This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/fb3NlfyiI12-2naS91KzEXDuLcM.roa
File:                     fb3NlfyiI12-2naS91KzEXDuLcM.roa (raw, json)
Hash identifier:          xFi8qis3wYM7XGFa9w0jwhmsTCg5KkrRoqZqwdJaBxs=
Subject key identifier:   7D:BD:CD:95:FC:A2:23:5D:BE:DA:76:92:F7:52:B3:11:70:EE:2D:C3
Certificate issuer:       /CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
Certificate serial:       019B7F156CE5EEFF601AAE33AD2493471E8F
Authority key identifier: 70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/fb3NlfyiI12-2naS91KzEXDuLcM.roa
Signing time:             Fri 02 Jan 2026 14:21:09 +0000
ROA not before:           Fri 02 Jan 2026 14:21:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32181
IP address blocks:        193.203.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:6c:e5:ee:ff:60:1a:ae:33:ad:24:93:47:1e:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
        Validity
            Not Before: Jan  2 14:21:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7dbdcd95fca2235dbeda7692f752b31170ee2dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f2:0d:ab:7a:3c:e2:7d:88:dc:94:28:66:3d:
                    c2:14:08:cc:64:c6:b0:a5:b1:a7:c9:96:9c:7e:01:
                    10:14:28:3e:21:8f:9c:eb:22:81:5a:a2:c8:e8:0c:
                    1f:02:8c:76:0d:e1:a3:df:1b:14:ad:18:a6:9f:32:
                    92:45:c6:f6:79:01:6d:8e:0e:5d:c3:0c:cc:1f:4d:
                    1a:5c:16:1c:5b:86:82:b2:b9:10:69:9d:2e:ab:a1:
                    3f:ff:1b:8d:06:b5:03:75:f2:df:f2:49:63:95:47:
                    15:16:66:79:e2:e2:76:e8:2f:2d:0d:46:c1:c5:bf:
                    a2:85:48:76:af:11:a0:25:88:cf:60:f6:17:53:ee:
                    fd:8c:28:91:31:27:18:6d:8e:1b:99:db:0c:e4:dd:
                    a2:e5:28:15:73:a4:20:fe:b0:c9:eb:60:39:6f:4b:
                    db:b7:af:fe:6e:15:12:2b:38:eb:39:91:99:f3:35:
                    09:c8:a3:09:15:dd:ca:8e:77:bc:62:b0:fc:cb:91:
                    36:9c:81:4a:83:24:df:64:3e:a6:5b:10:29:65:26:
                    16:f1:c0:86:43:9f:dc:0d:ea:f0:b3:c6:f3:7d:f6:
                    af:f8:89:47:94:93:58:66:96:18:87:25:71:16:a2:
                    10:8e:6e:1f:c2:9d:31:58:49:1c:3a:31:26:f1:ec:
                    21:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BD:CD:95:FC:A2:23:5D:BE:DA:76:92:F7:52:B3:11:70:EE:2D:C3
            X509v3 Authority Key Identifier:
                keyid:70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/fb3NlfyiI12-2naS91KzEXDuLcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:a1:32:64:40:70:2d:22:0d:a7:db:1c:f6:03:58:39:dc:4d:
         bf:23:bb:4a:a4:5e:02:e2:0a:00:13:ac:5b:5f:de:c7:56:70:
         47:6d:b0:d2:dc:dd:59:6c:bc:f1:86:b8:31:0b:af:7b:e5:0b:
         12:ac:43:9d:8f:22:68:23:81:65:0d:34:87:52:1b:f9:0b:76:
         2f:8d:95:d0:cd:0b:5a:5e:f0:97:32:8d:bb:53:62:2a:9e:9b:
         9c:19:0c:1c:da:4f:dd:3d:7b:8d:14:2e:8b:99:74:bc:e5:79:
         b1:7d:75:4b:54:dc:a4:f4:9c:9a:06:38:9a:db:28:c1:96:a6:
         76:f1:21:14:99:ca:0d:d5:b5:1b:d8:6b:95:7c:09:1d:11:18:
         15:0d:4e:22:38:42:be:9a:4e:dc:37:5d:71:46:cf:ae:a5:86:
         fd:4f:ab:fe:57:1f:57:eb:be:8c:a8:55:c8:97:9c:c0:66:ba:
         6d:95:e6:da:48:99:30:b3:5d:20:67:1e:4f:3d:29:77:9e:11:
         96:7a:02:2c:0f:00:b3:1b:8c:7e:28:20:d0:77:19:cb:a5:d8:
         b9:38:55:aa:79:cd:a3:01:25:38:ef:5c:e9:80:d2:e5:0f:b9:
         85:44:7f:49:e2:e9:33:6d:92:91:57:fe:8c:a0:57:ac:2f:db:
         d9:31:05:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FWzl7v9gGq4zrSSTRx6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYjE5MGQ2Zjg5YTQzNGNjZTVjYjhjMGQ0YjM4YTE2Njlk
ZWZiNTkwHhcNMjYwMTAyMTQyMTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGJkY2Q5NWZjYTIyMzVkYmVkYTc2OTJmNzUyYjMxMTcwZWUyZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/INq3o84n2I3JQoZj3CFAjMZMaw
pbGnyZacfgEQFCg+IY+c6yKBWqLI6AwfAox2DeGj3xsUrRimnzKSRcb2eQFtjg5d
wwzMH00aXBYcW4aCsrkQaZ0uq6E//xuNBrUDdfLf8kljlUcVFmZ54uJ26C8tDUbB
xb+ihUh2rxGgJYjPYPYXU+79jCiRMScYbY4bmdsM5N2i5SgVc6Qg/rDJ62A5b0vb
t6/+bhUSKzjrOZGZ8zUJyKMJFd3Kjne8YrD8y5E2nIFKgyTfZD6mWxApZSYW8cCG
Q5/cDerws8bzffav+IlHlJNYZpYYhyVxFqIQjm4fwp0xWEkcOjEm8ewhowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH29zZX8oiNdvtp2kvdSsxFw7i3DMB8GA1UdIwQY
MBaAFHCxkNb4mkNMzly4wNSzihZp3vtZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYt
NDZiZDdkNzk0ZmI2LzEvZmIzTmxmeWlJMTItMm5hUzkxS3pFWER1TGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYtNDZiZDdkNzk0ZmI2
LzEvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwcscMA0G
CSqGSIb3DQEBCwUAA4IBAQBKoTJkQHAtIg2n2xz2A1g53E2/I7tKpF4C4goAE6xb
X97HVnBHbbDS3N1ZbLzxhrgxC6975QsSrEOdjyJoI4FlDTSHUhv5C3YvjZXQzQta
XvCXMo27U2IqnpucGQwc2k/dPXuNFC6LmXS85XmxfXVLVNyk9JyaBjia2yjBlqZ2
8SEUmcoN1bUb2GuVfAkdERgVDU4iOEK+mk7cN11xRs+upYb9T6v+Vx9X676MqFXI
l5zAZrptlebaSJkws10gZx5PPSl3nhGWegIsDwCzG4x+KCDQdxnLpdi5OFWqec2j
ASU471zpgNLlD7mFRH9J4ukzbZKRV/6MoFesL9vZMQXs
-----END CERTIFICATE-----