This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/L3d8sz2ZrlbOuMohzHR2E6bdklE.roa
File:                     L3d8sz2ZrlbOuMohzHR2E6bdklE.roa (raw, json)
Hash identifier:          4TjPRBJiM5+flxA7WhNFWM20rOfZ6sjfcAOtdQXgYOg=
Subject key identifier:   2F:77:7C:B3:3D:99:AE:56:CE:B8:CA:21:CC:74:76:13:A6:DD:92:51
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B35F3A28EE10442374908A9905164AE
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/L3d8sz2ZrlbOuMohzHR2E6bdklE.roa
Signing time:             Thu 01 Jan 2026 20:18:11 +0000
ROA not before:           Thu 01 Jan 2026 20:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15626
IP address blocks:        62.68.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f3:a2:8e:e1:04:42:37:49:08:a9:90:51:64:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f777cb33d99ae56ceb8ca21cc747613a6dd9251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e9:d1:9a:ae:a7:93:71:68:e7:38:a5:89:b1:
                    49:00:c4:b3:53:0b:d9:f8:55:c7:67:c6:2c:2e:25:
                    14:8f:e7:ae:5b:9f:b6:64:7e:27:ec:22:50:3d:75:
                    f7:89:d6:45:e7:11:5d:2f:a8:79:b2:f2:0b:ca:92:
                    ff:00:29:93:e3:69:87:10:e4:8b:37:11:a3:e0:63:
                    48:89:c6:78:f9:de:68:eb:a7:36:7e:c9:f6:38:04:
                    4a:69:76:0e:81:0d:6c:52:37:bc:f1:0f:83:6a:10:
                    2f:ee:4d:ee:94:0e:11:cd:34:76:ee:82:87:99:c6:
                    dd:17:ad:28:c6:54:58:df:25:dc:22:27:e4:29:b3:
                    9a:fb:c9:f9:6d:ce:be:b7:42:5c:e1:1d:11:c8:4c:
                    98:15:c0:e7:41:cc:bf:af:e3:3a:80:c1:d7:aa:70:
                    d5:6a:36:f4:65:a8:cb:66:03:80:b1:d3:67:45:c0:
                    a7:7f:5a:3e:2d:3f:8a:18:a0:84:4a:24:7d:2d:e3:
                    16:8f:f0:5b:74:f7:f2:25:9e:31:be:67:36:f7:79:
                    91:ff:17:ed:a6:90:11:6b:6e:14:81:f5:65:89:40:
                    c3:fc:88:70:b4:9f:02:9e:94:7f:7f:69:9e:9d:2b:
                    36:c4:f0:0b:9b:f6:2b:29:f5:a5:3e:a7:22:97:19:
                    0b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:77:7C:B3:3D:99:AE:56:CE:B8:CA:21:CC:74:76:13:A6:DD:92:51
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/L3d8sz2ZrlbOuMohzHR2E6bdklE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:9c:e4:39:48:de:10:77:6c:72:57:68:45:de:80:cf:0a:41:
         2f:4b:11:1b:ac:d4:61:aa:6f:a4:05:e2:bc:4e:e2:18:9e:0c:
         ee:42:8e:de:e6:1c:a3:4f:27:60:41:61:76:de:c3:93:06:b8:
         00:8d:9b:19:f0:a7:ca:5f:f0:37:fe:72:43:75:10:1f:ee:b6:
         00:67:1e:28:9f:f0:8e:31:ae:f5:c1:ff:2e:2e:34:67:54:66:
         cc:78:20:3c:85:15:1d:ba:32:1e:06:9e:3d:bd:83:a8:40:6b:
         2a:10:bd:26:2e:30:ae:fb:b7:db:75:c4:c8:1c:65:5d:22:19:
         8d:f6:9b:e3:5c:20:45:dc:b1:e1:15:21:1e:08:08:e5:3d:cc:
         76:21:1b:51:7b:79:bf:2c:45:02:e3:25:6e:7b:77:df:c4:83:
         56:08:ce:1b:c3:61:43:45:e7:62:97:6d:df:05:03:04:e6:0a:
         57:81:f1:3a:73:53:d0:89:6d:05:76:bf:dd:72:04:da:7d:87:
         87:5c:44:31:6e:95:99:d3:a0:7a:21:1b:e6:31:ea:bb:6d:bb:
         7a:74:74:21:b4:9b:ff:d7:e4:9e:8d:57:88:80:15:6e:ed:e3:
         8d:9b:fe:5a:15:71:0f:e1:1c:11:fa:25:be:9d:b7:f7:cc:71:
         d2:fd:a8:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfOijuEEQjdJCKmQUWSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjc3N2NiMzNkOTlhZTU2Y2ViOGNhMjFjYzc0NzYxM2E2ZGQ5MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvenRmq6nk3Fo5zilibFJAMSzUwvZ
+FXHZ8YsLiUUj+euW5+2ZH4n7CJQPXX3idZF5xFdL6h5svILypL/ACmT42mHEOSL
NxGj4GNIicZ4+d5o66c2fsn2OARKaXYOgQ1sUje88Q+DahAv7k3ulA4RzTR27oKH
mcbdF60oxlRY3yXcIifkKbOa+8n5bc6+t0Jc4R0RyEyYFcDnQcy/r+M6gMHXqnDV
ajb0ZajLZgOAsdNnRcCnf1o+LT+KGKCESiR9LeMWj/BbdPfyJZ4xvmc293mR/xft
ppARa24UgfVliUDD/IhwtJ8CnpR/f2menSs2xPALm/YrKfWlPqcilxkLjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC93fLM9ma5WzrjKIcx0dhOm3ZJRMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvTDNkOHN6MlpybGJPdU1vaHpIUjJFNmJka2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRWMA0G
CSqGSIb3DQEBCwUAA4IBAQAvnOQ5SN4Qd2xyV2hF3oDPCkEvSxEbrNRhqm+kBeK8
TuIYngzuQo7e5hyjTydgQWF23sOTBrgAjZsZ8KfKX/A3/nJDdRAf7rYAZx4on/CO
Ma71wf8uLjRnVGbMeCA8hRUdujIeBp49vYOoQGsqEL0mLjCu+7fbdcTIHGVdIhmN
9pvjXCBF3LHhFSEeCAjlPcx2IRtRe3m/LEUC4yVue3ffxINWCM4bw2FDRedil23f
BQME5gpXgfE6c1PQiW0Fdr/dcgTafYeHXEQxbpWZ06B6IRvmMeq7bbt6dHQhtJv/
1+SejVeIgBVu7eONm/5aFXEP4RwR+iW+nbf3zHHS/aiQ
-----END CERTIFICATE-----