This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/AFteCS1Hd7e6qi02RMRsgw9AZFI.roa
File:                     AFteCS1Hd7e6qi02RMRsgw9AZFI.roa (raw, json)
Hash identifier:          gi5cvPOf8jzBgqQP0MjAWXH2Iw3GEPq9YJDLxWTBGA8=
Subject key identifier:   00:5B:5E:09:2D:47:77:B7:BA:AA:2D:36:44:C4:6C:83:0F:40:64:52
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       019B77C74B61B59A34A9555A87AFFAC2484F
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/AFteCS1Hd7e6qi02RMRsgw9AZFI.roa
Signing time:             Thu 01 Jan 2026 04:18:28 +0000
ROA not before:           Thu 01 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     263702
IP address blocks:        185.9.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:4b:61:b5:9a:34:a9:55:5a:87:af:fa:c2:48:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Jan  1 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=005b5e092d4777b7baaa2d3644c46c830f406452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c2:e7:e2:dc:d9:ac:74:43:20:c3:02:5b:2e:
                    3f:f2:89:6b:ed:e0:26:b3:a3:8e:30:c8:9a:35:6f:
                    1c:1f:32:ff:4c:84:f5:4d:d3:8f:f6:45:65:45:1f:
                    e7:72:32:27:da:e4:a9:5a:d3:17:55:bd:ea:41:e3:
                    7b:97:b3:0c:58:ae:fd:8b:62:9d:82:1c:1e:3d:6f:
                    18:7b:a7:de:32:0c:b0:d7:bc:f6:93:80:a0:59:51:
                    f7:c9:87:f2:29:9d:43:61:93:c0:40:9c:fd:96:9b:
                    45:0d:20:18:03:bd:2c:06:96:a6:43:4c:b4:54:2c:
                    75:2e:d7:6e:b6:48:76:12:07:ac:13:a9:24:c3:ab:
                    fd:d7:7b:77:1e:83:06:f1:23:5a:23:f7:93:12:ab:
                    80:d1:e3:97:24:64:e6:5f:b0:93:d6:41:ef:9a:c7:
                    70:6e:91:bb:48:4c:f7:56:79:c6:f3:a8:a4:01:ca:
                    d5:83:cf:71:16:aa:f2:a6:de:e7:a1:5f:b5:3c:c5:
                    a7:73:dc:9c:f2:1a:82:47:06:c2:4d:72:5d:ef:93:
                    04:f6:6d:47:e1:af:d4:ad:b9:11:ee:30:80:3d:c9:
                    1e:b7:b7:ba:89:e2:54:d7:3a:82:0d:1b:83:8a:17:
                    32:33:bb:2a:08:18:16:f9:3b:f7:6f:5d:9c:82:2a:
                    63:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:5B:5E:09:2D:47:77:B7:BA:AA:2D:36:44:C4:6C:83:0F:40:64:52
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/AFteCS1Hd7e6qi02RMRsgw9AZFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:19:90:bb:d4:42:9d:90:29:29:99:32:aa:8f:8d:1e:10:26:
         0c:3f:0b:3e:35:53:e1:10:95:ae:a1:a0:fb:07:5d:9f:5b:aa:
         df:60:9b:4c:6f:18:8a:0a:09:3d:26:4f:ca:ac:73:8b:6a:1f:
         d5:de:d4:9b:8e:86:ec:85:20:28:0a:94:31:63:5a:a7:c4:cd:
         8d:2c:fd:e8:31:c7:72:61:60:72:f2:fe:aa:15:b3:7a:77:fd:
         04:83:29:1d:af:97:1e:fb:8d:ee:c1:90:b5:65:da:74:4e:71:
         71:8d:9a:c1:1a:fe:34:e6:f8:d1:d9:ea:13:30:a0:4f:23:73:
         64:b6:06:1c:e0:e4:8f:ab:31:08:f6:56:a1:40:5f:38:69:a2:
         aa:80:f1:14:57:b7:27:d2:81:99:7f:c2:30:de:c3:b1:a4:9f:
         79:89:b8:4f:9a:25:ed:f7:f9:7f:3d:0a:e7:93:8e:ed:df:fa:
         a4:1e:0a:fc:86:7d:7e:3b:29:47:52:85:c9:8f:29:17:7e:f9:
         57:08:36:f9:b7:20:74:3d:51:58:17:1e:0a:f1:60:26:78:d2:
         f1:ca:3f:3c:2d:3c:9b:1d:73:86:9b:b7:d6:72:aa:d7:a4:48:
         90:cf:53:e5:22:3d:92:a4:bc:8b:c8:e7:08:81:25:89:f7:5c:
         92:ed:60:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x0thtZo0qVVah6/6wkhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjYwMTAxMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDViNWUwOTJkNDc3N2I3YmFhYTJkMzY0NGM0NmM4MzBmNDA2NDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcLn4tzZrHRDIMMCWy4/8olr7eAm
s6OOMMiaNW8cHzL/TIT1TdOP9kVlRR/ncjIn2uSpWtMXVb3qQeN7l7MMWK79i2Kd
ghwePW8Ye6feMgyw17z2k4CgWVH3yYfyKZ1DYZPAQJz9lptFDSAYA70sBpamQ0y0
VCx1Ltdutkh2EgesE6kkw6v913t3HoMG8SNaI/eTEquA0eOXJGTmX7CT1kHvmsdw
bpG7SEz3VnnG86ikAcrVg89xFqrypt7noV+1PMWnc9yc8hqCRwbCTXJd75ME9m1H
4a/UrbkR7jCAPcket7e6ieJU1zqCDRuDihcyM7sqCBgW+Tv3b12cgipjzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABbXgktR3e3uqotNkTEbIMPQGRSMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvQUZ0ZUNTMUhkN2U2cWkwMlJNUnNndzlBWkZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQkDMA0G
CSqGSIb3DQEBCwUAA4IBAQBPGZC71EKdkCkpmTKqj40eECYMPws+NVPhEJWuoaD7
B12fW6rfYJtMbxiKCgk9Jk/KrHOLah/V3tSbjobshSAoCpQxY1qnxM2NLP3oMcdy
YWBy8v6qFbN6d/0Egykdr5ce+43uwZC1Zdp0TnFxjZrBGv405vjR2eoTMKBPI3Nk
tgYc4OSPqzEI9lahQF84aaKqgPEUV7cn0oGZf8Iw3sOxpJ95ibhPmiXt9/l/PQrn
k47t3/qkHgr8hn1+OylHUoXJjykXfvlXCDb5tyB0PVFYFx4K8WAmeNLxyj88LTyb
HXOGm7fWcqrXpEiQz1PlIj2SpLyLyOcIgSWJ91yS7WD2
-----END CERTIFICATE-----