This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/v7g5IC2KG1EH4yzWVLcgjgT3THk.roa
File:                     v7g5IC2KG1EH4yzWVLcgjgT3THk.roa (raw, json)
Hash identifier:          kXkPT7vAPHAY5/pzqHnsJ3LyfmLB/27otrpftqmC28E=
Subject key identifier:   BF:B8:39:20:2D:8A:1B:51:07:E3:2C:D6:54:B7:20:8E:04:F7:4C:79
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C12F10F864C1B65BAC367682F35FAE0
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/v7g5IC2KG1EH4yzWVLcgjgT3THk.roa
Signing time:             Fri 02 Jan 2026 00:19:34 +0000
ROA not before:           Fri 02 Jan 2026 00:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29058
IP address blocks:        194.209.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:f1:0f:86:4c:1b:65:ba:c3:67:68:2f:35:fa:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bfb839202d8a1b5107e32cd654b7208e04f74c79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:e6:5f:63:75:44:3e:aa:a4:37:49:39:5d:72:
                    c6:2a:90:9c:dc:a3:64:97:f0:6e:36:e5:2d:f0:bd:
                    30:2a:03:b3:51:10:ef:74:46:dd:dd:ab:f8:4f:36:
                    1a:f3:9e:80:56:34:d1:f2:81:f0:bb:e6:28:f8:94:
                    86:fc:90:0c:b3:7c:f2:7d:03:95:5b:ef:29:53:00:
                    e0:d0:67:41:93:2e:4c:b4:42:04:2c:70:54:9a:fb:
                    76:8d:f8:c0:cc:85:20:24:cf:e0:4a:04:cd:a7:57:
                    c0:d4:39:e6:da:0f:74:dc:ac:a0:c3:08:d6:40:9c:
                    43:7d:fe:cd:99:9f:1f:7d:5a:e5:b3:1d:73:75:5a:
                    f7:eb:a7:17:45:e1:1b:06:24:a2:56:83:2d:83:3d:
                    b5:c5:33:d7:74:66:7a:18:2e:c5:0c:31:3c:08:92:
                    9c:37:7b:db:1b:7d:9c:bb:66:22:2a:ef:bb:85:f2:
                    a3:96:93:88:3e:5c:a4:0a:cd:9d:1a:54:7e:bd:02:
                    5c:1c:ec:8d:e1:17:0e:4c:2c:6c:97:be:84:cd:dd:
                    28:fe:5f:b6:a1:5e:56:d3:10:c0:7a:62:ba:28:fd:
                    3f:32:aa:6a:ed:f1:6c:9a:d8:6e:20:94:9e:fe:2c:
                    23:3e:6d:b0:6f:cd:3b:aa:68:1f:72:17:20:21:cd:
                    fa:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B8:39:20:2D:8A:1B:51:07:E3:2C:D6:54:B7:20:8E:04:F7:4C:79
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/v7g5IC2KG1EH4yzWVLcgjgT3THk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:e5:b4:2e:e8:7f:19:df:a5:1a:ef:8b:6f:3b:2a:db:c8:82:
         ff:2a:61:bb:96:9f:9d:72:94:3f:05:4c:20:5c:38:99:9c:97:
         26:68:53:6f:75:39:a7:ff:b7:8d:2b:58:04:de:c6:96:62:73:
         19:91:05:8d:d2:b8:ff:33:25:50:97:23:f8:06:09:f3:ec:88:
         fb:ff:23:e0:cb:82:e3:6a:10:30:51:81:36:f6:29:f3:1f:62:
         6a:8b:dc:1f:fc:42:0c:a1:56:6c:c0:83:ac:59:ab:00:a0:44:
         27:e2:b8:99:26:28:38:db:31:da:ca:4f:80:8e:ad:e2:16:9a:
         75:d7:eb:06:f1:86:0b:99:45:c6:ff:d8:60:3d:7c:95:60:8e:
         af:f4:08:61:1d:56:f4:26:6d:60:4c:b4:02:b1:c5:4a:45:08:
         6d:d4:36:c3:79:25:5d:3f:98:d1:62:02:57:95:2c:f8:dc:b0:
         c0:49:cc:86:39:15:4d:10:48:1a:2f:25:70:62:af:3d:26:ca:
         1f:f2:75:fe:05:2d:88:c5:af:a4:1f:d4:58:b7:80:c7:00:f8:
         f3:a4:e2:54:26:15:d1:33:a8:4a:d4:76:ed:11:d9:71:61:78:
         c9:9d:5d:58:14:07:3b:4e:91:cd:d3:20:95:70:2a:c9:73:8a:
         3a:ea:c8:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EvEPhkwbZbrDZ2gvNfrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmI4MzkyMDJkOGExYjUxMDdlMzJjZDY1NGI3MjA4ZTA0Zjc0Yzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OZfY3VEPqqkN0k5XXLGKpCc3KNk
l/BuNuUt8L0wKgOzURDvdEbd3av4TzYa856AVjTR8oHwu+Yo+JSG/JAMs3zyfQOV
W+8pUwDg0GdBky5MtEIELHBUmvt2jfjAzIUgJM/gSgTNp1fA1Dnm2g903KygwwjW
QJxDff7NmZ8ffVrlsx1zdVr366cXReEbBiSiVoMtgz21xTPXdGZ6GC7FDDE8CJKc
N3vbG32cu2YiKu+7hfKjlpOIPlykCs2dGlR+vQJcHOyN4RcOTCxsl76Ezd0o/l+2
oV5W0xDAemK6KP0/Mqpq7fFsmthuIJSe/iwjPm2wb807qmgfchcgIc36vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+4OSAtihtRB+Ms1lS3II4E90x5MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvdjdnNUlDMktHMUVINHl6V1ZMY2dqZ1QzVEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtEDMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ5bQu6H8Z36Ua74tvOyrbyIL/KmG7lp+dcpQ/BUwg
XDiZnJcmaFNvdTmn/7eNK1gE3saWYnMZkQWN0rj/MyVQlyP4Bgnz7Ij7/yPgy4Lj
ahAwUYE29inzH2Jqi9wf/EIMoVZswIOsWasAoEQn4riZJig42zHayk+Ajq3iFpp1
1+sG8YYLmUXG/9hgPXyVYI6v9AhhHVb0Jm1gTLQCscVKRQht1DbDeSVdP5jRYgJX
lSz43LDAScyGORVNEEgaLyVwYq89Jsof8nX+BS2Ixa+kH9RYt4DHAPjzpOJUJhXR
M6hK1HbtEdlxYXjJnV1YFAc7TpHN0yCVcCrJc4o66sga
-----END CERTIFICATE-----