This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3tbVnJCFZWajVXQBEkDUGaCZ-zM.roa
File:                     3tbVnJCFZWajVXQBEkDUGaCZ-zM.roa (raw, json)
Hash identifier:          MPYZvBYGIUfZ4xHIZIQTng1l+c5iq/Y+zEGEEDO4LHo=
Subject key identifier:   DE:D6:D5:9C:90:85:65:66:A3:55:74:01:12:40:D4:19:A0:99:FB:33
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8572576BA469F9DE304CE92253EFA5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3tbVnJCFZWajVXQBEkDUGaCZ-zM.roa
Signing time:             Fri 02 Jan 2026 16:23:30 +0000
ROA not before:           Fri 02 Jan 2026 16:23:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214719
IP address blocks:        192.124.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:72:57:6b:a4:69:f9:de:30:4c:e9:22:53:ef:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ded6d59c90856566a35574011240d419a099fb33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dc:1c:78:f5:c4:17:48:99:96:38:75:4e:f6:
                    0d:c0:3e:4c:c0:e3:af:06:83:33:00:95:b6:3b:fc:
                    63:ad:dd:a0:38:85:f3:45:11:51:f3:c5:bb:bc:ce:
                    55:7d:dd:0b:23:cf:45:bf:f4:7f:2f:b1:5d:f4:38:
                    8f:e3:43:26:b7:47:d5:64:b9:bb:ca:91:da:96:b2:
                    ed:fc:33:29:a1:8b:7e:21:b7:29:2e:e9:1e:e1:fe:
                    29:0d:fb:24:b5:98:91:a2:f0:4b:04:84:aa:a3:7f:
                    6b:ac:ae:74:37:65:50:bb:44:f2:72:da:d5:d9:57:
                    1f:a9:3f:46:ab:06:4c:09:46:b5:b2:77:e3:18:1d:
                    11:22:db:5c:2f:a1:b7:32:29:e5:5b:3f:e8:3a:3e:
                    f9:0c:5d:2f:b9:f1:89:ae:37:2b:68:fc:a8:f1:86:
                    dc:2a:60:de:c9:23:e1:b2:14:d3:a8:a8:1a:62:5d:
                    84:5e:0e:23:ae:b3:5e:5c:20:03:da:b3:aa:20:7c:
                    c3:38:dd:f8:e4:56:94:e3:5a:1c:b9:0e:5b:03:a7:
                    2f:10:be:36:a1:94:d4:3b:a2:c1:3a:1c:39:00:2b:
                    86:0f:e4:63:be:2c:0d:17:e1:69:58:f8:01:88:fd:
                    60:ff:b8:50:7b:e3:ae:8a:e5:1c:49:5f:91:99:b5:
                    6f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:D6:D5:9C:90:85:65:66:A3:55:74:01:12:40:D4:19:A0:99:FB:33
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3tbVnJCFZWajVXQBEkDUGaCZ-zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:2d:0d:7e:20:f7:4e:1c:ea:40:67:5d:36:ed:48:fa:32:0f:
         fa:0a:d3:52:8d:b9:cb:1d:b5:d3:36:72:76:81:86:5a:5f:8f:
         f5:2a:53:07:27:16:96:64:b2:20:83:45:a3:98:dd:d9:7b:14:
         44:6e:9a:4d:2f:6f:02:d8:dd:c5:38:98:7d:08:d9:0e:27:f9:
         18:c1:6d:d3:6a:3c:13:c4:e7:ed:7e:5d:03:b4:a6:ed:d7:9f:
         d9:10:b7:1d:e7:32:04:44:9a:e0:78:a6:33:a5:1e:b9:62:33:
         ae:d0:b5:b1:17:f9:c9:08:3e:de:66:5b:7d:ab:c4:94:0c:dd:
         e7:2b:8a:17:c5:5d:b8:39:e0:a4:46:df:91:9b:21:34:dd:c3:
         c3:79:e8:ea:6c:d6:f6:56:ff:af:b2:f3:c2:02:5b:72:20:39:
         16:b0:6c:0a:72:10:2b:cd:69:34:f6:e7:81:8a:72:88:d9:af:
         a8:08:39:45:5a:79:fa:35:a3:21:1d:84:d3:e3:03:b3:f4:74:
         84:b0:22:e7:b7:aa:f7:69:1a:23:47:f4:8a:de:c6:7c:2e:71:
         ba:b2:f1:43:d4:0f:f3:b3:ad:bd:0f:9e:2f:09:1f:66:32:70:
         d8:50:da:1f:c1:e6:87:72:43:16:d3:0f:44:f9:e8:58:10:fa:
         ef:a1:48:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hXJXa6Rp+d4wTOkiU++lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWQ2ZDU5YzkwODU2NTY2YTM1NTc0MDExMjQwZDQxOWEwOTlmYjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstwcePXEF0iZljh1TvYNwD5MwOOv
BoMzAJW2O/xjrd2gOIXzRRFR88W7vM5Vfd0LI89Fv/R/L7Fd9DiP40Mmt0fVZLm7
ypHalrLt/DMpoYt+IbcpLuke4f4pDfsktZiRovBLBISqo39rrK50N2VQu0TyctrV
2VcfqT9GqwZMCUa1snfjGB0RIttcL6G3MinlWz/oOj75DF0vufGJrjcraPyo8Ybc
KmDeySPhshTTqKgaYl2EXg4jrrNeXCAD2rOqIHzDON345FaU41ocuQ5bA6cvEL42
oZTUO6LBOhw5ACuGD+RjviwNF+FpWPgBiP1g/7hQe+OuiuUcSV+RmbVvYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7W1ZyQhWVmo1V0ARJA1BmgmfszMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvM3RiVm5KQ0ZaV2FqVlhRQkVrRFVHYUNaLXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHzYMA0G
CSqGSIb3DQEBCwUAA4IBAQAMLQ1+IPdOHOpAZ1027Uj6Mg/6CtNSjbnLHbXTNnJ2
gYZaX4/1KlMHJxaWZLIgg0WjmN3ZexREbppNL28C2N3FOJh9CNkOJ/kYwW3TajwT
xOftfl0DtKbt15/ZELcd5zIERJrgeKYzpR65YjOu0LWxF/nJCD7eZlt9q8SUDN3n
K4oXxV24OeCkRt+RmyE03cPDeejqbNb2Vv+vsvPCAltyIDkWsGwKchArzWk09ueB
inKI2a+oCDlFWnn6NaMhHYTT4wOz9HSEsCLnt6r3aRojR/SK3sZ8LnG6svFD1A/z
s629D54vCR9mMnDYUNofweaHckMW0w9E+ehYEPrvoUgO
-----END CERTIFICATE-----