This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/pgXOO-X2YoQD1xUfgpwy2AJKCd4.roa
File:                     pgXOO-X2YoQD1xUfgpwy2AJKCd4.roa (raw, json)
Hash identifier:          A+gEG2oAGHzvq6lumOztmhDUDyh36zMLQy0QLJwvsGw=
Subject key identifier:   A6:05:CE:3B:E5:F6:62:84:03:D7:15:1F:82:9C:32:D8:02:4A:09:DE
Certificate issuer:       /CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
Certificate serial:       019B7B35BF3C851795CDC03100E4FE4C257B
Authority key identifier: 53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/pgXOO-X2YoQD1xUfgpwy2AJKCd4.roa
Signing time:             Thu 01 Jan 2026 20:17:58 +0000
ROA not before:           Thu 01 Jan 2026 20:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209854
IP address blocks:        185.239.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:bf:3c:85:17:95:cd:c0:31:00:e4:fe:4c:25:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
        Validity
            Not Before: Jan  1 20:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a605ce3be5f6628403d7151f829c32d8024a09de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:58:2f:6d:da:c8:8c:e9:56:c0:83:c6:63:2d:
                    ab:34:ed:df:8b:d4:2c:9c:7f:0b:49:38:5d:df:ae:
                    5f:96:40:95:fb:ce:e2:f6:55:96:f7:70:6b:00:ba:
                    cd:0f:7b:ff:c7:e0:15:88:68:66:8a:df:6e:d8:83:
                    b7:25:2b:ee:44:4d:8e:d6:a3:5c:36:42:9c:05:d1:
                    69:0d:20:82:71:9a:47:c9:ca:9e:da:e4:e1:03:03:
                    fc:92:32:ee:32:77:82:79:82:47:0d:93:92:94:bd:
                    ae:b5:40:57:53:75:7e:90:06:88:fa:a7:44:d9:34:
                    63:b1:d4:a2:b9:a9:fd:1a:b0:d7:68:f5:58:0d:f4:
                    95:28:37:65:27:45:66:4c:5d:09:81:bc:5f:b4:9f:
                    b2:58:8b:ef:1f:85:22:77:39:a7:e6:df:0b:6c:de:
                    c0:66:1f:7a:4a:88:77:a3:8f:e2:c0:f8:a9:6c:67:
                    e6:4e:7e:49:38:37:30:78:22:78:84:00:91:9c:2c:
                    f6:d8:14:4b:75:6b:ca:fe:5b:17:0b:e6:fa:ed:2e:
                    21:95:2e:21:5a:ce:f9:65:04:84:10:1c:76:f8:89:
                    58:89:26:39:b8:9c:a6:0a:9a:0f:ce:0a:27:70:11:
                    83:ef:20:65:22:6d:e9:68:5d:3f:83:e3:82:d9:3d:
                    3b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:05:CE:3B:E5:F6:62:84:03:D7:15:1F:82:9C:32:D8:02:4A:09:DE
            X509v3 Authority Key Identifier:
                keyid:53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/pgXOO-X2YoQD1xUfgpwy2AJKCd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:ea:02:8d:b8:14:32:d7:d2:50:bb:02:5a:5c:79:1e:48:bc:
         a5:33:a9:52:19:5c:d5:31:2c:6a:b5:f6:2d:7b:9c:e5:24:cb:
         62:fc:04:e1:ae:2e:ad:22:80:2a:a6:62:d1:5d:94:30:0e:b0:
         cc:0b:47:30:e1:3d:ba:b0:25:9a:44:32:e0:d0:11:ee:d4:c6:
         89:6a:92:53:7b:5a:54:9a:3d:df:c1:62:7f:42:03:65:41:25:
         cb:c8:df:2e:7e:72:1e:04:18:b6:43:8b:ff:fa:50:d2:74:05:
         68:20:58:d1:32:b3:f3:b4:b4:01:53:68:fa:a3:c6:cd:26:1a:
         ef:6a:c4:aa:28:27:df:61:94:32:3c:c1:eb:bf:17:0c:7d:7e:
         f3:fb:19:67:f4:a2:bf:c9:a3:20:b9:3e:01:8c:8d:3e:20:e2:
         d5:fb:5d:bd:03:fa:fe:88:39:95:8c:07:58:da:97:54:f9:10:
         07:c8:cd:0c:fb:ac:15:3e:e3:60:bc:e2:02:d2:fa:27:8f:bf:
         df:95:49:82:3c:58:29:9e:d2:a1:66:83:8e:6a:66:bb:fc:f4:
         f5:14:dd:c4:4a:5d:48:b5:5d:93:29:fe:67:08:89:7f:18:e4:
         bf:da:2a:c3:f7:b2:5e:c7:c9:b3:65:5b:f4:cf:f0:a6:77:dd:
         08:de:20:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nb88hReVzcAxAOT+TCV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDAzNTlmOWY4YjIwODE1Y2U0ZDk4OGUxMDliZjgyMzA2
ZTRjNzQwHhcNMjYwMTAxMjAxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjA1Y2UzYmU1ZjY2Mjg0MDNkNzE1MWY4MjljMzJkODAyNGEwOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlgvbdrIjOlWwIPGYy2rNO3fi9Qs
nH8LSThd365flkCV+87i9lWW93BrALrND3v/x+AViGhmit9u2IO3JSvuRE2O1qNc
NkKcBdFpDSCCcZpHycqe2uThAwP8kjLuMneCeYJHDZOSlL2utUBXU3V+kAaI+qdE
2TRjsdSiuan9GrDXaPVYDfSVKDdlJ0VmTF0JgbxftJ+yWIvvH4Uidzmn5t8LbN7A
Zh96Soh3o4/iwPipbGfmTn5JODcweCJ4hACRnCz22BRLdWvK/lsXC+b67S4hlS4h
Ws75ZQSEEBx2+IlYiSY5uJymCpoPzgoncBGD7yBlIm3paF0/g+OC2T074wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYFzjvl9mKEA9cVH4KcMtgCSgneMB8GA1UdIwQY
MBaAFFPQNZ+fiyCBXOTZiOEJv4Iwbkx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTkt
YTZjNDljZTkwNzU2LzEvcGdYT08tWDJZb1FEMXhVZmdwd3kyQUpLQ2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTktYTZjNDljZTkwNzU2
LzEvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+9MA0G
CSqGSIb3DQEBCwUAA4IBAQB56gKNuBQy19JQuwJaXHkeSLylM6lSGVzVMSxqtfYt
e5zlJMti/AThri6tIoAqpmLRXZQwDrDMC0cw4T26sCWaRDLg0BHu1MaJapJTe1pU
mj3fwWJ/QgNlQSXLyN8ufnIeBBi2Q4v/+lDSdAVoIFjRMrPztLQBU2j6o8bNJhrv
asSqKCffYZQyPMHrvxcMfX7z+xln9KK/yaMguT4BjI0+IOLV+129A/r+iDmVjAdY
2pdU+RAHyM0M+6wVPuNgvOIC0vonj7/flUmCPFgpntKhZoOOama7/PT1FN3ESl1I
tV2TKf5nCIl/GOS/2irD97Jex8mzZVv0z/Cmd90I3iAr
-----END CERTIFICATE-----