This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/nT3CPzgOXFPIxgCiJvzaGFj4iPQ.roa
File:                     nT3CPzgOXFPIxgCiJvzaGFj4iPQ.roa (raw, json)
Hash identifier:          JRupVB/8+FWibeOM3qCsVYRvWGj1OBxjlkAaV4mHw1k=
Subject key identifier:   9D:3D:C2:3F:38:0E:5C:53:C8:C6:00:A2:26:FC:DA:18:58:F8:88:F4
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       019B79ED29215434C804CDF0878F9955B257
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/nT3CPzgOXFPIxgCiJvzaGFj4iPQ.roa
Signing time:             Thu 01 Jan 2026 14:19:04 +0000
ROA not before:           Thu 01 Jan 2026 14:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211155
IP address blocks:        193.59.180.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:29:21:54:34:c8:04:cd:f0:87:8f:99:55:b2:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  1 14:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d3dc23f380e5c53c8c600a226fcda1858f888f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3c:18:e8:a3:00:4b:e8:c7:b4:65:da:b8:78:
                    dc:c8:4a:8d:73:ec:b0:63:7c:15:96:62:d4:ff:c3:
                    91:30:bc:f4:8d:13:49:6a:9b:48:fd:0e:33:ef:8c:
                    8a:bf:44:91:97:17:6a:ef:12:c4:12:bf:71:c0:4d:
                    96:01:d0:25:68:9f:32:da:6f:a4:dc:dc:94:c9:ac:
                    c6:f3:55:6e:bb:fc:9e:65:ff:ba:12:b6:a1:66:14:
                    4a:b6:95:c5:2d:ea:b0:a1:b7:30:e0:75:e2:73:cd:
                    57:52:96:8f:2a:25:51:28:8d:f6:65:d5:de:93:1d:
                    fc:e7:3a:e4:b9:f1:18:73:c9:22:be:e0:b1:4a:d0:
                    68:92:1b:76:4c:a0:71:09:37:d2:88:06:ed:0b:d8:
                    30:d8:43:83:ce:fa:c2:eb:08:3d:c0:d3:93:30:f6:
                    02:95:83:b2:90:fc:ec:61:73:1d:52:36:9b:98:5a:
                    0d:02:b2:b0:08:54:67:c3:56:36:71:7f:3d:5f:fe:
                    8a:ba:4a:a8:84:8a:9b:e0:17:58:06:93:9d:9b:97:
                    76:48:13:27:73:29:53:2d:de:e1:68:45:9a:4d:d8:
                    c1:eb:fd:b4:f6:41:4d:5f:6d:5a:d1:05:d6:44:8a:
                    27:c8:7d:b7:33:2c:02:29:f2:ef:15:3c:37:78:14:
                    24:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3D:C2:3F:38:0E:5C:53:C8:C6:00:A2:26:FC:DA:18:58:F8:88:F4
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/nT3CPzgOXFPIxgCiJvzaGFj4iPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.59.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:3e:6a:ba:43:c2:0c:d5:52:53:df:1c:da:cc:0a:38:02:04:
         ab:18:e9:b5:47:59:57:6b:20:33:15:9e:f2:e0:7e:de:1f:29:
         a1:24:03:a6:c9:de:1d:93:72:c4:7d:5c:09:a7:29:bc:b4:17:
         68:55:a7:93:01:fd:ea:e3:b1:24:18:c1:fe:ea:b8:ea:af:ed:
         a6:00:e5:1d:64:66:95:44:3e:f6:a3:2c:65:24:b0:af:8f:d8:
         52:74:96:ad:9c:57:0b:89:cd:e6:cc:a0:ef:69:d3:b0:90:3a:
         e9:ab:d2:9c:f6:76:17:97:ed:4e:55:05:9b:d6:09:f0:98:eb:
         61:58:13:04:b4:ea:13:af:1b:e9:46:f3:f9:73:c9:ad:09:ec:
         d0:fb:d8:7c:ed:0e:e9:92:d0:39:da:06:d7:97:d9:cb:f5:28:
         bc:47:6b:65:11:81:c1:98:ff:40:4a:97:97:d2:e2:dc:a9:1c:
         b6:49:3d:22:0b:c7:67:27:01:7b:32:8a:31:cf:68:aa:24:8e:
         52:2b:c6:bd:46:bb:55:05:f7:0b:9c:6c:b0:20:18:e7:b6:19:
         ce:ca:1c:bd:56:49:cc:6f:b7:e3:dd:62:d3:a8:1e:a8:17:cf:
         1e:f2:36:11:c3:f2:9d:0c:a8:3d:e8:d6:bc:a4:c0:80:36:e8:
         9b:ce:79:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57SkhVDTIBM3wh4+ZVbJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjYwMTAxMTQxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNkYzIzZjM4MGU1YzUzYzhjNjAwYTIyNmZjZGExODU4Zjg4OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DwY6KMAS+jHtGXauHjcyEqNc+yw
Y3wVlmLU/8ORMLz0jRNJaptI/Q4z74yKv0SRlxdq7xLEEr9xwE2WAdAlaJ8y2m+k
3NyUyazG81Vuu/yeZf+6ErahZhRKtpXFLeqwobcw4HXic81XUpaPKiVRKI32ZdXe
kx385zrkufEYc8kivuCxStBokht2TKBxCTfSiAbtC9gw2EODzvrC6wg9wNOTMPYC
lYOykPzsYXMdUjabmFoNArKwCFRnw1Y2cX89X/6KukqohIqb4BdYBpOdm5d2SBMn
cylTLd7haEWaTdjB6/209kFNX21a0QXWRIonyH23MywCKfLvFTw3eBQkywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ09wj84DlxTyMYAoib82hhY+Ij0MB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvblQzQ1B6Z09YRlBJeGdDaUp2emFHRmo0aVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTu0MA0G
CSqGSIb3DQEBCwUAA4IBAQA5Pmq6Q8IM1VJT3xzazAo4AgSrGOm1R1lXayAzFZ7y
4H7eHymhJAOmyd4dk3LEfVwJpym8tBdoVaeTAf3q47EkGMH+6rjqr+2mAOUdZGaV
RD72oyxlJLCvj9hSdJatnFcLic3mzKDvadOwkDrpq9Kc9nYXl+1OVQWb1gnwmOth
WBMEtOoTrxvpRvP5c8mtCezQ+9h87Q7pktA52gbXl9nL9Si8R2tlEYHBmP9ASpeX
0uLcqRy2ST0iC8dnJwF7Mooxz2iqJI5SK8a9RrtVBfcLnGywIBjnthnOyhy9VknM
b7fj3WLTqB6oF88e8jYRw/KdDKg96Na8pMCANuibznlM
-----END CERTIFICATE-----