This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/Po91py2fhJdQGVHgdk7idjtwShI.roa
File:                     Po91py2fhJdQGVHgdk7idjtwShI.roa (raw, json)
Hash identifier:          M3TCrvio3ZBNRYCLggK7+XJO5M1JFEoCLSO3VbGAey0=
Subject key identifier:   3E:8F:75:A7:2D:9F:84:97:50:19:51:E0:76:4E:E2:76:3B:70:4A:12
Certificate issuer:       /CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
Certificate serial:       019B2E14212921FF48C4B8380448AA9F3043
Authority key identifier: CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/Po91py2fhJdQGVHgdk7idjtwShI.roa
Signing time:             Wed 17 Dec 2025 20:50:29 +0000
ROA not before:           Wed 17 Dec 2025 20:50:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399970
IP address blocks:        194.104.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 15:46:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:2e:14:21:29:21:ff:48:c4:b8:38:04:48:aa:9f:30:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
        Validity
            Not Before: Dec 17 20:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e8f75a72d9f8497501951e0764ee2763b704a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:f7:b2:85:54:a1:ec:3e:76:02:34:83:6b:92:
                    cc:e7:be:a5:47:90:ff:f0:ba:58:81:a0:7a:d5:a2:
                    68:00:e6:e9:23:63:c6:60:78:5d:76:68:aa:09:50:
                    f5:6a:c9:0b:01:15:5d:52:87:15:b6:0d:e8:6d:ef:
                    eb:30:7e:c2:78:f2:da:fa:0d:22:4f:76:af:33:1f:
                    df:48:70:66:8b:10:0e:52:9a:b9:1b:f8:27:e8:7d:
                    9a:7c:e1:35:17:3e:e2:15:f2:e9:3f:93:eb:98:04:
                    78:80:36:92:0e:73:04:f4:15:58:08:8f:e8:fa:96:
                    50:4e:55:58:3c:4c:c1:ea:58:dd:6d:b7:90:12:75:
                    74:b5:b3:32:65:a8:cd:c4:03:c1:dc:78:99:2e:2d:
                    63:18:fa:5f:78:34:4a:2a:7f:a6:da:c6:ba:e7:aa:
                    69:10:f6:51:8f:58:5f:e5:ea:1a:f7:f3:0e:14:24:
                    5b:31:84:94:94:7c:2a:02:51:3a:15:49:13:94:cd:
                    61:29:34:66:7e:ad:c3:6d:48:78:09:6c:7c:57:66:
                    c8:0d:b0:53:cc:87:42:d4:58:28:df:4d:8d:bc:58:
                    d3:ff:98:59:0c:37:44:70:f4:6e:5e:88:a7:a6:31:
                    50:58:c9:12:93:d7:b8:22:f9:04:05:34:eb:7f:29:
                    f3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8F:75:A7:2D:9F:84:97:50:19:51:E0:76:4E:E2:76:3B:70:4A:12
            X509v3 Authority Key Identifier:
                keyid:CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/Po91py2fhJdQGVHgdk7idjtwShI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:00:6a:95:c0:fa:f4:32:f0:19:5c:eb:9b:d8:14:2b:6c:9d:
         0a:21:e3:ad:e8:6e:fb:56:f3:37:f2:18:48:76:d2:d4:68:3f:
         8d:c7:63:f6:25:79:9c:30:58:41:ec:38:97:7f:b9:aa:a5:e6:
         3f:ef:42:ee:8f:f7:f6:88:f5:ee:cd:a3:77:86:ad:55:0d:c1:
         60:f1:63:60:8b:8b:71:3a:c0:61:1f:27:c7:66:b2:e3:00:c2:
         35:97:9c:95:80:eb:6d:f2:7d:a5:74:0c:2c:ee:6b:5d:d1:55:
         e3:78:29:2b:52:94:b2:f6:af:49:e1:59:50:1d:3f:1b:07:c4:
         3e:d4:ea:be:25:c3:4f:a3:f1:3b:f7:27:70:78:e8:e9:88:aa:
         68:46:5a:6f:00:04:fd:b7:65:db:3b:3a:8d:88:33:1b:11:8b:
         bf:21:55:82:4d:c4:be:6b:da:91:3c:7e:09:e4:dd:08:c4:64:
         9e:bd:55:cb:75:4c:d7:96:97:01:40:1c:41:33:65:8b:6c:b2:
         6a:7e:40:65:5d:d0:9f:68:85:b3:a1:de:5e:d7:1c:b9:21:53:
         8a:ff:dd:f4:fb:5d:9d:32:4d:5b:a0:39:7a:5f:15:e4:8c:83:
         23:ef:53:c3:47:d4:d1:b8:b8:f9:35:fd:29:ca:cf:82:88:40:
         38:41:b4:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsuFCEpIf9IxLg4BEiqnzBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOWY2ZmJmZTAwYTA4NTkyYjdiYjBlZGZkYzIwMDJiZmM3
MmI1NzgwHhcNMjUxMjE3MjA1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThmNzVhNzJkOWY4NDk3NTAxOTUxZTA3NjRlZTI3NjNiNzA0YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PeyhVSh7D52AjSDa5LM576lR5D/
8LpYgaB61aJoAObpI2PGYHhddmiqCVD1askLARVdUocVtg3obe/rMH7CePLa+g0i
T3avMx/fSHBmixAOUpq5G/gn6H2afOE1Fz7iFfLpP5PrmAR4gDaSDnME9BVYCI/o
+pZQTlVYPEzB6ljdbbeQEnV0tbMyZajNxAPB3HiZLi1jGPpfeDRKKn+m2sa656pp
EPZRj1hf5eoa9/MOFCRbMYSUlHwqAlE6FUkTlM1hKTRmfq3DbUh4CWx8V2bIDbBT
zIdC1Fgo302NvFjT/5hZDDdEcPRuXoinpjFQWMkSk9e4IvkEBTTrfynzxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6Pdactn4SXUBlR4HZO4nY7cEoSMB8GA1UdIwQY
MBaAFM+fb7/gCghZK3uw7f3CACv8crV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUt
MzQyYTllZTczZDg1LzEvUG85MXB5MmZoSmRRR1ZIZ2RrN2lkanR3U2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUtMzQyYTllZTczZDg1
LzEvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiBMA0G
CSqGSIb3DQEBCwUAA4IBAQA+AGqVwPr0MvAZXOub2BQrbJ0KIeOt6G77VvM38hhI
dtLUaD+Nx2P2JXmcMFhB7DiXf7mqpeY/70Luj/f2iPXuzaN3hq1VDcFg8WNgi4tx
OsBhHyfHZrLjAMI1l5yVgOtt8n2ldAws7mtd0VXjeCkrUpSy9q9J4VlQHT8bB8Q+
1Oq+JcNPo/E79ydweOjpiKpoRlpvAAT9t2XbOzqNiDMbEYu/IVWCTcS+a9qRPH4J
5N0IxGSevVXLdUzXlpcBQBxBM2WLbLJqfkBlXdCfaIWzod5e1xy5IVOK/930+12d
Mk1boDl6XxXkjIMj71PDR9TRuLj5Nf0pys+CiEA4QbQo
-----END CERTIFICATE-----