This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hw3P-mnfNkgodJBgMUYWW72FQak.roa
File:                     hw3P-mnfNkgodJBgMUYWW72FQak.roa (raw, json)
Hash identifier:          jqe4m5m23W3MZIuoY9nLXZxYTuoX3eNK1QxXfjrFxU4=
Subject key identifier:   87:0D:CF:FA:69:DF:36:48:28:74:90:60:31:46:16:5B:BD:85:41:A9
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8544D7C4D165513C38E0530B838351
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hw3P-mnfNkgodJBgMUYWW72FQak.roa
Signing time:             Fri 02 Jan 2026 16:23:18 +0000
ROA not before:           Fri 02 Jan 2026 16:23:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24961
IP address blocks:        194.87.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:44:d7:c4:d1:65:51:3c:38:e0:53:0b:83:83:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=870dcffa69df3648287490603146165bbd8541a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d6:95:99:b6:c2:ae:57:7a:94:d7:67:03:ce:
                    f4:d2:96:66:91:03:2f:03:17:90:7e:09:bf:f8:a5:
                    1a:49:a5:47:98:07:0c:eb:ed:4d:dc:1c:20:4b:56:
                    f6:82:d4:bb:25:40:03:78:02:6c:b4:ac:00:89:66:
                    fe:56:0f:e7:ac:f7:20:d3:66:78:42:c3:f6:6f:d5:
                    d3:75:bf:1d:8d:e6:d6:29:cd:a6:99:c6:69:6e:2f:
                    93:2a:6f:0c:5e:1c:91:f5:98:57:2c:c1:e2:48:c6:
                    3a:b9:87:4a:51:fe:b2:f8:ef:4c:1f:e9:6b:02:1c:
                    4f:15:6a:aa:fc:02:83:5f:bd:91:3f:cc:14:37:9c:
                    cd:c6:51:c1:3b:f8:67:7b:b7:6e:91:b7:f9:2e:8b:
                    32:3e:7f:d8:9f:c3:7d:d0:56:54:9e:1e:8c:7d:50:
                    70:81:83:1e:19:bd:31:98:d3:d5:58:e2:e8:e6:be:
                    21:fe:19:8b:69:8d:d6:78:f2:a9:f6:fc:d4:a0:02:
                    8b:a4:5b:f4:20:e2:9d:c5:88:5b:30:97:8c:22:6b:
                    65:9d:79:6b:ca:7c:b2:00:a9:bb:46:63:4c:cf:dd:
                    fe:9d:5e:94:0e:c6:51:74:b1:4c:51:0e:43:8f:c6:
                    b6:56:7f:39:2d:13:55:b1:a8:05:f5:b3:9d:18:fa:
                    2e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:0D:CF:FA:69:DF:36:48:28:74:90:60:31:46:16:5B:BD:85:41:A9
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hw3P-mnfNkgodJBgMUYWW72FQak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:70:c4:12:6a:c1:94:e1:8e:3b:ce:4a:e4:73:de:6c:fd:c3:
         e2:1b:fc:ce:e7:3e:46:42:dc:cb:bd:78:71:cc:57:39:af:b8:
         90:fa:e9:44:1f:1a:38:fc:17:a8:d8:72:0e:ec:78:53:50:6a:
         dc:da:0b:71:11:01:65:79:a1:aa:fa:14:b5:82:4d:f1:66:df:
         ef:a8:ae:e9:70:e4:26:ea:79:42:11:3f:0f:d1:44:44:5f:1d:
         4a:ca:5c:c3:d7:03:68:2e:fa:52:4e:53:22:0d:99:4d:37:28:
         d2:b0:89:74:1c:5d:88:df:97:fb:9e:ab:86:e2:fc:7f:86:2a:
         a7:d3:db:40:b7:d9:3f:82:03:74:71:a9:96:f9:10:ea:04:46:
         06:c2:c4:52:e4:29:19:f2:e7:3b:a2:79:83:de:65:dd:2f:4d:
         c8:55:cd:70:2f:49:56:90:25:7e:bd:45:0b:7c:73:66:96:1b:
         4d:5f:22:2d:4c:7a:59:4e:11:3c:2c:f0:0c:c5:03:a7:78:d7:
         0d:61:08:82:44:1d:a1:67:3c:64:0e:a7:b3:fd:47:a7:eb:db:
         ef:3e:3c:fe:22:9e:8a:03:75:bf:5a:e5:f0:ba:95:c9:22:7c:
         4b:99:25:2e:24:d7:af:d3:5a:54:47:ea:dc:e3:19:26:85:10:
         6b:3c:7c:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUTXxNFlUTw44FMLg4NRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzBkY2ZmYTY5ZGYzNjQ4Mjg3NDkwNjAzMTQ2MTY1YmJkODU0MWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntaVmbbCrld6lNdnA8700pZmkQMv
AxeQfgm/+KUaSaVHmAcM6+1N3BwgS1b2gtS7JUADeAJstKwAiWb+Vg/nrPcg02Z4
QsP2b9XTdb8djebWKc2mmcZpbi+TKm8MXhyR9ZhXLMHiSMY6uYdKUf6y+O9MH+lr
AhxPFWqq/AKDX72RP8wUN5zNxlHBO/hne7dukbf5LosyPn/Yn8N90FZUnh6MfVBw
gYMeGb0xmNPVWOLo5r4h/hmLaY3WePKp9vzUoAKLpFv0IOKdxYhbMJeMImtlnXlr
ynyyAKm7RmNMz93+nV6UDsZRdLFMUQ5Dj8a2Vn85LRNVsagF9bOdGPoujwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcNz/pp3zZIKHSQYDFGFlu9hUGpMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaHczUC1tbmZOa2dvZEpCZ01VWVdXNzJGUWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcEMA0G
CSqGSIb3DQEBCwUAA4IBAQAGcMQSasGU4Y47zkrkc95s/cPiG/zO5z5GQtzLvXhx
zFc5r7iQ+ulEHxo4/Beo2HIO7HhTUGrc2gtxEQFleaGq+hS1gk3xZt/vqK7pcOQm
6nlCET8P0UREXx1KylzD1wNoLvpSTlMiDZlNNyjSsIl0HF2I35f7nquG4vx/hiqn
09tAt9k/ggN0camW+RDqBEYGwsRS5CkZ8uc7onmD3mXdL03IVc1wL0lWkCV+vUUL
fHNmlhtNXyItTHpZThE8LPAMxQOneNcNYQiCRB2hZzxkDqez/Uen69vvPjz+Ip6K
A3W/WuXwupXJInxLmSUuJNev01pUR+rc4xkmhRBrPHyR
-----END CERTIFICATE-----