This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/PE86ju9mZOIEW9OFmXOihbKc2sk.roa
File:                     PE86ju9mZOIEW9OFmXOihbKc2sk.roa (raw, json)
Hash identifier:          /DZfF8uSLWy1YJusoVYBgZLR0nTpQ0ahm22xjvNVUbk=
Subject key identifier:   3C:4F:3A:8E:EF:66:64:E2:04:5B:D3:85:99:73:A2:85:B2:9C:DA:C9
Certificate issuer:       /CN=c98b825f36e9cc330315c940de800cbabce3397b
Certificate serial:       019B2C5BC30FFE6885385D4CD572C80CDC45
Authority key identifier: C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/PE86ju9mZOIEW9OFmXOihbKc2sk.roa
Signing time:             Wed 17 Dec 2025 12:49:29 +0000
ROA not before:           Wed 17 Dec 2025 12:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12857
IP address blocks:        2a00:b400::/29 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Dec 2025 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:2c:5b:c3:0f:fe:68:85:38:5d:4c:d5:72:c8:0c:dc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98b825f36e9cc330315c940de800cbabce3397b
        Validity
            Not Before: Dec 17 12:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c4f3a8eef6664e2045bd3859973a285b29cdac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d6:cf:2d:db:0b:e7:88:30:64:71:93:2f:ed:
                    ff:0c:5b:01:71:25:b9:0d:df:de:d1:15:27:d4:50:
                    4b:ca:73:4d:09:4a:b2:31:62:f4:1a:52:e6:42:3e:
                    74:bb:b9:13:52:df:65:f8:3e:bf:a1:b7:a8:7b:71:
                    2a:7b:92:91:bf:ca:8a:3c:53:8d:83:aa:29:22:d5:
                    22:89:44:15:75:ce:7e:63:c4:39:00:82:74:e7:49:
                    b7:5a:bb:9d:49:84:6e:80:33:f7:24:2b:f7:f5:16:
                    40:3e:3d:bb:b5:6f:76:96:60:b1:49:af:4e:14:e2:
                    50:c8:d4:7a:7a:74:29:d5:64:64:ca:73:7e:35:51:
                    e9:ba:e5:54:21:43:6b:9f:87:5d:b9:6d:eb:44:7f:
                    83:92:f7:25:44:2e:fb:61:97:d1:6c:5e:e9:ae:4e:
                    f0:e5:bd:5c:1a:b6:e6:10:b5:8d:b9:2f:19:ef:b9:
                    bc:48:29:52:d8:7f:80:56:54:cc:59:93:52:ee:49:
                    83:cc:0d:ae:f6:aa:6c:cf:3a:30:1d:25:55:2f:0b:
                    ff:f0:ae:4c:82:4f:0b:19:ba:30:89:d9:41:66:a3:
                    39:0e:b1:a3:e1:cf:95:d7:e2:4d:74:9d:fe:20:a5:
                    06:d7:d6:2c:4e:78:06:b7:f5:32:b4:1f:3a:af:04:
                    a3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:4F:3A:8E:EF:66:64:E2:04:5B:D3:85:99:73:A2:85:B2:9C:DA:C9
            X509v3 Authority Key Identifier:
                keyid:C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/PE86ju9mZOIEW9OFmXOihbKc2sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:b400::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:55:93:62:91:a0:33:27:aa:17:84:a5:8a:79:45:48:59:d6:
         df:28:ce:2f:0e:03:5e:9c:84:b7:86:3e:15:ad:b9:fa:d3:51:
         fa:06:d3:60:37:ef:4f:ca:e0:98:a3:61:6b:20:00:86:87:b5:
         f4:ab:5a:15:a5:ba:58:05:c2:0c:57:5a:eb:75:a6:57:bb:2e:
         a4:7a:d7:e5:e8:d6:34:e0:c1:74:d6:e2:8e:3d:da:97:7a:2b:
         c5:61:cd:95:47:bb:32:8e:d0:cf:42:75:19:d2:83:f9:6c:ac:
         7e:48:c0:31:c9:3d:d0:44:71:2f:24:78:40:9f:d2:d4:3e:12:
         92:a6:db:75:99:f0:d1:f1:1b:9e:23:ee:4e:63:8c:e2:2a:6c:
         76:9d:8b:f6:44:31:79:27:e7:ea:c7:21:c2:a6:96:09:68:c9:
         c4:23:af:a3:da:da:76:58:d2:62:a1:78:55:0a:3a:ca:60:df:
         2f:3c:ac:46:ae:76:f0:02:8f:e2:5f:30:3d:74:e3:18:f3:98:
         46:a5:43:c7:4d:db:95:55:cd:1d:66:69:af:78:57:0e:90:87:
         6d:cd:a8:93:3d:35:f2:36:94:aa:81:22:46:87:93:8b:41:33:
         55:38:a6:ec:53:1b:75:a7:42:76:59:96:46:3a:4f:78:b7:09:
         89:1e:5a:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZssW8MP/miFOF1M1XLIDNxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGI4MjVmMzZlOWNjMzMwMzE1Yzk0MGRlODAwY2JhYmNl
MzM5N2IwHhcNMjUxMjE3MTI0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzRmM2E4ZWVmNjY2NGUyMDQ1YmQzODU5OTczYTI4NWIyOWNkYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNbPLdsL54gwZHGTL+3/DFsBcSW5
Dd/e0RUn1FBLynNNCUqyMWL0GlLmQj50u7kTUt9l+D6/obeoe3Eqe5KRv8qKPFON
g6opItUiiUQVdc5+Y8Q5AIJ050m3WrudSYRugDP3JCv39RZAPj27tW92lmCxSa9O
FOJQyNR6enQp1WRkynN+NVHpuuVUIUNrn4dduW3rRH+DkvclRC77YZfRbF7prk7w
5b1cGrbmELWNuS8Z77m8SClS2H+AVlTMWZNS7kmDzA2u9qpszzowHSVVLwv/8K5M
gk8LGbowidlBZqM5DrGj4c+V1+JNdJ3+IKUG19YsTngGt/UytB86rwSjoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDxPOo7vZmTiBFvThZlzooWynNrJMB8GA1UdIwQY
MBaAFMmLgl826cwzAxXJQN6ADLq84zl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUt
Yjg5YTUxMWMzYmJkLzEvUEU4Nmp1OW1aT0lFVzlPRm1YT2loYktjMnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUtYjg5YTUxMWMzYmJk
LzEveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgC0ADAN
BgkqhkiG9w0BAQsFAAOCAQEAK1WTYpGgMyeqF4SlinlFSFnW3yjOLw4DXpyEt4Y+
Fa25+tNR+gbTYDfvT8rgmKNhayAAhoe19KtaFaW6WAXCDFda63WmV7supHrX5ejW
NODBdNbijj3al3orxWHNlUe7Mo7Qz0J1GdKD+WysfkjAMck90ERxLyR4QJ/S1D4S
kqbbdZnw0fEbniPuTmOM4ipsdp2L9kQxeSfn6schwqaWCWjJxCOvo9radljSYqF4
VQo6ymDfLzysRq528AKP4l8wPXTjGPOYRqVDx03blVXNHWZpr3hXDpCHbc2okz01
8jaUqoEiRoeTi0EzVTim7FMbdadCdlmWRjpPeLcJiR5a/Q==
-----END CERTIFICATE-----