This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/PbU9H76uPCLlqOQ-86yXlS220dw.roa
File:                     PbU9H76uPCLlqOQ-86yXlS220dw.roa (raw, json)
Hash identifier:          V4GbhAZFv6aWhq1lviPUINhL7BoSID+QsQjoj/+8n6Y=
Subject key identifier:   3D:B5:3D:1F:BE:AE:3C:22:E5:A8:E4:3E:F3:AC:97:95:2D:B6:D1:DC
Certificate issuer:       /CN=11f2e35b3c559b6d843667cad5dac674e01b96c3
Certificate serial:       019B7BA52DB99B5F09C11AF9DC65E38BD976
Authority key identifier: 11:F2:E3:5B:3C:55:9B:6D:84:36:67:CA:D5:DA:C6:74:E0:1B:96:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EfLjWzxVm22ENmfK1drGdOAblsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/PbU9H76uPCLlqOQ-86yXlS220dw.roa
Signing time:             Thu 01 Jan 2026 22:19:41 +0000
ROA not before:           Thu 01 Jan 2026 22:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209438
IP address blocks:        62.68.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/EfLjWzxVm22ENmfK1drGdOAblsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/EfLjWzxVm22ENmfK1drGdOAblsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EfLjWzxVm22ENmfK1drGdOAblsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 16:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:2d:b9:9b:5f:09:c1:1a:f9:dc:65:e3:8b:d9:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11f2e35b3c559b6d843667cad5dac674e01b96c3
        Validity
            Not Before: Jan  1 22:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3db53d1fbeae3c22e5a8e43ef3ac97952db6d1dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bc:ac:ad:0c:9a:c2:07:2d:18:d4:87:bc:a6:
                    1e:fd:13:8f:6b:e9:75:80:c1:5f:bd:1a:60:82:74:
                    f3:56:ff:96:f0:66:7e:46:64:3f:34:0c:ac:15:d8:
                    d3:f7:52:c5:32:6b:09:dc:b3:a2:11:42:75:22:3d:
                    f3:23:f1:a2:0b:ef:5c:2d:e3:57:fd:9f:9c:2d:cc:
                    f4:ec:6d:61:ac:66:c3:6d:59:26:5b:cc:5a:11:3d:
                    56:51:b4:e8:69:a9:ab:d3:a2:ed:3e:ae:4d:4a:44:
                    4a:92:8e:c7:aa:cf:fc:9c:62:27:40:7e:a3:67:55:
                    45:6c:67:32:f0:e5:54:e1:9c:7d:8e:01:24:32:bb:
                    04:67:a6:4c:c9:a5:ec:31:e3:da:a7:9b:50:1a:96:
                    09:1f:80:63:da:42:f8:d5:35:f6:47:d7:9a:54:26:
                    ff:d9:35:68:82:a2:e5:5c:d0:c0:52:68:d0:c1:cc:
                    c1:46:d9:bb:2e:64:b6:25:8c:e6:20:be:ae:af:b0:
                    9e:fc:dc:45:de:31:df:8e:c0:20:ba:eb:ab:de:cd:
                    ea:1b:7b:f2:8e:52:31:c1:05:15:a5:27:de:d0:b3:
                    1c:58:16:13:81:fe:7d:06:3a:24:31:77:93:36:e5:
                    a6:b6:7a:fa:45:79:2c:0a:ca:14:56:b9:a8:a8:e0:
                    cf:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B5:3D:1F:BE:AE:3C:22:E5:A8:E4:3E:F3:AC:97:95:2D:B6:D1:DC
            X509v3 Authority Key Identifier:
                keyid:11:F2:E3:5B:3C:55:9B:6D:84:36:67:CA:D5:DA:C6:74:E0:1B:96:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EfLjWzxVm22ENmfK1drGdOAblsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/PbU9H76uPCLlqOQ-86yXlS220dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/EfLjWzxVm22ENmfK1drGdOAblsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6e:28:5d:35:ed:ef:1a:13:61:e2:44:bb:38:d2:57:d5:c5:
         ca:55:67:8a:a7:b0:4c:c5:8a:06:59:2d:49:27:64:a4:20:ac:
         17:53:a9:d7:9f:f9:25:88:c0:b8:a0:39:67:7e:45:cb:84:c5:
         62:f9:28:a8:b5:43:86:6a:69:63:f5:40:da:02:98:cf:0e:e8:
         57:31:82:e6:b5:8d:83:85:02:51:38:67:de:43:41:d7:fe:20:
         14:e3:65:6f:54:91:85:99:e4:65:6c:c9:3b:d4:d1:fb:fb:9a:
         05:83:ea:ec:64:55:ce:af:2e:52:28:f6:97:cf:cc:32:48:38:
         f6:58:57:15:46:25:10:3e:44:7f:c7:d3:54:99:ce:aa:c6:0d:
         ec:27:40:ab:b2:91:d0:d0:5e:e3:35:a3:46:bb:67:04:71:6b:
         56:0b:67:d9:ed:de:98:9a:d7:50:a9:08:f2:6f:52:ce:ba:20:
         f7:36:a3:98:af:51:91:da:f8:61:bd:65:03:f7:7b:65:f6:3b:
         02:b6:9a:83:6b:1f:5f:63:75:0c:a6:75:4f:67:8b:6d:82:94:
         71:50:d2:af:11:9a:f8:b0:7d:67:9e:50:57:c8:dc:6b:97:e7:
         a3:43:f1:cf:93:2d:06:a3:08:ad:36:30:e4:1b:cc:2e:56:6f:
         28:39:21:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pS25m18JwRr53GXji9l2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZjJlMzViM2M1NTliNmQ4NDM2NjdjYWQ1ZGFjNjc0ZTAx
Yjk2YzMwHhcNMjYwMTAxMjIxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI1M2QxZmJlYWUzYzIyZTVhOGU0M2VmM2FjOTc5NTJkYjZkMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7ysrQyawgctGNSHvKYe/ROPa+l1
gMFfvRpggnTzVv+W8GZ+RmQ/NAysFdjT91LFMmsJ3LOiEUJ1Ij3zI/GiC+9cLeNX
/Z+cLcz07G1hrGbDbVkmW8xaET1WUbToaamr06LtPq5NSkRKko7Hqs/8nGInQH6j
Z1VFbGcy8OVU4Zx9jgEkMrsEZ6ZMyaXsMePap5tQGpYJH4Bj2kL41TX2R9eaVCb/
2TVogqLlXNDAUmjQwczBRtm7LmS2JYzmIL6ur7Ce/NxF3jHfjsAguuur3s3qG3vy
jlIxwQUVpSfe0LMcWBYTgf59BjokMXeTNuWmtnr6RXksCsoUVrmoqODPCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD21PR++rjwi5ajkPvOsl5UtttHcMB8GA1UdIwQY
MBaAFBHy41s8VZtthDZnytXaxnTgG5bDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWZMald6eFZtMjJFTm1mSzFkckdkT0FibHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi85OWQ2OGUtMjdjMy00YjJkLTk1ZjUt
MjUwYTllNjcwOGQwLzEvUGJVOUg3NnVQQ0xscU9RLTg2eVhsUzIyMGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi85OWQ2OGUtMjdjMy00YjJkLTk1ZjUtMjUwYTllNjcwOGQw
LzEvRWZMald6eFZtMjJFTm1mSzFkckdkT0FibHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRYMA0G
CSqGSIb3DQEBCwUAA4IBAQBNbihdNe3vGhNh4kS7ONJX1cXKVWeKp7BMxYoGWS1J
J2SkIKwXU6nXn/kliMC4oDlnfkXLhMVi+SiotUOGamlj9UDaApjPDuhXMYLmtY2D
hQJROGfeQ0HX/iAU42VvVJGFmeRlbMk71NH7+5oFg+rsZFXOry5SKPaXz8wySDj2
WFcVRiUQPkR/x9NUmc6qxg3sJ0CrspHQ0F7jNaNGu2cEcWtWC2fZ7d6YmtdQqQjy
b1LOuiD3NqOYr1GR2vhhvWUD93tl9jsCtpqDax9fY3UMpnVPZ4ttgpRxUNKvEZr4
sH1nnlBXyNxrl+ejQ/HPky0GowitNjDkG8wuVm8oOSF/
-----END CERTIFICATE-----