This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/3_XuwEnK7hK05MXmz1vtfkaHSAA.roa
File:                     3_XuwEnK7hK05MXmz1vtfkaHSAA.roa (raw, json)
Hash identifier:          o9siZPcWT3dVf1oD+f5/ipqIZ5M6DhvDg5nd+ba6zfw=
Subject key identifier:   DF:F5:EE:C0:49:CA:EE:12:B4:E4:C5:E6:CF:5B:ED:7E:46:87:48:00
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       019B79108B3AC3A24CCF3B4FA51AB8B6B86F
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/3_XuwEnK7hK05MXmz1vtfkaHSAA.roa
Signing time:             Thu 01 Jan 2026 10:18:05 +0000
ROA not before:           Thu 01 Jan 2026 10:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        194.233.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:8b:3a:c3:a2:4c:cf:3b:4f:a5:1a:b8:b6:b8:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  1 10:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dff5eec049caee12b4e4c5e6cf5bed7e46874800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f5:da:64:f1:c2:eb:20:d4:ff:32:96:8c:de:
                    25:d8:03:66:d6:d6:fe:59:5c:58:57:23:bd:d3:0c:
                    57:6c:c6:4d:c5:31:7f:74:0f:d2:a0:5e:f4:a2:ed:
                    d1:20:99:4a:57:9a:aa:93:4d:eb:2e:3c:3d:1e:4b:
                    78:d3:a4:96:3f:0e:aa:91:81:83:33:7e:20:b1:47:
                    99:f7:e0:1c:a8:ba:1d:5e:5c:32:54:30:c7:9d:76:
                    13:73:f0:3f:cc:c6:ba:d9:c9:7f:a9:8e:ab:d4:2f:
                    59:2e:26:30:70:62:98:f5:f1:9e:37:5e:8f:0e:e9:
                    23:da:dc:7c:8a:f0:51:a9:7b:88:de:ea:d6:4b:f5:
                    bd:33:24:27:45:de:45:a6:9e:5b:c4:cf:ba:7d:94:
                    32:b6:98:3b:f4:f6:d7:64:9e:87:85:3b:b1:c4:40:
                    f3:9b:11:a9:ea:37:45:c9:31:10:c6:8b:32:3f:2f:
                    59:ff:1d:a7:33:63:12:fe:34:2d:6e:87:6a:32:ff:
                    12:c2:13:b9:fb:ca:23:3c:7a:2f:e9:1e:c5:43:64:
                    28:8f:d7:4b:b7:b5:a8:65:fe:ff:c4:79:12:ab:02:
                    14:02:59:ca:c9:eb:a6:07:24:3d:41:1e:1d:d5:e7:
                    9c:c5:65:9e:08:f1:6b:3e:7a:c8:2b:27:02:4c:d7:
                    d6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F5:EE:C0:49:CA:EE:12:B4:E4:C5:E6:CF:5B:ED:7E:46:87:48:00
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/3_XuwEnK7hK05MXmz1vtfkaHSAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.233.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:f2:47:f7:34:1f:32:e2:01:04:02:17:d4:ae:40:62:4a:5f:
         81:08:9f:8d:bc:c0:cc:04:be:b2:48:0d:5d:5e:8c:d0:80:ad:
         35:e4:4c:81:7b:1a:90:c8:50:59:c3:9d:9d:04:bc:2f:f9:fa:
         6c:cf:81:b2:f8:f4:75:7f:08:8f:2d:eb:15:0f:0c:f8:2f:fb:
         c5:ec:e7:46:36:16:fe:3a:c9:19:fb:c3:b0:34:32:d6:ec:b5:
         b9:0c:ec:c0:f2:16:36:b4:a5:57:42:3c:e2:75:e1:c9:84:2c:
         fc:28:f4:17:05:38:9f:81:b2:e2:ba:2a:37:90:56:09:c4:6e:
         f3:af:b3:39:75:52:e1:ee:11:81:4f:c8:61:04:a1:49:21:8c:
         e3:16:b6:c5:53:82:69:60:bb:c9:1e:77:a3:0b:2b:11:fe:d2:
         fc:17:21:57:35:bb:7e:68:7a:bd:8b:78:64:9f:1f:5c:df:c9:
         47:42:4c:63:ad:08:de:12:10:3f:60:db:bd:b4:70:28:18:b7:
         70:20:96:4a:94:5d:ad:bd:b1:a2:58:11:80:a5:be:e0:25:aa:
         bf:76:be:af:7d:92:51:d7:77:c8:b2:06:f4:db:91:b4:6b:a1:
         e4:bb:24:dc:e5:18:1c:6b:65:0a:88:1f:98:e0:82:0a:97:96:
         e0:98:cb:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIs6w6JMzztPpRq4trhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjYwMTAxMTAxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmY1ZWVjMDQ5Y2FlZTEyYjRlNGM1ZTZjZjViZWQ3ZTQ2ODc0ODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPXaZPHC6yDU/zKWjN4l2ANm1tb+
WVxYVyO90wxXbMZNxTF/dA/SoF70ou3RIJlKV5qqk03rLjw9Hkt406SWPw6qkYGD
M34gsUeZ9+AcqLodXlwyVDDHnXYTc/A/zMa62cl/qY6r1C9ZLiYwcGKY9fGeN16P
Dukj2tx8ivBRqXuI3urWS/W9MyQnRd5Fpp5bxM+6fZQytpg79PbXZJ6HhTuxxEDz
mxGp6jdFyTEQxosyPy9Z/x2nM2MS/jQtbodqMv8SwhO5+8ojPHov6R7FQ2Qoj9dL
t7WoZf7/xHkSqwIUAlnKyeumByQ9QR4d1eecxWWeCPFrPnrIKycCTNfWPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/17sBJyu4StOTF5s9b7X5Gh0gAMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvM19YdXdFbks3aEswNU1YbXoxdnRma2FIU0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwumWMA0G
CSqGSIb3DQEBCwUAA4IBAQAi8kf3NB8y4gEEAhfUrkBiSl+BCJ+NvMDMBL6ySA1d
XozQgK015EyBexqQyFBZw52dBLwv+fpsz4Gy+PR1fwiPLesVDwz4L/vF7OdGNhb+
OskZ+8OwNDLW7LW5DOzA8hY2tKVXQjzideHJhCz8KPQXBTifgbLiuio3kFYJxG7z
r7M5dVLh7hGBT8hhBKFJIYzjFrbFU4JpYLvJHnejCysR/tL8FyFXNbt+aHq9i3hk
nx9c38lHQkxjrQjeEhA/YNu9tHAoGLdwIJZKlF2tvbGiWBGApb7gJaq/dr6vfZJR
13fIsgb025G0a6HkuyTc5Rgca2UKiB+Y4IIKl5bgmMsC
-----END CERTIFICATE-----