This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/SN_hOoDnXXBMcILu8asIJSSFU6k.roa
File:                     SN_hOoDnXXBMcILu8asIJSSFU6k.roa (raw, json)
Hash identifier:          xhiPqOnTIih2H9KpMIJWF1OUuAAkuYs+jap/kl2QWL8=
Subject key identifier:   48:DF:E1:3A:80:E7:5D:70:4C:70:82:EE:F1:AB:08:25:24:85:53:A9
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019B77C76F934C61BD0E84203653CDA918D5
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/SN_hOoDnXXBMcILu8asIJSSFU6k.roa
Signing time:             Thu 01 Jan 2026 04:18:37 +0000
ROA not before:           Thu 01 Jan 2026 04:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        176.103.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:6f:93:4c:61:bd:0e:84:20:36:53:cd:a9:18:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  1 04:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48dfe13a80e75d704c7082eef1ab0825248553a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a0:9a:25:19:eb:57:1b:da:20:1c:3f:ce:3a:
                    ba:46:05:18:b0:7d:2a:e5:84:0a:4c:19:a8:cf:e8:
                    80:1c:e6:ad:65:4e:32:3f:03:35:9b:25:10:92:d8:
                    67:45:a5:14:b2:0e:38:f8:a8:8a:1f:30:2d:d6:5f:
                    b0:60:cb:31:bb:17:98:0b:58:11:e1:86:cb:5a:81:
                    f0:d0:2e:36:8a:53:30:0b:b2:ed:7f:06:1f:d2:2d:
                    31:d9:83:d0:05:9b:ed:e5:1d:f3:da:8c:60:64:70:
                    af:ce:38:8b:46:21:fb:51:9c:46:a0:f6:a2:24:6c:
                    3c:a5:45:91:85:f7:95:84:1c:e3:dd:ff:bf:02:aa:
                    95:78:9a:ec:33:ce:73:87:e3:1c:0a:fd:50:3c:75:
                    0e:17:c3:92:e1:93:70:a9:70:3e:f4:6c:44:59:38:
                    a3:62:9a:2a:c9:6b:d6:15:a2:71:f0:d0:af:f0:9c:
                    ca:99:a8:d5:87:74:e9:51:d0:36:60:ee:bc:cb:95:
                    56:16:53:d1:9d:cc:cf:16:4a:8f:8a:c2:38:5b:1d:
                    eb:14:26:2a:93:48:a4:f3:4b:b2:f7:78:03:c1:da:
                    2f:ba:2c:49:54:47:0b:7c:d0:36:45:19:33:6b:4b:
                    73:ad:07:ea:84:f0:ca:86:df:b8:aa:d8:fc:63:ad:
                    c0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:DF:E1:3A:80:E7:5D:70:4C:70:82:EE:F1:AB:08:25:24:85:53:A9
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/SN_hOoDnXXBMcILu8asIJSSFU6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:d3:25:78:1b:42:f5:fd:68:1f:e9:65:4a:f5:34:93:51:b8:
         bf:e4:34:46:46:23:ba:1d:54:42:aa:43:c5:fb:34:65:f3:55:
         e6:54:f7:48:5f:bf:25:c7:88:26:ef:8f:ea:4a:b3:53:76:39:
         81:5b:71:4d:af:00:fd:ce:1d:0b:9b:81:00:6c:f9:ee:c6:8d:
         85:4d:db:0f:34:5c:2e:53:4b:4d:ac:e5:5e:7f:f3:fc:d2:17:
         da:29:6c:14:c8:dc:8a:37:55:fe:02:66:bb:42:3d:e0:cc:74:
         96:06:8f:53:2b:24:da:8e:0c:52:12:c7:8e:a3:df:25:c2:a9:
         bf:50:2c:4f:79:cb:04:d3:4b:af:7d:38:ee:3e:4d:32:b3:b5:
         95:f1:64:d7:2a:d0:8c:6f:6b:a7:d3:a1:f1:e2:6f:30:b6:90:
         e5:5c:1d:53:69:66:ff:1e:82:90:49:72:f8:ae:18:1f:86:14:
         b2:36:f1:96:2c:20:07:2c:a4:ba:dc:2b:67:94:2c:0b:b4:e7:
         34:cc:79:e5:2a:1c:f5:08:a4:3e:37:c3:59:6c:5e:70:15:9a:
         2e:05:cd:55:f3:e1:d0:36:b8:21:5f:fd:5a:6f:30:33:ca:8d:
         18:50:3a:e2:97:b2:f3:92:4c:35:7e:b0:7e:5d:37:e2:aa:65:
         a3:1b:41:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x2+TTGG9DoQgNlPNqRjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMTAxMDQxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGRmZTEzYTgwZTc1ZDcwNGM3MDgyZWVmMWFiMDgyNTI0ODU1M2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKCaJRnrVxvaIBw/zjq6RgUYsH0q
5YQKTBmoz+iAHOatZU4yPwM1myUQkthnRaUUsg44+KiKHzAt1l+wYMsxuxeYC1gR
4YbLWoHw0C42ilMwC7LtfwYf0i0x2YPQBZvt5R3z2oxgZHCvzjiLRiH7UZxGoPai
JGw8pUWRhfeVhBzj3f+/AqqVeJrsM85zh+McCv1QPHUOF8OS4ZNwqXA+9GxEWTij
YpoqyWvWFaJx8NCv8JzKmajVh3TpUdA2YO68y5VWFlPRnczPFkqPisI4Wx3rFCYq
k0ik80uy93gDwdovuixJVEcLfNA2RRkza0tzrQfqhPDKht+4qtj8Y63AvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjf4TqA511wTHCC7vGrCCUkhVOpMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvU05faE9vRG5YWEJNY0lMdThhc0lKU1NGVTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsGe8MA0G
CSqGSIb3DQEBCwUAA4IBAQBc0yV4G0L1/Wgf6WVK9TSTUbi/5DRGRiO6HVRCqkPF
+zRl81XmVPdIX78lx4gm74/qSrNTdjmBW3FNrwD9zh0Lm4EAbPnuxo2FTdsPNFwu
U0tNrOVef/P80hfaKWwUyNyKN1X+Ama7Qj3gzHSWBo9TKyTajgxSEseOo98lwqm/
UCxPecsE00uvfTjuPk0ys7WV8WTXKtCMb2un06Hx4m8wtpDlXB1TaWb/HoKQSXL4
rhgfhhSyNvGWLCAHLKS63CtnlCwLtOc0zHnlKhz1CKQ+N8NZbF5wFZouBc1V8+HQ
NrghX/1abzAzyo0YUDril7Lzkkw1frB+XTfiqmWjG0Gl
-----END CERTIFICATE-----