This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/a600cf-8238-4471-a1b7-f6ed83e78ef5/1/3JUz-hq99DA3h49ngZi9cq7SaR4.roa
File:                     3JUz-hq99DA3h49ngZi9cq7SaR4.roa (raw, json)
Hash identifier:          zVymLUNjhCd9Q8uV3U+v5PPuuKn77ETfb//eDnHr8ck=
Subject key identifier:   DC:95:33:FA:1A:BD:F4:30:37:87:8F:67:81:98:BD:72:AE:D2:69:1E
Certificate issuer:       /CN=0c3557213a6725282b24a685308e9cf84107ac7d
Certificate serial:       019B7EA72914EC9223DF9B817903D97E8247
Authority key identifier: 0C:35:57:21:3A:67:25:28:2B:24:A6:85:30:8E:9C:F8:41:07:AC:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DDVXITpnJSgrJKaFMI6c-EEHrH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/a600cf-8238-4471-a1b7-f6ed83e78ef5/1/3JUz-hq99DA3h49ngZi9cq7SaR4.roa
Signing time:             Fri 02 Jan 2026 12:20:42 +0000
ROA not before:           Fri 02 Jan 2026 12:20:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44580
IP address blocks:        194.8.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/a600cf-8238-4471-a1b7-f6ed83e78ef5/1/DDVXITpnJSgrJKaFMI6c-EEHrH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/a600cf-8238-4471-a1b7-f6ed83e78ef5/1/DDVXITpnJSgrJKaFMI6c-EEHrH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DDVXITpnJSgrJKaFMI6c-EEHrH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:29:14:ec:92:23:df:9b:81:79:03:d9:7e:82:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c3557213a6725282b24a685308e9cf84107ac7d
        Validity
            Not Before: Jan  2 12:20:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc9533fa1abdf43037878f678198bd72aed2691e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1d:e9:19:fd:f5:56:a5:2c:6f:ec:12:c0:36:
                    ff:3e:0c:09:c1:4c:f4:69:1c:34:ac:ed:a1:c5:39:
                    f4:cb:70:e2:45:ea:79:cc:fb:64:6e:7e:10:3f:7f:
                    fb:90:66:1a:b7:25:bb:77:be:9d:e1:93:59:4d:e8:
                    37:2d:13:9d:7c:3e:80:79:f3:a4:82:5d:03:34:20:
                    06:45:c4:cc:f6:c5:2e:00:36:99:c2:e8:6c:c1:df:
                    87:8b:ef:14:11:af:b7:a8:78:5b:e4:c0:92:cb:27:
                    5a:26:98:f8:db:82:2d:09:5c:21:88:ef:25:b9:ea:
                    9e:5e:86:90:14:1f:7d:d9:d1:5d:9c:14:a8:22:7d:
                    41:64:0f:d4:54:35:e8:fa:49:13:03:c6:18:b7:14:
                    c5:27:67:48:0e:a2:b0:8e:ba:57:3d:18:b5:07:f2:
                    60:2a:58:94:7d:f8:56:48:64:8e:b7:ad:eb:69:ad:
                    29:02:4c:09:23:02:2e:82:85:77:66:37:2f:13:cc:
                    01:86:9d:9b:33:8b:3a:8f:1d:5d:3d:12:64:f2:b0:
                    c5:45:44:53:74:17:73:ef:c0:79:1c:24:5f:6f:fd:
                    80:a0:db:89:ca:cb:22:17:61:44:8b:ad:dc:8d:ce:
                    a0:e0:fb:d3:24:4f:a0:a3:45:1e:12:34:52:97:f9:
                    7f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:95:33:FA:1A:BD:F4:30:37:87:8F:67:81:98:BD:72:AE:D2:69:1E
            X509v3 Authority Key Identifier:
                keyid:0C:35:57:21:3A:67:25:28:2B:24:A6:85:30:8E:9C:F8:41:07:AC:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DDVXITpnJSgrJKaFMI6c-EEHrH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a600cf-8238-4471-a1b7-f6ed83e78ef5/1/3JUz-hq99DA3h49ngZi9cq7SaR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a600cf-8238-4471-a1b7-f6ed83e78ef5/1/DDVXITpnJSgrJKaFMI6c-EEHrH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:99:f7:ee:fa:5c:4c:6b:d5:81:3e:22:ca:97:a3:b7:8e:25:
         77:57:37:4c:b4:79:f0:35:2c:5b:2c:4f:c0:47:2f:87:86:8c:
         15:6d:56:95:bf:b0:e8:6a:d9:e0:3b:6f:89:ae:bb:02:73:7a:
         8e:3c:16:69:bb:a4:21:18:1d:66:4e:84:28:47:4f:d0:49:7a:
         72:04:10:fe:81:89:e4:c4:1a:60:91:9a:94:6a:04:1d:01:9f:
         bc:37:fa:bc:8a:60:19:52:db:6d:04:70:22:b6:6f:d7:eb:8d:
         a5:61:2e:95:ad:8b:0b:df:e6:62:d4:99:ed:62:4b:9a:70:10:
         d1:4b:b3:d8:af:0c:e6:84:99:bb:a7:4c:80:e2:b7:ac:a6:c4:
         fd:b2:1d:6e:74:72:09:02:03:50:c9:10:9a:c4:db:69:02:3a:
         09:1e:e1:03:e6:20:60:99:8c:5d:c3:f3:d4:5b:a1:f4:97:24:
         38:77:8b:7a:1c:b6:71:12:3e:7c:3f:7d:2d:c7:ab:00:88:ff:
         c4:63:05:42:cc:f4:89:98:e9:f9:80:a2:15:57:05:b8:92:cd:
         c0:0a:ae:8a:a1:39:86:65:30:c1:72:27:8b:cd:f7:a3:25:92:
         5c:4b:7c:3e:ea:e0:1d:ef:cb:f4:d5:e4:06:40:52:a9:8a:c7:
         9b:b8:0e:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pykU7JIj35uBeQPZfoJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMzU1NzIxM2E2NzI1MjgyYjI0YTY4NTMwOGU5Y2Y4NDEw
N2FjN2QwHhcNMjYwMTAyMTIyMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzk1MzNmYTFhYmRmNDMwMzc4NzhmNjc4MTk4YmQ3MmFlZDI2OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3h3pGf31VqUsb+wSwDb/PgwJwUz0
aRw0rO2hxTn0y3DiRep5zPtkbn4QP3/7kGYatyW7d76d4ZNZTeg3LROdfD6AefOk
gl0DNCAGRcTM9sUuADaZwuhswd+Hi+8UEa+3qHhb5MCSyydaJpj424ItCVwhiO8l
ueqeXoaQFB992dFdnBSoIn1BZA/UVDXo+kkTA8YYtxTFJ2dIDqKwjrpXPRi1B/Jg
KliUffhWSGSOt63raa0pAkwJIwIugoV3ZjcvE8wBhp2bM4s6jx1dPRJk8rDFRURT
dBdz78B5HCRfb/2AoNuJyssiF2FEi63cjc6g4PvTJE+go0UeEjRSl/l/jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyVM/oavfQwN4ePZ4GYvXKu0mkeMB8GA1UdIwQY
MBaAFAw1VyE6ZyUoKySmhTCOnPhBB6x9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRERWWElUcG5KU2dySkthRk1JNmMtRUVIckgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hNjAwY2YtODIzOC00NDcxLWExYjct
ZjZlZDgzZTc4ZWY1LzEvM0pVei1ocTk5REEzaDQ5bmdaaTljcTdTYVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hNjAwY2YtODIzOC00NDcxLWExYjctZjZlZDgzZTc4ZWY1
LzEvRERWWElUcG5KU2dySkthRk1JNmMtRUVIckgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwghSMA0G
CSqGSIb3DQEBCwUAA4IBAQBXmffu+lxMa9WBPiLKl6O3jiV3VzdMtHnwNSxbLE/A
Ry+HhowVbVaVv7DoatngO2+JrrsCc3qOPBZpu6QhGB1mToQoR0/QSXpyBBD+gYnk
xBpgkZqUagQdAZ+8N/q8imAZUtttBHAitm/X642lYS6VrYsL3+Zi1JntYkuacBDR
S7PYrwzmhJm7p0yA4respsT9sh1udHIJAgNQyRCaxNtpAjoJHuED5iBgmYxdw/PU
W6H0lyQ4d4t6HLZxEj58P30tx6sAiP/EYwVCzPSJmOn5gKIVVwW4ks3ACq6KoTmG
ZTDBcieLzfejJZJcS3w+6uAd78v01eQGQFKpisebuA5l
-----END CERTIFICATE-----