This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/pjZgFrUWO8BOoL-HaPMDCBP4Z3k.roa
File:                     pjZgFrUWO8BOoL-HaPMDCBP4Z3k.roa (raw, json)
Hash identifier:          DJfWljw06kfL4VTqBzgexrUkOVmGrJBBRKqjdLiN9zA=
Subject key identifier:   A6:36:60:16:B5:16:3B:C0:4E:A0:BF:87:68:F3:03:08:13:F8:67:79
Certificate issuer:       /CN=af3038a717b154e1cfa47116832da26f28b2a304
Certificate serial:       019B78A31DAA8A33C35245E359763D3E21F9
Authority key identifier: AF:30:38:A7:17:B1:54:E1:CF:A4:71:16:83:2D:A2:6F:28:B2:A3:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rzA4pxexVOHPpHEWgy2ibyiyowQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/pjZgFrUWO8BOoL-HaPMDCBP4Z3k.roa
Signing time:             Thu 01 Jan 2026 08:18:34 +0000
ROA not before:           Thu 01 Jan 2026 08:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49214
IP address blocks:        217.22.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/rzA4pxexVOHPpHEWgy2ibyiyowQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/rzA4pxexVOHPpHEWgy2ibyiyowQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rzA4pxexVOHPpHEWgy2ibyiyowQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:1d:aa:8a:33:c3:52:45:e3:59:76:3d:3e:21:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af3038a717b154e1cfa47116832da26f28b2a304
        Validity
            Not Before: Jan  1 08:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6366016b5163bc04ea0bf8768f3030813f86779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6e:b4:39:b5:0b:4a:c5:78:eb:91:b2:d5:7e:
                    54:34:30:9c:aa:4c:0b:ff:76:0f:64:73:45:ff:45:
                    bd:88:cd:04:f7:47:4a:d9:4a:2f:23:8e:f5:a5:81:
                    d3:90:39:e4:55:ec:b5:19:1f:03:12:94:6e:ab:0a:
                    f5:2c:ff:70:91:67:d0:44:5e:fc:16:6a:0b:dd:c2:
                    46:34:f6:ca:d4:25:b4:4d:b7:e5:c4:4a:b0:92:19:
                    17:d2:dc:13:6f:25:4b:47:d0:7a:da:26:35:80:be:
                    bb:26:55:e4:eb:9d:3b:9c:65:6e:36:3f:81:59:c2:
                    4f:8d:15:e4:c7:de:75:db:a7:44:f8:c3:b3:5b:4e:
                    f1:44:95:d8:64:44:77:a6:8f:34:77:8d:fd:d0:ba:
                    ad:81:19:8d:0e:cb:f2:5f:3f:d3:3d:1c:bc:c8:4e:
                    c5:f8:4a:8f:86:50:3d:11:c5:e1:46:5d:36:4f:7f:
                    cb:5a:38:ab:2c:40:5a:4f:da:8a:f5:9e:b4:10:ff:
                    90:08:17:20:2a:5a:36:62:82:b2:08:fe:9a:d2:2d:
                    07:c6:ee:5f:d0:bb:8f:fa:e1:99:dd:90:32:dd:b6:
                    47:a2:fb:69:55:90:1a:4a:77:ef:33:3b:7e:88:38:
                    c0:9b:cf:a8:65:98:40:7a:8b:d7:72:a3:80:cd:ab:
                    7f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:36:60:16:B5:16:3B:C0:4E:A0:BF:87:68:F3:03:08:13:F8:67:79
            X509v3 Authority Key Identifier:
                keyid:AF:30:38:A7:17:B1:54:E1:CF:A4:71:16:83:2D:A2:6F:28:B2:A3:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rzA4pxexVOHPpHEWgy2ibyiyowQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/pjZgFrUWO8BOoL-HaPMDCBP4Z3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/rzA4pxexVOHPpHEWgy2ibyiyowQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.22.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         08:01:1d:ba:0e:48:20:ee:f9:be:ae:7a:28:56:29:0f:20:35:
         39:a5:ff:f8:00:78:c2:84:55:c7:1d:8d:f1:8b:82:ad:07:89:
         fa:52:d7:50:c1:b2:76:4d:14:da:4f:69:c0:93:10:34:0d:54:
         d7:04:ea:c3:de:94:81:0a:89:03:3f:b3:9c:6d:f9:92:23:9e:
         86:b3:b5:5c:dc:cb:81:e6:e2:e8:39:23:87:d7:bb:c9:03:98:
         b2:96:c4:ab:0a:83:f2:3c:a8:cb:6c:5d:15:8b:a4:dd:46:1b:
         37:f9:d8:39:6f:20:bd:5b:49:7d:6f:e2:8f:34:f5:d2:86:fd:
         a2:de:e9:97:3e:75:50:12:82:29:5f:5f:bc:b3:03:a2:9a:c1:
         ca:ac:4d:de:90:e3:e8:d6:e1:0a:3a:a0:fb:8b:a0:d7:38:56:
         16:54:3b:05:94:c1:dc:b7:09:03:e2:bc:ec:55:50:1b:c0:3a:
         87:b4:e4:b6:50:98:59:d6:4c:d7:c4:06:fb:eb:68:df:f2:6e:
         24:fe:06:9e:54:38:e7:cf:23:45:39:56:b5:33:45:86:5d:4d:
         16:5e:a8:41:0c:07:a5:e0:2e:04:3d:d0:4e:05:c4:64:95:d7:
         94:10:17:c3:e3:aa:99:95:2b:42:59:47:1a:8d:ab:2f:a7:06:
         66:2e:7c:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ox2qijPDUkXjWXY9PiH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMzAzOGE3MTdiMTU0ZTFjZmE0NzExNjgzMmRhMjZmMjhi
MmEzMDQwHhcNMjYwMTAxMDgxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjM2NjAxNmI1MTYzYmMwNGVhMGJmODc2OGYzMDMwODEzZjg2Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqG60ObULSsV465Gy1X5UNDCcqkwL
/3YPZHNF/0W9iM0E90dK2UovI471pYHTkDnkVey1GR8DEpRuqwr1LP9wkWfQRF78
FmoL3cJGNPbK1CW0TbflxEqwkhkX0twTbyVLR9B62iY1gL67JlXk6507nGVuNj+B
WcJPjRXkx95126dE+MOzW07xRJXYZER3po80d4390LqtgRmNDsvyXz/TPRy8yE7F
+EqPhlA9EcXhRl02T3/LWjirLEBaT9qK9Z60EP+QCBcgKlo2YoKyCP6a0i0Hxu5f
0LuP+uGZ3ZAy3bZHovtpVZAaSnfvMzt+iDjAm8+oZZhAeovXcqOAzat/KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKY2YBa1FjvATqC/h2jzAwgT+Gd5MB8GA1UdIwQY
MBaAFK8wOKcXsVThz6RxFoMtom8osqMEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnpBNHB4ZXhWT0hQcEhFV2d5MmlieWl5b3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy82Y2ZiNzgtNjNiYy00ODIwLWI5MDMt
ODYwYzQ5ZDBlYjZhLzEvcGpaZ0ZyVVdPOEJPb0wtSGFQTURDQlA0WjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy82Y2ZiNzgtNjNiYy00ODIwLWI5MDMtODYwYzQ5ZDBlYjZh
LzEvcnpBNHB4ZXhWT0hQcEhFV2d5MmlieWl5b3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2RYgMA0G
CSqGSIb3DQEBCwUAA4IBAQAIAR26Dkgg7vm+rnooVikPIDU5pf/4AHjChFXHHY3x
i4KtB4n6UtdQwbJ2TRTaT2nAkxA0DVTXBOrD3pSBCokDP7OcbfmSI56Gs7Vc3MuB
5uLoOSOH17vJA5iylsSrCoPyPKjLbF0Vi6TdRhs3+dg5byC9W0l9b+KPNPXShv2i
3umXPnVQEoIpX1+8swOimsHKrE3ekOPo1uEKOqD7i6DXOFYWVDsFlMHctwkD4rzs
VVAbwDqHtOS2UJhZ1kzXxAb762jf8m4k/gaeVDjnzyNFOVa1M0WGXU0WXqhBDAel
4C4EPdBOBcRkldeUEBfD46qZlStCWUcajasvpwZmLnxF
-----END CERTIFICATE-----