This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/L3AHD1nIaJn-Qkxqjxi4waU1okM.roa
File:                     L3AHD1nIaJn-Qkxqjxi4waU1okM.roa (raw, json)
Hash identifier:          MqsTHnRn4vzlkUHWrFaXq9Uo9UAjzsK7URiYSvcgf8k=
Subject key identifier:   2F:70:07:0F:59:C8:68:99:FE:42:4C:6A:8F:18:B8:C1:A5:35:A2:43
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       019B7BA3C6776B05504F53427AA9ADAC484D
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/L3AHD1nIaJn-Qkxqjxi4waU1okM.roa
Signing time:             Thu 01 Jan 2026 22:18:09 +0000
ROA not before:           Thu 01 Jan 2026 22:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59253
IP address blocks:        171.22.62.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:c6:77:6b:05:50:4f:53:42:7a:a9:ad:ac:48:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 22:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f70070f59c86899fe424c6a8f18b8c1a535a243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:20:dd:2b:d9:cc:24:75:ab:b1:8f:6e:5e:ec:
                    37:64:43:c1:6e:e8:73:7c:7d:ec:0b:25:81:a1:7a:
                    73:6f:e8:93:3c:c0:4d:19:13:c8:df:44:c1:72:97:
                    be:19:08:50:cc:c3:8d:ee:78:4a:cf:e4:20:29:7a:
                    5a:b4:d1:f8:b9:37:2c:dc:44:54:fe:1d:f7:8f:2f:
                    1f:8c:be:69:0b:60:cd:7a:be:59:21:8b:0c:5e:31:
                    ef:32:2c:1c:df:b3:80:24:26:d2:cc:0b:94:3e:18:
                    a8:d9:b8:b7:0e:a1:f2:b4:7b:be:15:d3:34:26:94:
                    41:a5:63:9f:c2:2f:14:71:5e:06:2a:11:ee:e1:25:
                    e2:c0:f0:f7:11:59:d9:b9:6c:24:1b:9d:23:c9:e8:
                    e9:30:d4:d4:92:c3:a0:8c:27:50:c2:89:d1:49:41:
                    09:c6:72:48:c2:55:34:2e:d1:3f:9e:71:3c:f1:6f:
                    a6:ec:0c:7b:36:f4:e4:60:b0:c1:c2:6a:48:54:b3:
                    6f:07:d0:f9:42:e3:6c:fd:d4:b0:15:ae:9d:a1:4d:
                    72:3c:02:c2:41:8e:df:88:ef:ec:52:ad:2a:e0:28:
                    22:d6:6d:9b:c1:e6:fb:ed:d9:05:f7:a0:3c:91:de:
                    e5:2f:44:f6:1b:63:08:5c:ed:01:0a:83:f0:cb:03:
                    d2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:70:07:0F:59:C8:68:99:FE:42:4C:6A:8F:18:B8:C1:A5:35:A2:43
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/L3AHD1nIaJn-Qkxqjxi4waU1okM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:48:b4:37:da:5b:91:11:5a:dc:42:84:00:68:73:f3:d8:46:
         ae:09:e9:67:dc:2c:95:01:7e:a2:71:0f:f5:3b:52:a4:e8:1c:
         75:ec:8c:fe:8d:6f:69:f4:c0:ab:fe:73:ae:17:5e:1d:bc:31:
         dd:cb:f8:5b:a2:0a:5e:bd:fb:79:10:19:54:6e:64:3d:f1:19:
         ea:14:7c:ed:63:80:3f:1c:5d:f4:7d:1d:f6:72:a8:cf:09:2d:
         cf:df:a8:8c:16:0a:20:0e:96:60:ec:f2:4c:a4:35:0a:e1:b0:
         aa:47:64:8c:bb:82:1e:33:6e:8c:74:c3:51:dd:4a:35:a9:fd:
         62:80:0b:36:35:88:51:5f:28:53:67:87:42:67:07:05:55:dd:
         3d:59:73:dd:79:3f:9c:3a:8a:c1:68:fb:33:63:cb:55:6f:76:
         4a:ee:e2:b7:d2:d9:ba:36:a4:44:0f:f9:40:df:97:38:de:aa:
         16:0b:bb:0b:85:27:c3:04:09:b9:71:b6:e8:8b:ac:35:8b:9e:
         d7:75:ef:9b:a8:eb:ea:46:57:2a:f4:e4:c4:f4:bf:ec:31:cf:
         67:ac:38:de:6c:ba:06:a0:3d:ea:f7:b5:3c:73:f0:e1:da:ca:
         b0:9e:20:9c:3b:53:c3:18:c2:10:10:c5:7a:bd:53:26:9f:d6:
         80:fb:cb:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o8Z3awVQT1NCeqmtrEhNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjYwMTAxMjIxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjcwMDcwZjU5Yzg2ODk5ZmU0MjRjNmE4ZjE4YjhjMWE1MzVhMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSDdK9nMJHWrsY9uXuw3ZEPBbuhz
fH3sCyWBoXpzb+iTPMBNGRPI30TBcpe+GQhQzMON7nhKz+QgKXpatNH4uTcs3ERU
/h33jy8fjL5pC2DNer5ZIYsMXjHvMiwc37OAJCbSzAuUPhio2bi3DqHytHu+FdM0
JpRBpWOfwi8UcV4GKhHu4SXiwPD3EVnZuWwkG50jyejpMNTUksOgjCdQwonRSUEJ
xnJIwlU0LtE/nnE88W+m7Ax7NvTkYLDBwmpIVLNvB9D5QuNs/dSwFa6doU1yPALC
QY7fiO/sUq0q4Cgi1m2bweb77dkF96A8kd7lL0T2G2MIXO0BCoPwywPS1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9wBw9ZyGiZ/kJMao8YuMGlNaJDMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvTDNBSEQxbklhSm4tUWt4cWp4aTR3YVUxb2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBqxY+MA0G
CSqGSIb3DQEBCwUAA4IBAQClSLQ32luREVrcQoQAaHPz2EauCeln3CyVAX6icQ/1
O1Kk6Bx17Iz+jW9p9MCr/nOuF14dvDHdy/hbogpevft5EBlUbmQ98RnqFHztY4A/
HF30fR32cqjPCS3P36iMFgogDpZg7PJMpDUK4bCqR2SMu4IeM26MdMNR3Uo1qf1i
gAs2NYhRXyhTZ4dCZwcFVd09WXPdeT+cOorBaPszY8tVb3ZK7uK30tm6NqRED/lA
35c43qoWC7sLhSfDBAm5cbboi6w1i57Xde+bqOvqRlcq9OTE9L/sMc9nrDjebLoG
oD3q97U8c/Dh2sqwniCcO1PDGMIQEMV6vVMmn9aA+8sm
-----END CERTIFICATE-----