:41:82:64:82:d4:7b:74:df:50:d5:24:78:3c:
         94:88:5e:2d:3a:eb:ce:ba:d5:69:34:da:63:9e:4d:8d:fa:fa:
         60:ba:e2:dd:5b:6f:12:e5:93:af:23:6c:68:c2:80:f7:c5:07:
         a0:f1:cb:ef:ce:c1:98:d1:7c:12:0d:81:12:1b:f6:a0:88:49:
         4b:21:01:af:47:00:f4:18:77:e1:68:d9:76:47:9a:78:80:4e:
         bc:c9:00:58:d6:4a:5e:56:40:3f:36:a4:f2:bc:44:e2:4d:8b:
         34:a5:d0:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E3NP3/HrsdHPRLkf7v8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTliYjkyNjY0MGM0YzE0OWE5ZDc1ODgyMjgwY2Y3MTQ5YTJhYjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM+S1rNfzoyyO1+v0hu3PYJuQnwY
Nb/LjK6GKCCh5pkcqYE+rz8ShJ9On05wgi8/RCplbzW5FUegf8SYgi9+GIkKwaQy
nmp5YIMUWXMfBjGMldC8XB/wJ3yZwdDc5jQIeiHhPgQsWll52Pn57O3F4+f9zNRB
TSwFo5Cl4brv3uR1qOiNPsJlzyvd7JqKs40tcWLtXunVfgZ9KRb78Dzk74HoNozh
Rb+/I83e61YrTog/n3g4lidE/VTa+3mk16GmE39kQDQOrcpkMkwhQCS3xQJfjdnM
9m6NcubWQ8GkkvsJJUQTFDIctWfsncZTrJi3AC2Ni/ExaAaMStRKxzjtDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6buSZkDEwUmp11iCKAz3FJoquJMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUHB1NUptUU1UQlNhblhXSUlvRFBjVW1pcTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVAMA0G
CSqGSIb3DQEBCwUAA4IBAQBTeVZTeCnEuYC+13f50Fq1LMQHQWjZBAazKwfRVrTd
7YTfu+A0F8gb+PuLAIYw6S8Iub0LteELvJSnK6GEHpy8IOW0QHAmdq9lECV1rbDh
Uvrj4zUY3KHltYjTdYMjse3eKzZKsIpWfp56m2Wyn26voYBk7wqgOT8BPdZOR5Wb
8wlz5X1BL9Y1tChR0iXxf6BA9u02LEGCZILUe3TfUNUkeDyUiF4tOuvOutVpNNpj
nk2N+vpguuLdW28S5ZOvI2xowoD3xQeg8cvvzsGY0XwSDYESG/agiElLIQGvRwD0
GHfhaNl2R5p4gE68yQBY1kpeVkA/NqTyvETiTYs0pdD4
-----END CERTIFICATE-----