This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/01d9ioiOPnPG7DZOjNZd7T61tR0.roa
File:                     01d9ioiOPnPG7DZOjNZd7T61tR0.roa (raw, json)
Hash identifier:          Peseaq3bVAG4nWtXqyyN3OnQ9QW0ipZzyhwlXYv87F0=
Subject key identifier:   D3:57:7D:8A:88:8E:3E:73:C6:EC:36:4E:8C:D6:5D:ED:3E:B5:B5:1D
Certificate issuer:       /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial:       019B79EC3DC20F1A2DEBEFDF91F1A51E7114
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/01d9ioiOPnPG7DZOjNZd7T61tR0.roa
Signing time:             Thu 01 Jan 2026 14:18:03 +0000
ROA not before:           Thu 01 Jan 2026 14:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        185.102.76.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:3d:c2:0f:1a:2d:eb:ef:df:91:f1:a5:1e:71:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
        Validity
            Not Before: Jan  1 14:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3577d8a888e3e73c6ec364e8cd65ded3eb5b51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:24:8b:ac:94:13:4e:b1:f5:28:0d:73:08:c7:
                    43:8a:33:fb:07:c9:d2:38:0d:15:4f:14:9b:2d:65:
                    56:de:52:6b:ad:e9:f3:f7:5e:61:d1:04:3a:f2:6b:
                    eb:59:d5:f3:76:21:29:75:d5:c2:59:02:d4:49:4c:
                    a2:de:b0:52:cd:06:86:97:51:98:09:a9:92:71:72:
                    7a:00:b9:94:f0:c2:e5:d4:0d:64:d9:66:3a:09:9b:
                    69:45:8c:c8:fe:4f:4d:a0:7c:45:ce:bd:18:74:27:
                    80:b5:fc:fc:29:fc:f6:b8:40:cf:99:23:fd:98:77:
                    ea:65:37:df:11:37:34:74:d0:87:7b:84:57:e8:e0:
                    91:89:7e:d8:2c:cc:73:05:32:b7:ea:2e:13:d1:af:
                    77:20:66:ee:8d:55:6f:55:00:b9:32:54:79:28:37:
                    6e:60:ea:89:eb:25:2d:01:37:a3:ce:0b:8e:06:36:
                    de:88:e8:4d:dc:ac:e3:0d:2c:fc:0a:32:60:58:d0:
                    49:26:d5:5a:ba:e1:a6:e6:d1:39:ef:e5:e5:38:77:
                    d8:bc:3c:c5:07:5c:3c:ab:de:7d:33:f4:27:23:c8:
                    79:d1:2b:d5:fa:3b:da:dd:21:0d:5c:76:61:2f:c9:
                    7a:f8:67:6e:38:ee:69:d0:87:43:79:ad:f5:94:4c:
                    33:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:57:7D:8A:88:8E:3E:73:C6:EC:36:4E:8C:D6:5D:ED:3E:B5:B5:1D
            X509v3 Authority Key Identifier:
                keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/01d9ioiOPnPG7DZOjNZd7T61tR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:35:b6:d0:94:69:76:e6:03:2d:08:61:2f:ff:3b:45:f2:23:
         af:3c:42:43:52:e8:28:26:ea:ef:f9:0c:1f:2b:9b:35:76:7a:
         2c:a9:4d:8d:60:45:ed:9b:44:f3:33:91:be:81:30:3c:c5:4b:
         2c:cb:89:51:73:45:ba:8b:46:81:98:8d:8f:de:c9:14:7e:f0:
         3c:99:93:7c:70:38:c1:19:f2:ff:cf:47:b9:be:cd:46:c1:eb:
         b8:35:33:52:5a:83:ac:40:fb:f1:d7:74:56:7b:16:bb:e3:43:
         dd:d4:10:6a:42:84:7b:3b:d0:fa:a4:0e:86:f4:56:1a:5e:b5:
         db:e1:ac:8e:b2:f7:b2:7d:8b:b8:4b:00:db:9f:8a:ec:57:5e:
         1d:be:d0:3c:d1:ed:3b:29:65:4d:b0:b5:97:f0:84:97:e4:75:
         79:51:25:60:e4:b9:cf:2d:9d:69:71:8f:96:19:85:53:85:4b:
         f2:0c:9e:1d:e3:b6:db:52:60:c5:a9:2c:34:c5:90:5c:68:bf:
         42:7e:a3:e7:4b:ee:b7:1a:bb:cc:4e:f1:4d:c8:08:95:01:6e:
         43:7c:cc:af:3a:2e:08:ec:d1:72:a9:bf:2f:d5:64:59:57:5c:
         f3:f6:cf:b9:b0:a4:74:b8:84:53:cb:59:23:09:b7:75:a3:85:
         4f:da:3b:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57D3CDxot6+/fkfGlHnEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjYwMTAxMTQxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzU3N2Q4YTg4OGUzZTczYzZlYzM2NGU4Y2Q2NWRlZDNlYjViNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSSLrJQTTrH1KA1zCMdDijP7B8nS
OA0VTxSbLWVW3lJrrenz915h0QQ68mvrWdXzdiEpddXCWQLUSUyi3rBSzQaGl1GY
CamScXJ6ALmU8MLl1A1k2WY6CZtpRYzI/k9NoHxFzr0YdCeAtfz8Kfz2uEDPmSP9
mHfqZTffETc0dNCHe4RX6OCRiX7YLMxzBTK36i4T0a93IGbujVVvVQC5MlR5KDdu
YOqJ6yUtATejzguOBjbeiOhN3KzjDSz8CjJgWNBJJtVauuGm5tE57+XlOHfYvDzF
B1w8q959M/QnI8h50SvV+jva3SENXHZhL8l6+GduOO5p0IdDea31lEwzRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNXfYqIjj5zxuw2TozWXe0+tbUdMB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvMDFkOWlvaU9QblBHN0RaT2pOWmQ3VDYxdFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWZMMA0G
CSqGSIb3DQEBCwUAA4IBAQCjNbbQlGl25gMtCGEv/ztF8iOvPEJDUugoJurv+Qwf
K5s1dnosqU2NYEXtm0TzM5G+gTA8xUssy4lRc0W6i0aBmI2P3skUfvA8mZN8cDjB
GfL/z0e5vs1Gweu4NTNSWoOsQPvx13RWexa740Pd1BBqQoR7O9D6pA6G9FYaXrXb
4ayOsveyfYu4SwDbn4rsV14dvtA80e07KWVNsLWX8ISX5HV5USVg5LnPLZ1pcY+W
GYVThUvyDJ4d47bbUmDFqSw0xZBcaL9CfqPnS+63GrvMTvFNyAiVAW5DfMyvOi4I
7NFyqb8v1WRZV1zz9s+5sKR0uIRTy1kjCbd1o4VP2juv
-----END CERTIFICATE-----