This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/3En9ZxdA_9Y7YbhdHSy_ozRVcts.roa
File:                     3En9ZxdA_9Y7YbhdHSy_ozRVcts.roa (raw, json)
Hash identifier:          PrZc7gBh863UgF6RDKYSJvpsQyp10e+OlGmMtcslKPQ=
Subject key identifier:   DC:49:FD:67:17:40:FF:D6:3B:61:B8:5D:1D:2C:BF:A3:34:55:72:DB
Certificate issuer:       /CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
Certificate serial:       019B77C6A553C5950A77B6FBEB6DAE156FE0
Authority key identifier: 3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/3En9ZxdA_9Y7YbhdHSy_ozRVcts.roa
Signing time:             Thu 01 Jan 2026 04:17:45 +0000
ROA not before:           Thu 01 Jan 2026 04:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4755
IP address blocks:        86.36.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:a5:53:c5:95:0a:77:b6:fb:eb:6d:ae:15:6f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
        Validity
            Not Before: Jan  1 04:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc49fd671740ffd63b61b85d1d2cbfa3345572db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:76:17:4a:1d:2d:50:55:44:3a:8a:91:7f:97:
                    26:e6:4c:e8:eb:1c:0a:08:4f:88:bc:17:6b:1e:0e:
                    33:ee:22:c4:4e:39:60:12:b1:d4:23:5f:22:cf:b0:
                    d5:0f:59:71:ac:28:54:74:d9:8f:98:c0:dc:23:aa:
                    37:c3:66:ed:3c:7e:74:8e:eb:fd:4f:b1:7c:a7:27:
                    7a:38:c9:f3:5c:05:1b:56:b8:15:ce:79:6e:8f:a7:
                    01:3a:7b:f2:c1:db:9d:5a:c0:a8:93:0c:04:58:1e:
                    ac:f0:4d:90:24:2a:d3:ad:42:c5:21:7a:f4:c1:64:
                    63:b6:6a:49:06:28:30:2f:bd:47:73:48:f7:78:ec:
                    d6:8d:49:65:74:3a:a9:ea:89:9e:2c:e1:4b:2f:49:
                    3c:d3:e9:1a:4d:a7:4d:e7:dd:05:68:fe:a0:a0:16:
                    2a:6f:23:93:bd:d2:26:95:94:04:6f:60:29:35:58:
                    2e:05:30:d6:cb:55:49:d3:07:ba:7f:99:46:07:37:
                    ca:cf:aa:b1:fc:e1:1f:b1:d4:10:5b:15:cc:42:f3:
                    e3:b0:7c:fb:90:31:fb:70:d7:fe:cf:44:9c:15:f4:
                    99:88:57:a5:ca:40:d8:76:b5:85:ec:2b:cc:ff:bf:
                    01:10:e5:5c:f9:77:78:e7:f2:52:8e:e9:2b:38:56:
                    4a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:49:FD:67:17:40:FF:D6:3B:61:B8:5D:1D:2C:BF:A3:34:55:72:DB
            X509v3 Authority Key Identifier:
                keyid:3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/3En9ZxdA_9Y7YbhdHSy_ozRVcts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.36.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:c2:bb:ab:20:dd:33:b1:0a:f3:48:a2:4f:b3:77:21:8c:d1:
         70:0f:38:98:a1:f3:b9:87:3a:60:bc:aa:16:27:73:0f:fb:09:
         bc:65:6a:81:60:b9:ec:9f:93:b4:53:ce:df:ca:26:a8:a2:49:
         09:55:d1:e8:86:1c:78:d4:fb:63:6f:b5:19:01:63:5f:d8:23:
         a7:ff:c4:b1:87:e1:fc:46:06:87:cd:4b:e6:2f:1a:a6:27:2a:
         43:de:ad:ed:c5:61:d4:c2:b9:cc:dc:de:b2:67:d4:40:76:aa:
         93:45:27:1c:8e:b6:f2:3d:53:89:b1:df:0a:f2:79:5c:c0:ca:
         07:ba:45:cc:75:da:96:6f:0e:1f:99:c4:fc:e2:3f:d2:27:81:
         a9:03:e8:d4:ad:29:64:f3:f0:ab:2b:dc:83:1d:0e:72:30:d2:
         4e:88:38:6a:d4:54:5f:dd:4b:36:f0:12:04:1a:e9:fc:a9:3c:
         6c:61:c8:fd:8d:44:8d:99:e5:67:f6:74:21:e7:eb:28:98:87:
         ac:66:84:bb:f1:63:39:7f:58:41:9e:4b:f0:32:03:9d:3c:62:
         6b:d4:23:32:2a:66:92:99:ae:aa:37:e3:a5:06:47:c8:c6:7f:
         eb:f6:c9:95:46:6e:6d:8e:7b:99:09:7a:15:10:0e:65:33:c5:
         fc:30:71:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xqVTxZUKd7b7622uFW/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGQzZmIwNDRlYjFjMGExMWJlMDYwMmFjZWVmODhlNWY1
ZDJkZGYwHhcNMjYwMTAxMDQxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQ5ZmQ2NzE3NDBmZmQ2M2I2MWI4NWQxZDJjYmZhMzM0NTU3MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53YXSh0tUFVEOoqRf5cm5kzo6xwK
CE+IvBdrHg4z7iLETjlgErHUI18iz7DVD1lxrChUdNmPmMDcI6o3w2btPH50juv9
T7F8pyd6OMnzXAUbVrgVznluj6cBOnvywdudWsCokwwEWB6s8E2QJCrTrULFIXr0
wWRjtmpJBigwL71Hc0j3eOzWjUlldDqp6omeLOFLL0k80+kaTadN590FaP6goBYq
byOTvdImlZQEb2ApNVguBTDWy1VJ0we6f5lGBzfKz6qx/OEfsdQQWxXMQvPjsHz7
kDH7cNf+z0ScFfSZiFelykDYdrWF7CvM/78BEOVc+Xd45/JSjukrOFZK7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxJ/WcXQP/WO2G4XR0sv6M0VXLbMB8GA1UdIwQY
MBaAFDxNP7BE6xwKEb4GAqzu+I5fXS3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEt
YjE4NGUzZjRiNTBlLzEvM0VuOVp4ZEFfOVk3WWJoZEhTeV9velJWY3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEtYjE4NGUzZjRiNTBl
LzEvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCViQUMA0G
CSqGSIb3DQEBCwUAA4IBAQB9wrurIN0zsQrzSKJPs3chjNFwDziYofO5hzpgvKoW
J3MP+wm8ZWqBYLnsn5O0U87fyiaookkJVdHohhx41Ptjb7UZAWNf2COn/8Sxh+H8
RgaHzUvmLxqmJypD3q3txWHUwrnM3N6yZ9RAdqqTRSccjrbyPVOJsd8K8nlcwMoH
ukXMddqWbw4fmcT84j/SJ4GpA+jUrSlk8/CrK9yDHQ5yMNJOiDhq1FRf3Us28BIE
Gun8qTxsYcj9jUSNmeVn9nQh5+somIesZoS78WM5f1hBnkvwMgOdPGJr1CMyKmaS
ma6qN+OlBkfIxn/r9smVRm5tjnuZCXoVEA5lM8X8MHGJ
-----END CERTIFICATE-----