This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/aa3b42-b601-40b4-b299-bf8e960fe0ad/1/_d8Zo_g7rmhKukVc2_yC6OHo_f8.roa
File:                     _d8Zo_g7rmhKukVc2_yC6OHo_f8.roa (raw, json)
Hash identifier:          W4kBrQ5vSikj88DUpuXxRFyq1wVLUOltrf0M4pqOt50=
Subject key identifier:   FD:DF:19:A3:F8:3B:AE:68:4A:BA:45:5C:DB:FC:82:E8:E1:E8:FD:FF
Certificate issuer:       /CN=76ee9f7d8e5d18c50884f83378ae48ba2fcda6e2
Certificate serial:       019B7F8484BA5831D3FEC2F74D2273A4750B
Authority key identifier: 76:EE:9F:7D:8E:5D:18:C5:08:84:F8:33:78:AE:48:BA:2F:CD:A6:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/du6ffY5dGMUIhPgzeK5Iui_NpuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/aa3b42-b601-40b4-b299-bf8e960fe0ad/1/_d8Zo_g7rmhKukVc2_yC6OHo_f8.roa
Signing time:             Fri 02 Jan 2026 16:22:29 +0000
ROA not before:           Fri 02 Jan 2026 16:22:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211566
IP address blocks:        193.3.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/aa3b42-b601-40b4-b299-bf8e960fe0ad/1/du6ffY5dGMUIhPgzeK5Iui_NpuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/aa3b42-b601-40b4-b299-bf8e960fe0ad/1/du6ffY5dGMUIhPgzeK5Iui_NpuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/du6ffY5dGMUIhPgzeK5Iui_NpuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:84:ba:58:31:d3:fe:c2:f7:4d:22:73:a4:75:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76ee9f7d8e5d18c50884f83378ae48ba2fcda6e2
        Validity
            Not Before: Jan  2 16:22:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fddf19a3f83bae684aba455cdbfc82e8e1e8fdff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:86:c4:71:6a:8c:ae:2c:bc:4d:bf:67:88:61:
                    0a:a7:e4:79:90:af:a6:e8:18:ed:bd:3f:08:1e:6b:
                    41:8b:5a:e5:73:ed:5e:3c:82:af:1b:84:f3:8b:75:
                    8d:bb:3f:09:88:8e:3e:49:72:6c:17:ea:d3:41:b3:
                    7d:92:2b:46:c1:6c:03:b8:77:74:e0:4a:6a:9a:9c:
                    88:31:e2:9d:5a:ee:22:10:ef:3c:c3:52:49:4d:3e:
                    e7:2e:8d:c2:76:55:2d:b8:f8:5e:5a:22:46:15:41:
                    43:31:7a:44:42:49:f1:ce:5e:c1:44:8c:f8:a3:7d:
                    09:76:a5:3c:fc:93:ef:8a:d1:fa:59:9c:64:6c:71:
                    e7:a9:a7:6a:12:03:2d:4b:58:ca:2a:ec:b8:94:97:
                    ba:3b:06:a7:11:97:fa:9d:3f:69:31:78:45:a4:c3:
                    2c:c8:73:1c:7a:3f:a7:6c:4b:1e:89:cf:85:95:2d:
                    f8:da:47:52:66:54:de:6e:33:f9:88:dd:93:98:a8:
                    ef:d7:da:56:ce:32:15:2f:42:ac:20:de:69:b7:0e:
                    82:95:73:22:12:29:f1:dd:be:59:ec:50:e2:0e:1a:
                    ea:1e:57:27:1c:89:e6:da:cd:d9:d4:ac:13:a2:88:
                    09:f6:1c:91:c9:0e:82:4a:57:66:77:48:ac:a0:d7:
                    60:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:DF:19:A3:F8:3B:AE:68:4A:BA:45:5C:DB:FC:82:E8:E1:E8:FD:FF
            X509v3 Authority Key Identifier:
                keyid:76:EE:9F:7D:8E:5D:18:C5:08:84:F8:33:78:AE:48:BA:2F:CD:A6:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/du6ffY5dGMUIhPgzeK5Iui_NpuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/aa3b42-b601-40b4-b299-bf8e960fe0ad/1/_d8Zo_g7rmhKukVc2_yC6OHo_f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/aa3b42-b601-40b4-b299-bf8e960fe0ad/1/du6ffY5dGMUIhPgzeK5Iui_NpuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d3:e9:82:85:dc:6e:7f:f0:d6:f9:e4:a6:ed:cc:86:ee:70:
         ad:93:cc:39:56:c6:9b:49:84:f3:1d:bf:00:6a:4d:9e:75:1f:
         99:43:17:76:31:f7:42:b6:e4:6d:ab:35:24:74:af:1a:c6:96:
         2e:29:18:44:29:83:ef:db:2d:ea:12:01:12:f6:f5:5d:48:21:
         47:2c:6b:d7:fa:ae:0c:c4:6e:54:f4:5c:c1:a6:60:17:73:27:
         b0:58:aa:81:9a:f9:ed:df:06:cc:93:ba:26:ab:de:d2:d6:c9:
         17:cf:ae:d2:34:0a:fd:92:f4:0e:ad:ef:f2:3c:b0:31:c5:ef:
         48:a8:64:90:92:b1:46:b5:3f:b7:a1:aa:8e:d0:81:d4:98:ce:
         a3:73:c7:c5:e5:41:f4:4c:c3:ca:46:cd:a3:3e:f8:5b:91:ad:
         02:a7:f7:74:47:88:68:45:8c:ae:5b:00:65:ce:25:86:36:89:
         fb:95:d9:64:8c:26:6f:3d:6e:6b:13:cc:79:52:ab:1c:5c:1d:
         2b:8f:cc:25:72:11:39:4b:5a:f8:44:40:dc:60:99:6f:be:3c:
         c9:1e:05:b3:9e:ad:36:b9:bd:90:2a:04:dc:29:af:6f:0b:78:
         f8:d8:6f:bd:71:9c:3a:b7:69:4b:ed:4d:5b:13:3c:fb:e4:2c:
         61:89:24:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hIS6WDHT/sL3TSJzpHULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZWU5ZjdkOGU1ZDE4YzUwODg0ZjgzMzc4YWU0OGJhMmZj
ZGE2ZTIwHhcNMjYwMTAyMTYyMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRmMTlhM2Y4M2JhZTY4NGFiYTQ1NWNkYmZjODJlOGUxZThmZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54bEcWqMriy8Tb9niGEKp+R5kK+m
6BjtvT8IHmtBi1rlc+1ePIKvG4Tzi3WNuz8JiI4+SXJsF+rTQbN9kitGwWwDuHd0
4EpqmpyIMeKdWu4iEO88w1JJTT7nLo3CdlUtuPheWiJGFUFDMXpEQknxzl7BRIz4
o30JdqU8/JPvitH6WZxkbHHnqadqEgMtS1jKKuy4lJe6OwanEZf6nT9pMXhFpMMs
yHMcej+nbEseic+FlS342kdSZlTebjP5iN2TmKjv19pWzjIVL0KsIN5ptw6ClXMi
Einx3b5Z7FDiDhrqHlcnHInm2s3Z1KwToogJ9hyRyQ6CSldmd0isoNdgLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3fGaP4O65oSrpFXNv8gujh6P3/MB8GA1UdIwQY
MBaAFHbun32OXRjFCIT4M3iuSLovzabiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHU2ZmZZNWRHTVVJaFBnemVLNUl1aV9OcHVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9hYTNiNDItYjYwMS00MGI0LWIyOTkt
YmY4ZTk2MGZlMGFkLzEvX2Q4Wm9fZzdybWhLdWtWYzJfeUM2T0hvX2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9hYTNiNDItYjYwMS00MGI0LWIyOTktYmY4ZTk2MGZlMGFk
LzEvZHU2ZmZZNWRHTVVJaFBnemVLNUl1aV9OcHVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMhMA0G
CSqGSIb3DQEBCwUAA4IBAQCY0+mChdxuf/DW+eSm7cyG7nCtk8w5VsabSYTzHb8A
ak2edR+ZQxd2MfdCtuRtqzUkdK8axpYuKRhEKYPv2y3qEgES9vVdSCFHLGvX+q4M
xG5U9FzBpmAXcyewWKqBmvnt3wbMk7omq97S1skXz67SNAr9kvQOre/yPLAxxe9I
qGSQkrFGtT+3oaqO0IHUmM6jc8fF5UH0TMPKRs2jPvhbka0Cp/d0R4hoRYyuWwBl
ziWGNon7ldlkjCZvPW5rE8x5UqscXB0rj8wlchE5S1r4REDcYJlvvjzJHgWznq02
ub2QKgTcKa9vC3j42G+9cZw6t2lL7U1bEzz75CxhiSQB
-----END CERTIFICATE-----