This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/3nrBO5sN2ydgeQAybOfYJbnytMk.roa
File:                     3nrBO5sN2ydgeQAybOfYJbnytMk.roa (raw, json)
Hash identifier:          Zw/gRLsYG0xWKmlMFeUVC7H8FkwaHfFstqGc6SQAVFY=
Subject key identifier:   DE:7A:C1:3B:9B:0D:DB:27:60:79:00:32:6C:E7:D8:25:B9:F2:B4:C9
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       019B79ED1A83F6BD23C1AC3C7C40D4AF0911
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/3nrBO5sN2ydgeQAybOfYJbnytMk.roa
Signing time:             Thu 01 Jan 2026 14:19:00 +0000
ROA not before:           Thu 01 Jan 2026 14:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59948
IP address blocks:        193.59.12.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:1a:83:f6:bd:23:c1:ac:3c:7c:40:d4:af:09:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  1 14:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de7ac13b9b0ddb27607900326ce7d825b9f2b4c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:55:25:b9:6f:0c:af:00:bd:87:57:85:02:7a:
                    44:a0:7d:03:75:72:e8:4d:de:0b:43:4a:1e:e6:a3:
                    ad:d9:53:30:72:44:05:b3:1e:31:78:e3:ca:f2:ca:
                    52:e8:db:a1:16:27:b1:5a:53:0f:11:da:64:7c:3a:
                    83:2d:1d:9f:0c:01:56:98:d2:7e:2d:1a:68:59:6e:
                    81:78:4b:14:8c:ac:70:b0:74:f3:08:e1:c7:f8:87:
                    ab:31:06:ab:4f:11:67:d9:46:5b:23:2d:fc:05:44:
                    a7:f8:61:60:e9:d2:20:81:7f:86:04:85:6f:1e:3f:
                    61:59:ea:75:3b:0e:77:45:f5:f0:91:1c:12:e9:a5:
                    40:57:00:4e:ae:d9:77:3e:73:d9:4b:a9:ca:9f:7f:
                    1a:f5:25:0b:3e:b6:3b:c0:bb:96:b5:a0:45:6f:73:
                    35:2f:24:dd:fd:b5:bf:62:51:ec:c2:73:1a:20:b0:
                    d2:08:96:e1:4e:d5:50:01:a5:cf:03:cf:5e:5b:bd:
                    e9:33:43:04:cd:3c:6b:a8:18:46:2e:c0:fd:1f:b1:
                    f5:5d:17:b8:9d:78:f0:4e:61:e3:4d:25:86:22:7d:
                    66:e7:86:22:46:11:34:9a:36:a9:5e:90:c1:76:a6:
                    e6:79:4f:af:f4:95:e7:37:ab:61:4a:4f:d4:e1:8b:
                    ea:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:7A:C1:3B:9B:0D:DB:27:60:79:00:32:6C:E7:D8:25:B9:F2:B4:C9
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/3nrBO5sN2ydgeQAybOfYJbnytMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:7f:ba:bc:7a:ab:4f:41:ed:04:18:67:1c:4e:fb:38:ac:51:
         46:c8:fe:bc:4e:35:71:1b:ab:74:69:4c:0f:69:c7:be:05:0a:
         1e:c8:b5:0d:37:1d:b7:4b:77:7b:83:61:13:bc:03:b1:91:5e:
         db:9c:9b:dc:d6:b1:e7:77:cb:ac:86:19:70:5f:c7:c7:94:55:
         e1:47:be:67:f7:e5:73:6c:0c:5d:cb:94:f3:6c:4f:f8:5d:ba:
         02:09:61:52:65:4c:9b:52:95:fb:43:f2:0c:b1:8f:f8:3e:a3:
         76:b1:fa:e7:eb:a6:3d:9b:26:48:0a:83:a1:bc:13:17:1f:26:
         2d:10:fa:f2:8d:a3:ad:98:a0:88:86:d7:7b:0f:cd:05:92:7f:
         6e:9e:0f:c1:40:aa:ec:c3:aa:8e:9c:8f:2d:f2:a6:c3:d9:09:
         a7:e9:89:c9:b7:53:7a:27:0a:0b:9d:7f:22:b4:38:b6:12:fe:
         f4:93:80:f9:9e:e0:d4:b5:8f:72:92:29:c4:45:15:5e:40:63:
         56:7d:10:fc:5f:12:a9:7c:2a:1e:97:33:2b:ec:7d:eb:a0:2f:
         dc:9f:67:d5:1b:a5:b2:29:ea:39:c2:62:e8:1d:4d:dd:2b:0c:
         4b:52:20:bc:5b:05:7d:b9:3d:4f:f0:81:69:f0:cc:98:0e:98:
         9a:9a:22:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57RqD9r0jwaw8fEDUrwkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjYwMTAxMTQxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTdhYzEzYjliMGRkYjI3NjA3OTAwMzI2Y2U3ZDgyNWI5ZjJiNGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9VUluW8MrwC9h1eFAnpEoH0DdXLo
Td4LQ0oe5qOt2VMwckQFsx4xeOPK8spS6NuhFiexWlMPEdpkfDqDLR2fDAFWmNJ+
LRpoWW6BeEsUjKxwsHTzCOHH+IerMQarTxFn2UZbIy38BUSn+GFg6dIggX+GBIVv
Hj9hWep1Ow53RfXwkRwS6aVAVwBOrtl3PnPZS6nKn38a9SULPrY7wLuWtaBFb3M1
LyTd/bW/YlHswnMaILDSCJbhTtVQAaXPA89eW73pM0MEzTxrqBhGLsD9H7H1XRe4
nXjwTmHjTSWGIn1m54YiRhE0mjapXpDBdqbmeU+v9JXnN6thSk/U4YvqGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN56wTubDdsnYHkAMmzn2CW58rTJMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvM25yQk81c04yeWRnZVFBeWJPZllKYm55dE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTsMMA0G
CSqGSIb3DQEBCwUAA4IBAQBof7q8eqtPQe0EGGccTvs4rFFGyP68TjVxG6t0aUwP
ace+BQoeyLUNNx23S3d7g2ETvAOxkV7bnJvc1rHnd8ushhlwX8fHlFXhR75n9+Vz
bAxdy5TzbE/4XboCCWFSZUybUpX7Q/IMsY/4PqN2sfrn66Y9myZICoOhvBMXHyYt
EPryjaOtmKCIhtd7D80Fkn9ung/BQKrsw6qOnI8t8qbD2Qmn6YnJt1N6JwoLnX8i
tDi2Ev70k4D5nuDUtY9ykinERRVeQGNWfRD8XxKpfCoelzMr7H3roC/cn2fVG6Wy
Keo5wmLoHU3dKwxLUiC8WwV9uT1P8IFp8MyYDpiamiIq
-----END CERTIFICATE-----