This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/ao20WTlIdybEK7OORASxFGQHj5g.roa
File:                     ao20WTlIdybEK7OORASxFGQHj5g.roa (raw, json)
Hash identifier:          Bp9zWQUGEQfw9+EW5ojP9Kn3oyy71raM8WkHF/muXnE=
Subject key identifier:   6A:8D:B4:59:39:48:77:26:C4:2B:B3:8E:44:04:B1:14:64:07:8F:98
Certificate issuer:       /CN=3e70c14bf26faf0198f1e7b24729cd71b33518de
Certificate serial:       019B7C126FAAB7232CC2ACCD04EA4A261380
Authority key identifier: 3E:70:C1:4B:F2:6F:AF:01:98:F1:E7:B2:47:29:CD:71:B3:35:18:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PnDBS_JvrwGY8eeyRynNcbM1GN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/ao20WTlIdybEK7OORASxFGQHj5g.roa
Signing time:             Fri 02 Jan 2026 00:19:01 +0000
ROA not before:           Fri 02 Jan 2026 00:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397630
IP address blocks:        193.169.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/PnDBS_JvrwGY8eeyRynNcbM1GN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/PnDBS_JvrwGY8eeyRynNcbM1GN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PnDBS_JvrwGY8eeyRynNcbM1GN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:6f:aa:b7:23:2c:c2:ac:cd:04:ea:4a:26:13:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e70c14bf26faf0198f1e7b24729cd71b33518de
        Validity
            Not Before: Jan  2 00:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a8db45939487726c42bb38e4404b11464078f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:98:23:bd:18:0b:ee:f8:93:8b:93:84:08:41:
                    28:0d:b3:51:63:b1:07:1a:2e:85:05:e5:1c:fc:d2:
                    b2:76:75:d1:3d:8d:90:6d:36:39:f4:ee:e2:9d:ea:
                    af:d1:b0:cc:ed:a9:7e:44:cb:4c:71:42:d9:2a:2b:
                    46:86:61:1d:ae:78:a1:bc:43:b7:9b:33:48:57:25:
                    a4:28:fb:ea:22:37:ea:bf:19:ba:e0:9a:ff:ef:29:
                    d0:4c:3e:fa:ed:a8:08:16:7e:02:1f:31:5e:90:be:
                    47:85:3c:0e:c9:8a:e6:e8:5e:b9:6e:0b:6d:08:cd:
                    b6:41:c6:14:70:bb:40:c3:5d:94:ac:4b:9b:27:c2:
                    54:c3:ec:e3:9a:fc:68:64:9c:bb:bc:20:e0:fc:98:
                    44:2d:dc:66:95:7f:98:e5:38:ef:0e:d4:d8:c2:61:
                    bf:9a:25:aa:73:db:e9:22:c9:4a:fb:b2:0b:f8:79:
                    bc:c6:80:cc:c9:9a:49:c6:10:f0:aa:71:5b:c8:91:
                    31:cd:d5:2e:d8:1b:4f:3e:4e:8e:79:44:08:fe:2b:
                    2f:b5:2a:4f:09:91:7f:3b:61:e2:8c:b4:9a:b8:9b:
                    4e:c6:43:8b:59:6e:63:79:05:2f:f7:12:0f:0c:a2:
                    35:31:3e:ae:00:83:97:d0:cf:99:c3:a9:1f:0b:f2:
                    2e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:8D:B4:59:39:48:77:26:C4:2B:B3:8E:44:04:B1:14:64:07:8F:98
            X509v3 Authority Key Identifier:
                keyid:3E:70:C1:4B:F2:6F:AF:01:98:F1:E7:B2:47:29:CD:71:B3:35:18:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PnDBS_JvrwGY8eeyRynNcbM1GN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/ao20WTlIdybEK7OORASxFGQHj5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/PnDBS_JvrwGY8eeyRynNcbM1GN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:8e:b7:45:7e:61:71:19:7b:99:bc:17:59:fc:0d:95:44:c6:
         21:72:a1:8d:13:6f:dd:f7:e4:82:49:20:bf:69:22:b9:25:1e:
         89:e6:be:95:70:bc:75:a6:5e:07:73:80:b6:47:e5:2d:af:9f:
         c0:44:10:41:1a:bc:03:fe:ba:04:ba:2e:7c:ac:7d:f0:72:bd:
         29:75:6a:d1:55:f1:5c:43:46:86:07:68:d6:ff:18:01:ab:c5:
         b7:0b:69:6d:83:83:9e:7e:98:e8:58:1a:c0:1d:81:dd:64:b2:
         36:7d:66:1c:ed:9d:5e:d8:01:86:81:77:fd:66:86:e7:7f:68:
         3e:42:64:13:29:d4:b0:fc:f6:b2:5a:f1:d3:32:45:54:6c:95:
         ac:58:01:8f:13:8b:54:54:69:45:47:40:43:79:fc:a0:65:4b:
         72:d1:91:f8:47:44:6f:13:2b:13:e5:70:12:c8:f3:95:5c:bd:
         82:35:6b:50:a7:3a:46:f4:fa:62:4e:5b:4e:8a:3f:41:6b:29:
         ec:64:2b:ff:88:84:13:f1:c0:79:9d:34:e6:ae:c2:82:d0:cb:
         fa:68:46:90:4b:eb:c3:f8:d4:76:c3:01:0e:51:62:a4:73:c2:
         79:3f:4e:bb:61:d7:b6:b1:d7:29:7b:bf:cd:65:32:12:be:01:
         4a:4a:9c:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Em+qtyMswqzNBOpKJhOAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzBjMTRiZjI2ZmFmMDE5OGYxZTdiMjQ3MjljZDcxYjMz
NTE4ZGUwHhcNMjYwMTAyMDAxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YThkYjQ1OTM5NDg3NzI2YzQyYmIzOGU0NDA0YjExNDY0MDc4Zjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpgjvRgL7viTi5OECEEoDbNRY7EH
Gi6FBeUc/NKydnXRPY2QbTY59O7ineqv0bDM7al+RMtMcULZKitGhmEdrnihvEO3
mzNIVyWkKPvqIjfqvxm64Jr/7ynQTD767agIFn4CHzFekL5HhTwOyYrm6F65bgtt
CM22QcYUcLtAw12UrEubJ8JUw+zjmvxoZJy7vCDg/JhELdxmlX+Y5TjvDtTYwmG/
miWqc9vpIslK+7IL+Hm8xoDMyZpJxhDwqnFbyJExzdUu2BtPPk6OeUQI/isvtSpP
CZF/O2HijLSauJtOxkOLWW5jeQUv9xIPDKI1MT6uAIOX0M+Zw6kfC/IuXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqNtFk5SHcmxCuzjkQEsRRkB4+YMB8GA1UdIwQY
MBaAFD5wwUvyb68BmPHnskcpzXGzNRjeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5EQlNfSnZyd0dZOGVleVJ5bk5jYk0xR040LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8xZDJkZjktOGY4Mi00NzE2LTg1M2Ut
NTM4NTk0OTBkMjZmLzEvYW8yMFdUbElkeWJFSzdPT1JBU3hGR1FIajVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8xZDJkZjktOGY4Mi00NzE2LTg1M2UtNTM4NTk0OTBkMjZm
LzEvUG5EQlNfSnZyd0dZOGVleVJ5bk5jYk0xR040LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwak7MA0G
CSqGSIb3DQEBCwUAA4IBAQAGjrdFfmFxGXuZvBdZ/A2VRMYhcqGNE2/d9+SCSSC/
aSK5JR6J5r6VcLx1pl4Hc4C2R+Utr5/ARBBBGrwD/roEui58rH3wcr0pdWrRVfFc
Q0aGB2jW/xgBq8W3C2ltg4OefpjoWBrAHYHdZLI2fWYc7Z1e2AGGgXf9Zobnf2g+
QmQTKdSw/PayWvHTMkVUbJWsWAGPE4tUVGlFR0BDefygZUty0ZH4R0RvEysT5XAS
yPOVXL2CNWtQpzpG9PpiTltOij9BaynsZCv/iIQT8cB5nTTmrsKC0Mv6aEaQS+vD
+NR2wwEOUWKkc8J5P067Yde2sdcpe7/NZTISvgFKSpx1
-----END CERTIFICATE-----