This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Tr29gpXA1jmqDBgka1nUTKOJCJo.roa
File:                     Tr29gpXA1jmqDBgka1nUTKOJCJo.roa (raw, json)
Hash identifier:          hh8K875PIUFVA9mwH3l4qIdJG1FDE5Nj1NE6V/fpg5s=
Subject key identifier:   4E:BD:BD:82:95:C0:D6:39:AA:0C:18:24:6B:59:D4:4C:A3:89:08:9A
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019B7E38C3201D58BB1A244D5CF1B9C73467
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Tr29gpXA1jmqDBgka1nUTKOJCJo.roa
Signing time:             Fri 02 Jan 2026 10:20:07 +0000
ROA not before:           Fri 02 Jan 2026 10:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216138
IP address blocks:        185.125.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:c3:20:1d:58:bb:1a:24:4d:5c:f1:b9:c7:34:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 10:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ebdbd8295c0d639aa0c18246b59d44ca389089a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ca:47:66:08:6d:12:c2:cf:34:9b:50:94:2e:
                    0a:dc:76:f0:cf:70:f4:0f:3c:c1:01:a8:5b:83:49:
                    c6:e5:92:af:6d:3b:88:8c:89:9b:10:52:63:09:84:
                    0e:cd:fa:a2:f5:8e:45:ff:80:b0:b2:60:c3:11:b9:
                    1b:55:c9:d2:4f:c2:9c:c7:1a:f4:4b:57:02:b3:55:
                    2a:87:e0:82:cb:7e:f7:6f:ff:92:ce:e8:35:54:b1:
                    e2:75:6a:2e:a2:f5:b8:83:5f:04:54:ec:5e:ac:bf:
                    1f:67:a5:20:37:0f:e4:95:39:23:79:aa:dc:37:c0:
                    95:53:09:1f:c6:c1:c3:34:70:79:81:da:1d:9f:46:
                    50:d4:82:bb:50:ba:39:57:e1:7e:de:0d:69:44:65:
                    4a:60:fd:c9:68:04:15:46:9a:ab:30:30:07:a5:99:
                    a0:65:65:79:a0:a0:3e:89:64:b8:cb:87:b2:a9:50:
                    27:64:c5:bb:07:a8:cd:4c:23:2b:54:41:0e:d5:a8:
                    7e:47:da:27:e9:60:16:fe:b8:99:6c:ea:26:dd:e8:
                    5d:0e:e2:37:00:89:b9:36:b6:61:4d:93:29:52:81:
                    e6:27:77:89:dc:b4:ba:35:df:d7:40:f1:00:c3:89:
                    75:ad:b2:dc:44:dc:39:e8:2e:0b:a8:dc:de:ad:95:
                    81:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:BD:BD:82:95:C0:D6:39:AA:0C:18:24:6B:59:D4:4C:A3:89:08:9A
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Tr29gpXA1jmqDBgka1nUTKOJCJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:74:63:96:2f:b7:50:93:cc:ce:99:53:b1:23:36:7c:69:1f:
         f7:58:d7:35:34:68:57:85:ac:c2:65:6c:68:00:2a:d7:a4:f0:
         8f:a8:64:18:78:85:5a:7c:3c:3e:ae:79:da:cb:8c:3d:4a:ff:
         55:c1:e8:45:ae:b7:df:c3:4e:87:db:e9:a7:e1:0b:ea:3e:8f:
         e5:73:2f:a8:40:2c:62:76:1d:19:85:22:90:6a:7a:51:e6:42:
         3d:29:f1:b1:24:48:15:f0:85:4c:40:83:32:85:fd:61:e0:6b:
         4d:69:01:a5:3f:45:fe:48:de:00:f0:67:eb:04:c2:81:3c:53:
         6c:03:5f:14:6d:03:21:7e:f9:33:74:c5:14:21:a8:3d:6b:1e:
         64:91:28:dd:0c:1b:ef:e9:76:ce:c6:89:f9:42:59:d2:0b:5a:
         ef:cb:96:7c:f8:73:29:f3:2a:69:7c:df:70:36:5e:b1:5f:58:
         3b:90:d9:26:bf:10:b9:4a:e0:5a:3c:78:48:42:93:59:40:3c:
         bc:9c:d6:34:a6:92:4b:44:50:b8:c8:36:45:7e:91:de:64:95:
         86:b7:57:af:91:34:b9:82:f4:34:a5:25:3a:d4:ad:54:0a:05:
         30:b5:80:7f:8a:6a:a2:d2:56:54:8e:99:d7:7f:27:ed:d7:5c:
         b6:68:14:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OMMgHVi7GiRNXPG5xzRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjYwMTAyMTAyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWJkYmQ4Mjk1YzBkNjM5YWEwYzE4MjQ2YjU5ZDQ0Y2EzODkwODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58pHZghtEsLPNJtQlC4K3Hbwz3D0
DzzBAahbg0nG5ZKvbTuIjImbEFJjCYQOzfqi9Y5F/4CwsmDDEbkbVcnST8Kcxxr0
S1cCs1Uqh+CCy373b/+Szug1VLHidWouovW4g18EVOxerL8fZ6UgNw/klTkjearc
N8CVUwkfxsHDNHB5gdodn0ZQ1IK7ULo5V+F+3g1pRGVKYP3JaAQVRpqrMDAHpZmg
ZWV5oKA+iWS4y4eyqVAnZMW7B6jNTCMrVEEO1ah+R9on6WAW/riZbOom3ehdDuI3
AIm5NrZhTZMpUoHmJ3eJ3LS6Nd/XQPEAw4l1rbLcRNw56C4LqNzerZWB7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE69vYKVwNY5qgwYJGtZ1EyjiQiaMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvVHIyOWdwWEExam1xREJna2ExblVUS09KQ0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX3zMA0G
CSqGSIb3DQEBCwUAA4IBAQB0dGOWL7dQk8zOmVOxIzZ8aR/3WNc1NGhXhazCZWxo
ACrXpPCPqGQYeIVafDw+rnnay4w9Sv9VwehFrrffw06H2+mn4QvqPo/lcy+oQCxi
dh0ZhSKQanpR5kI9KfGxJEgV8IVMQIMyhf1h4GtNaQGlP0X+SN4A8GfrBMKBPFNs
A18UbQMhfvkzdMUUIag9ax5kkSjdDBvv6XbOxon5QlnSC1rvy5Z8+HMp8yppfN9w
Nl6xX1g7kNkmvxC5SuBaPHhIQpNZQDy8nNY0ppJLRFC4yDZFfpHeZJWGt1evkTS5
gvQ0pSU61K1UCgUwtYB/imqi0lZUjpnXfyft11y2aBQI
-----END CERTIFICATE-----