This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DSmFcc3CMB07sjJqwgYvCDZ71oA.roa
File:                     DSmFcc3CMB07sjJqwgYvCDZ71oA.roa (raw, json)
Hash identifier:          KbPU8Oi7PTcvYEb3lmld7J6qciV9VSvqVrEzwyBTsnw=
Subject key identifier:   0D:29:85:71:CD:C2:30:1D:3B:B2:32:6A:C2:06:2F:08:36:7B:D6:80
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019B7F136F6C86615D74669EDFE94B9B9E68
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DSmFcc3CMB07sjJqwgYvCDZ71oA.roa
Signing time:             Fri 02 Jan 2026 14:18:58 +0000
ROA not before:           Fri 02 Jan 2026 14:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        213.209.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 02:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:6f:6c:86:61:5d:74:66:9e:df:e9:4b:9b:9e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 14:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d298571cdc2301d3bb2326ac2062f08367bd680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:33:48:80:c4:50:57:88:97:a6:46:08:c5:d8:
                    25:84:e6:63:e4:83:d2:33:bd:68:0f:c2:03:97:6a:
                    6d:81:ba:22:16:91:d0:73:e0:bb:09:31:6c:a9:19:
                    aa:78:98:12:f0:25:e4:49:1d:c7:eb:e1:46:53:b7:
                    6e:ca:70:ad:1d:5e:f6:9d:ac:9c:b7:80:b6:7c:45:
                    02:5a:7a:d3:9d:28:61:c8:fe:b3:b6:18:c0:f0:2e:
                    1d:34:e5:57:42:3e:56:cf:73:84:47:8a:48:ad:96:
                    b5:d1:2d:e6:69:b6:56:e9:2f:36:7a:b1:7f:47:90:
                    95:f8:cb:0f:42:ac:79:f9:04:b8:00:92:97:04:e5:
                    33:18:cc:6c:02:c5:d4:cb:5f:c0:fa:5c:90:71:03:
                    da:ec:00:88:56:98:98:16:b7:f4:12:28:c5:9a:fe:
                    c4:82:a0:0c:03:24:78:db:10:29:ad:6f:cc:08:6f:
                    12:a3:96:dc:9a:3b:0f:28:2c:aa:09:20:ef:e5:33:
                    df:3c:1a:4d:30:07:4e:82:1a:72:78:93:e3:b9:3b:
                    2b:96:71:d8:31:3f:04:49:3e:ad:c6:ec:30:8a:b1:
                    6a:0c:a3:c1:da:62:ad:68:00:a4:d6:3c:90:f7:a9:
                    ab:0d:c1:f6:45:11:06:6c:85:d1:68:27:32:91:17:
                    5f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:29:85:71:CD:C2:30:1D:3B:B2:32:6A:C2:06:2F:08:36:7B:D6:80
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DSmFcc3CMB07sjJqwgYvCDZ71oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:4d:a3:de:d8:1c:ef:3c:de:08:a3:5d:56:de:cf:0f:d1:6f:
         56:da:95:b1:3d:35:7f:b1:58:26:bb:84:cb:0e:49:30:c0:d9:
         4b:65:e4:f2:2e:76:7e:7a:67:1c:e1:83:ea:38:53:e0:66:0d:
         6d:b2:a7:42:49:a8:39:81:6a:5d:10:10:9e:61:ce:35:c5:25:
         b4:b5:bf:d7:2d:23:c1:fc:39:fc:a2:e8:41:40:b3:b1:0d:03:
         88:bb:a2:6a:22:5d:d2:f7:9b:fe:bc:de:2e:0b:21:31:bf:8b:
         30:ce:af:45:62:ca:da:e8:fc:96:e5:41:89:8f:b7:98:b4:76:
         03:9a:9f:d2:dd:cd:00:d9:19:c9:18:ce:2d:9b:46:fa:71:43:
         24:cb:7b:67:fd:41:6c:e3:83:19:cf:6d:3c:97:b8:56:be:b4:
         fb:2e:a4:48:4c:2a:fe:c7:95:c5:50:e5:dc:13:95:f9:fc:61:
         c6:46:ba:d3:2e:f8:cb:78:8f:a0:95:5f:6e:c5:81:78:e1:d3:
         47:f8:cc:05:d5:65:ec:07:25:c5:a6:e8:35:f7:fb:d1:f0:46:
         18:3f:ae:3b:30:99:20:28:da:2a:8e:2a:90:a6:a2:00:27:47:
         9a:d3:15:c1:07:b5:c7:9c:46:f2:65:55:f3:6b:59:49:fa:17:
         fb:cc:60:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E29shmFddGae3+lLm55oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMTAyMTQxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDI5ODU3MWNkYzIzMDFkM2JiMjMyNmFjMjA2MmYwODM2N2JkNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDNIgMRQV4iXpkYIxdglhOZj5IPS
M71oD8IDl2ptgboiFpHQc+C7CTFsqRmqeJgS8CXkSR3H6+FGU7duynCtHV72nayc
t4C2fEUCWnrTnShhyP6zthjA8C4dNOVXQj5Wz3OER4pIrZa10S3mabZW6S82erF/
R5CV+MsPQqx5+QS4AJKXBOUzGMxsAsXUy1/A+lyQcQPa7ACIVpiYFrf0EijFmv7E
gqAMAyR42xAprW/MCG8So5bcmjsPKCyqCSDv5TPfPBpNMAdOghpyeJPjuTsrlnHY
MT8EST6txuwwirFqDKPB2mKtaACk1jyQ96mrDcH2RREGbIXRaCcykRdfKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0phXHNwjAdO7IyasIGLwg2e9aAMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvRFNtRmNjM0NNQjA3c2pKcXdnWXZDRFo3MW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGIMA0G
CSqGSIb3DQEBCwUAA4IBAQAgTaPe2BzvPN4Io11W3s8P0W9W2pWxPTV/sVgmu4TL
DkkwwNlLZeTyLnZ+emcc4YPqOFPgZg1tsqdCSag5gWpdEBCeYc41xSW0tb/XLSPB
/Dn8ouhBQLOxDQOIu6JqIl3S95v+vN4uCyExv4swzq9FYsra6PyW5UGJj7eYtHYD
mp/S3c0A2RnJGM4tm0b6cUMky3tn/UFs44MZz208l7hWvrT7LqRITCr+x5XFUOXc
E5X5/GHGRrrTLvjLeI+glV9uxYF44dNH+MwF1WXsByXFpug19/vR8EYYP647MJkg
KNoqjiqQpqIAJ0ea0xXBB7XHnEbyZVXza1lJ+hf7zGAV
-----END CERTIFICATE-----