This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/3ZEwykxG_eG-hOylERgLk_ReK3o.roa
File:                     3ZEwykxG_eG-hOylERgLk_ReK3o.roa (raw, json)
Hash identifier:          V8l0PbN/zuh0lXk54o8T6mw0Dbaz3yzcII9yaHwCqdU=
Subject key identifier:   DD:91:30:CA:4C:46:FD:E1:BE:84:EC:A5:11:18:0B:93:F4:5E:2B:7A
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019B7EA6EA63DFFC009EA57BF3F3A7CFF5D9
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/3ZEwykxG_eG-hOylERgLk_ReK3o.roa
Signing time:             Fri 02 Jan 2026 12:20:26 +0000
ROA not before:           Fri 02 Jan 2026 12:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        89.23.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:ea:63:df:fc:00:9e:a5:7b:f3:f3:a7:cf:f5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  2 12:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd9130ca4c46fde1be84eca511180b93f45e2b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3c:44:5e:c8:b1:35:a1:85:b5:81:ad:ba:bb:
                    85:ef:a5:a1:ff:1c:79:eb:df:fe:fa:be:f7:92:31:
                    8d:2a:bd:18:93:8d:7c:5d:74:a1:62:5d:9c:50:84:
                    79:d8:04:f2:20:4e:f5:4e:3c:e9:8d:d3:8a:cb:05:
                    07:b9:a8:7e:41:e2:aa:da:d2:3a:f5:ff:83:de:db:
                    da:62:de:10:b0:7f:c8:43:b8:d9:30:53:1c:40:00:
                    a6:80:06:e9:fc:97:53:bf:95:c7:0a:11:b5:b5:ff:
                    50:c7:63:28:5d:8b:45:1c:74:dc:db:98:4b:88:1f:
                    58:e6:60:bb:b4:3a:98:bf:3c:98:30:3c:4b:b7:8b:
                    34:f5:75:3e:0c:f3:0c:46:ac:7c:34:ba:92:4c:b8:
                    0d:79:6e:47:88:36:ff:f2:6b:68:45:57:62:44:a5:
                    25:68:59:ff:c8:e0:c9:9a:3b:89:fa:91:1c:94:cf:
                    54:7d:68:93:dc:72:f7:51:92:89:51:9c:1d:6c:b5:
                    6e:d7:80:57:53:71:94:b5:83:52:12:37:9e:fc:08:
                    e1:bb:b2:53:06:98:53:16:95:25:4a:d0:0a:4f:5d:
                    39:64:0e:8e:62:5f:37:b0:35:a9:92:b1:c8:0a:f8:
                    99:6b:c8:76:8c:cc:c3:74:c8:bf:a0:22:6e:15:27:
                    75:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:91:30:CA:4C:46:FD:E1:BE:84:EC:A5:11:18:0B:93:F4:5E:2B:7A
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/3ZEwykxG_eG-hOylERgLk_ReK3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:8c:8b:88:4c:76:39:da:36:e0:ad:43:a3:a6:b2:ae:ea:cf:
         da:64:1a:9f:8b:9b:36:cc:62:b6:6e:6a:59:63:e6:8e:0b:a2:
         5e:b3:ec:98:10:7b:ae:1d:90:16:1f:2d:47:27:1d:85:4a:78:
         bc:36:f4:57:67:4a:a6:d8:da:da:56:e1:ca:79:76:75:bf:e6:
         2b:96:8c:51:46:fc:e9:3d:b1:b5:c4:12:b9:75:90:99:eb:6d:
         dd:5b:6c:0f:51:21:cf:e0:b1:56:c6:20:65:1f:e4:38:fa:00:
         f2:14:05:17:27:16:1d:ee:e3:fe:24:ed:ba:fe:89:8b:a0:ca:
         2a:cb:73:ae:78:df:d2:7e:7d:85:b7:a1:02:3b:8b:9e:3a:e8:
         55:b6:71:c1:e3:df:a8:1c:82:a5:8d:95:0e:0e:0c:6f:71:fb:
         d7:8e:ca:0b:de:c6:6f:81:db:a7:c9:8a:0a:bd:e6:dc:3e:34:
         75:f9:27:fa:b3:86:80:e0:f3:16:03:3d:43:41:f1:da:18:10:
         ef:da:9e:fb:b3:c2:aa:48:39:5d:fa:8b:8b:bb:b9:bf:3e:3f:
         89:bd:11:45:0d:21:96:8a:e2:8b:b8:f7:77:6e:df:ef:c2:15:
         2c:2e:21:f3:34:9e:a3:34:75:1c:0b:11:bb:82:49:0a:05:e4:
         1a:ce:18:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pupj3/wAnqV78/Onz/XZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMTAyMTIyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDkxMzBjYTRjNDZmZGUxYmU4NGVjYTUxMTE4MGI5M2Y0NWUyYjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTxEXsixNaGFtYGturuF76Wh/xx5
69/++r73kjGNKr0Yk418XXShYl2cUIR52ATyIE71TjzpjdOKywUHuah+QeKq2tI6
9f+D3tvaYt4QsH/IQ7jZMFMcQACmgAbp/JdTv5XHChG1tf9Qx2MoXYtFHHTc25hL
iB9Y5mC7tDqYvzyYMDxLt4s09XU+DPMMRqx8NLqSTLgNeW5HiDb/8mtoRVdiRKUl
aFn/yODJmjuJ+pEclM9UfWiT3HL3UZKJUZwdbLVu14BXU3GUtYNSEjee/Ajhu7JT
BphTFpUlStAKT105ZA6OYl83sDWpkrHICviZa8h2jMzDdMi/oCJuFSd1LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2RMMpMRv3hvoTspREYC5P0Xit6MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvM1pFd3lreEdfZUctaE95bEVSZ0xrX1JlSzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdSMA0G
CSqGSIb3DQEBCwUAA4IBAQCBjIuITHY52jbgrUOjprKu6s/aZBqfi5s2zGK2bmpZ
Y+aOC6Jes+yYEHuuHZAWHy1HJx2FSni8NvRXZ0qm2NraVuHKeXZ1v+YrloxRRvzp
PbG1xBK5dZCZ623dW2wPUSHP4LFWxiBlH+Q4+gDyFAUXJxYd7uP+JO26/omLoMoq
y3OueN/Sfn2Ft6ECO4ueOuhVtnHB49+oHIKljZUODgxvcfvXjsoL3sZvgdunyYoK
vebcPjR1+Sf6s4aA4PMWAz1DQfHaGBDv2p77s8KqSDld+ouLu7m/Pj+JvRFFDSGW
iuKLuPd3bt/vwhUsLiHzNJ6jNHUcCxG7gkkKBeQazhjc
-----END CERTIFICATE-----