This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/0ASsrcIDZnw7ewpaNwG4VPlmmRQ.roa
File:                     0ASsrcIDZnw7ewpaNwG4VPlmmRQ.roa (raw, json)
Hash identifier:          e4Bbe8kx9J+937mRPuAmB54EfUg5NEO0i53Wrek6DuQ=
Subject key identifier:   D0:04:AC:AD:C2:03:66:7C:3B:7B:0A:5A:37:01:B8:54:F9:66:99:14
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B7E389B757C10B10FB6B3DF4A749E7F1A
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/0ASsrcIDZnw7ewpaNwG4VPlmmRQ.roa
Signing time:             Fri 02 Jan 2026 10:19:57 +0000
ROA not before:           Fri 02 Jan 2026 10:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395374
IP address blocks:        193.108.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:9b:75:7c:10:b1:0f:b6:b3:df:4a:74:9e:7f:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 10:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d004acadc203667c3b7b0a5a3701b854f9669914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:da:9b:f0:72:2d:ba:0b:ec:57:24:b4:a0:5a:
                    6b:50:c9:2c:13:c1:7b:df:d6:25:bb:72:a7:2f:a7:
                    95:f6:ea:cc:3f:d7:d8:df:d8:aa:ae:61:67:05:2c:
                    b0:53:00:10:15:75:a8:53:c5:8d:c4:c1:b6:d9:3e:
                    ac:72:d5:ae:8b:67:6d:56:0c:2e:a9:3b:cc:a8:01:
                    2c:83:9e:f8:a6:d4:86:12:27:9d:88:d5:4c:bd:37:
                    bd:eb:00:c0:bf:5c:db:34:3c:d0:5c:d5:3c:b2:14:
                    d0:fd:07:6c:a2:0d:55:51:6b:a0:72:d5:ea:3c:94:
                    55:90:dd:ac:f5:4f:7e:38:a5:95:b5:28:97:e7:5b:
                    c9:25:ca:97:31:f5:21:b3:48:1f:77:33:48:77:6e:
                    ad:b4:f1:a1:19:1e:ed:66:40:2f:a1:46:ae:22:5a:
                    bb:cb:c3:2c:8d:6f:1f:72:19:dc:46:2a:0f:36:a5:
                    f7:71:5b:6d:f4:38:5e:77:0e:62:37:57:61:6f:2b:
                    b2:61:09:c1:e2:7f:ad:16:1f:a8:e5:08:12:ed:87:
                    bf:eb:d6:d1:e1:9e:ba:b5:56:40:d9:98:42:29:5a:
                    20:ab:cc:8a:8b:0e:a3:ef:50:75:3e:6e:6a:ad:53:
                    9e:2a:4b:40:6e:a2:0c:ac:71:04:82:25:ce:8e:f1:
                    bb:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:04:AC:AD:C2:03:66:7C:3B:7B:0A:5A:37:01:B8:54:F9:66:99:14
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/0ASsrcIDZnw7ewpaNwG4VPlmmRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:6e:eb:0c:84:41:b1:db:6e:2e:fb:22:8c:1b:dc:a8:0e:b3:
         86:ed:be:99:ec:f4:d0:f5:17:b8:f2:5f:35:dd:0e:f0:45:fc:
         2e:54:5c:a7:7e:75:d8:55:20:a1:10:93:34:af:6d:24:5f:ac:
         0a:b7:9f:e5:00:82:61:c4:26:c2:83:89:8b:bc:bf:e3:6f:e2:
         62:fb:36:fd:96:11:e0:eb:41:2f:cf:a3:21:d6:3d:38:ac:52:
         e0:14:a4:02:29:20:2a:4d:d1:15:68:61:99:37:a8:53:e4:e8:
         93:95:f4:cf:84:85:e2:ae:2f:46:5e:d3:57:ae:80:9c:c9:2a:
         5b:90:b3:50:de:cc:61:3e:09:ef:41:14:f3:fb:75:3c:20:ad:
         0a:7a:68:36:81:52:a8:f7:59:37:0f:81:9a:dd:99:06:4b:30:
         71:e8:58:79:e0:8d:b2:5a:b6:bc:b4:59:f4:e8:d7:c2:50:1d:
         8b:7f:88:ec:41:7c:fd:ba:3e:45:6c:f1:f4:61:a4:23:0d:33:
         1f:d9:27:23:92:28:5f:9c:1a:9b:05:c7:63:46:65:a7:2a:3e:
         e6:94:50:5b:89:0c:8f:f7:29:11:0e:9c:a5:1a:ec:a4:13:d1:
         02:99:c9:10:ce:9a:75:6a:db:9a:d8:b8:77:06:d4:1e:c5:3e:
         3b:9b:4a:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJt1fBCxD7az30p0nn8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMTAyMTAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDA0YWNhZGMyMDM2NjdjM2I3YjBhNWEzNzAxYjg1NGY5NjY5OTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtqb8HItugvsVyS0oFprUMksE8F7
39Ylu3KnL6eV9urMP9fY39iqrmFnBSywUwAQFXWoU8WNxMG22T6sctWui2dtVgwu
qTvMqAEsg574ptSGEiediNVMvTe96wDAv1zbNDzQXNU8shTQ/Qdsog1VUWugctXq
PJRVkN2s9U9+OKWVtSiX51vJJcqXMfUhs0gfdzNId26ttPGhGR7tZkAvoUauIlq7
y8MsjW8fchncRioPNqX3cVtt9Dhedw5iN1dhbyuyYQnB4n+tFh+o5QgS7Ye/69bR
4Z66tVZA2ZhCKVogq8yKiw6j71B1Pm5qrVOeKktAbqIMrHEEgiXOjvG7pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAErK3CA2Z8O3sKWjcBuFT5ZpkUMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvMEFTc3JjSURabnc3ZXdwYU53RzRWUGxtbVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw7MA0G
CSqGSIb3DQEBCwUAA4IBAQCObusMhEGx224u+yKMG9yoDrOG7b6Z7PTQ9Re48l81
3Q7wRfwuVFynfnXYVSChEJM0r20kX6wKt5/lAIJhxCbCg4mLvL/jb+Ji+zb9lhHg
60Evz6Mh1j04rFLgFKQCKSAqTdEVaGGZN6hT5OiTlfTPhIXiri9GXtNXroCcySpb
kLNQ3sxhPgnvQRTz+3U8IK0Kemg2gVKo91k3D4Ga3ZkGSzBx6Fh54I2yWra8tFn0
6NfCUB2Lf4jsQXz9uj5FbPH0YaQjDTMf2ScjkihfnBqbBcdjRmWnKj7mlFBbiQyP
9ykRDpylGuykE9ECmckQzpp1atua2Lh3BtQexT47m0qE
-----END CERTIFICATE-----