This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/Po_y7BTQnq0t83N4k5bzz1wi4hg.roa
File:                     Po_y7BTQnq0t83N4k5bzz1wi4hg.roa (raw, json)
Hash identifier:          fdtaoOhUYPqSiYrFP8PD67S1dme/kg9U36uFUbhYCQg=
Subject key identifier:   3E:8F:F2:EC:14:D0:9E:AD:2D:F3:73:78:93:96:F3:CF:5C:22:E2:18
Certificate issuer:       /CN=d27b877f899341269bec67c6e3a0a888ba7ae98d
Certificate serial:       019B03B320D207FE857222ECF730006DB0B6
Authority key identifier: D2:7B:87:7F:89:93:41:26:9B:EC:67:C6:E3:A0:A8:88:BA:7A:E9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/Po_y7BTQnq0t83N4k5bzz1wi4hg.roa
Signing time:             Tue 09 Dec 2025 15:20:29 +0000
ROA not before:           Tue 09 Dec 2025 15:20:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        195.234.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:03:b3:20:d2:07:fe:85:72:22:ec:f7:30:00:6d:b0:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d27b877f899341269bec67c6e3a0a888ba7ae98d
        Validity
            Not Before: Dec  9 15:20:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e8ff2ec14d09ead2df373789396f3cf5c22e218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:69:af:1c:c5:29:d9:50:a8:03:4b:2f:c8:5e:
                    f3:d9:2a:0e:f0:23:46:9d:47:f3:83:fe:33:66:ec:
                    80:32:1c:c4:64:b6:9e:52:72:5c:77:18:e3:3f:aa:
                    0d:dc:28:bb:e4:e5:7c:bf:de:fc:47:56:33:0d:27:
                    d0:ee:f8:88:1d:11:27:68:0e:36:21:d5:7f:20:02:
                    c6:40:1e:49:b2:30:7d:c8:3d:1b:b5:ed:1c:8f:48:
                    a0:2b:bc:0d:8d:59:13:e3:ad:9d:32:f0:22:5c:c7:
                    28:a0:ab:c6:2e:4f:4e:65:41:b6:01:63:c9:14:47:
                    ee:83:f2:df:5b:df:8f:87:bf:e4:f3:c7:a2:78:ea:
                    6f:f2:19:b1:18:10:58:92:b4:d6:56:43:5b:ef:f5:
                    a2:b2:c9:ea:b3:1d:ff:d3:1a:2a:db:49:40:6e:ed:
                    f9:dc:31:a4:41:92:93:71:c7:c2:25:fd:04:2c:e7:
                    ac:64:fa:fd:1d:61:51:05:c6:92:c3:e0:96:20:ef:
                    08:e3:d2:5e:7c:88:d3:91:71:3e:37:70:48:17:51:
                    93:06:1b:d9:41:a0:8f:d0:5b:fb:50:4f:2b:5e:ad:
                    62:d6:c2:d1:7a:3c:91:6c:b2:fc:4c:3c:75:20:15:
                    84:6d:d6:1a:c8:b9:a8:a6:5d:bf:3f:bf:db:43:b7:
                    ff:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8F:F2:EC:14:D0:9E:AD:2D:F3:73:78:93:96:F3:CF:5C:22:E2:18
            X509v3 Authority Key Identifier:
                keyid:D2:7B:87:7F:89:93:41:26:9B:EC:67:C6:E3:A0:A8:88:BA:7A:E9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/Po_y7BTQnq0t83N4k5bzz1wi4hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:73:2b:bb:d8:ad:c9:ad:33:35:12:af:5f:b9:1f:4a:01:b7:
         7b:b6:b5:51:7d:d6:83:ee:1d:21:bb:37:ab:db:16:d3:f6:c0:
         c1:f9:ed:23:03:67:56:a7:34:25:3d:e8:bb:da:0c:c2:60:98:
         1a:fc:a8:45:0e:f0:22:98:c9:80:b4:1b:81:83:49:20:5c:c5:
         a0:bd:bf:2c:bd:96:b6:a5:e6:3f:96:0e:4c:ad:7b:92:b6:ee:
         08:42:a7:bf:2a:e2:39:a2:98:df:84:84:5c:a6:8d:2d:fd:2b:
         a4:c8:fe:62:73:1d:2d:79:34:ba:90:47:de:52:d7:71:e0:de:
         9f:b8:e3:e6:6b:e6:60:96:93:fc:05:e4:d7:99:ef:7a:b9:2b:
         27:92:7b:be:ff:82:56:e6:e6:ec:e9:3f:6a:8e:3b:e0:c6:79:
         38:f7:35:50:63:97:56:86:b1:96:65:2a:0b:4b:61:63:73:7e:
         47:4b:26:bb:05:1d:e6:ee:06:9c:48:c0:54:74:df:7d:d8:47:
         75:b5:86:c3:54:5e:00:b6:35:e4:bb:dd:41:28:f5:ee:5c:33:
         e6:30:b6:20:9b:56:d2:84:cc:df:f1:3d:cf:8d:3c:e6:48:44:
         1f:73:d6:3c:b0:2d:c4:70:ba:06:f5:67:40:44:83:15:5c:8c:
         ef:63:1f:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsDsyDSB/6FciLs9zAAbbC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyN2I4NzdmODk5MzQxMjY5YmVjNjdjNmUzYTBhODg4YmE3
YWU5OGQwHhcNMjUxMjA5MTUyMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThmZjJlYzE0ZDA5ZWFkMmRmMzczNzg5Mzk2ZjNjZjVjMjJlMjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGmvHMUp2VCoA0svyF7z2SoO8CNG
nUfzg/4zZuyAMhzEZLaeUnJcdxjjP6oN3Ci75OV8v978R1YzDSfQ7viIHREnaA42
IdV/IALGQB5JsjB9yD0bte0cj0igK7wNjVkT462dMvAiXMcooKvGLk9OZUG2AWPJ
FEfug/LfW9+Ph7/k88eieOpv8hmxGBBYkrTWVkNb7/Wissnqsx3/0xoq20lAbu35
3DGkQZKTccfCJf0ELOesZPr9HWFRBcaSw+CWIO8I49JefIjTkXE+N3BIF1GTBhvZ
QaCP0Fv7UE8rXq1i1sLRejyRbLL8TDx1IBWEbdYayLmopl2/P7/bQ7f/5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6P8uwU0J6tLfNzeJOW889cIuIYMB8GA1UdIwQY
MBaAFNJ7h3+Jk0Emm+xnxuOgqIi6eumNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG51SGY0bVRRU2FiN0dmRzQ2Q29pTHA2NlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80NDVlZDAtNDhiMy00MDhlLWExYmMt
OTk3OWRmNTJiMDE4LzEvUG9feTdCVFFucTB0ODNONGs1Ynp6MXdpNGhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80NDVlZDAtNDhiMy00MDhlLWExYmMtOTk3OWRmNTJiMDE4
LzEvMG51SGY0bVRRU2FiN0dmRzQ2Q29pTHA2NlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+oiMA0G
CSqGSIb3DQEBCwUAA4IBAQADcyu72K3JrTM1Eq9fuR9KAbd7trVRfdaD7h0huzer
2xbT9sDB+e0jA2dWpzQlPei72gzCYJga/KhFDvAimMmAtBuBg0kgXMWgvb8svZa2
peY/lg5MrXuStu4IQqe/KuI5opjfhIRcpo0t/SukyP5icx0teTS6kEfeUtdx4N6f
uOPma+ZglpP8BeTXme96uSsnknu+/4JW5ubs6T9qjjvgxnk49zVQY5dWhrGWZSoL
S2Fjc35HSya7BR3m7gacSMBUdN992Ed1tYbDVF4AtjXku91BKPXuXDPmMLYgm1bS
hMzf8T3PjTzmSEQfc9Y8sC3EcLoG9WdARIMVXIzvYx99
-----END CERTIFICATE-----