This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/3XPriRsnrECkZ-RiN0z2mZpe4cw.roa
File:                     3XPriRsnrECkZ-RiN0z2mZpe4cw.roa (raw, json)
Hash identifier:          dWhNv/YEpql87FAc9PA3+cBPtmKe44FQYidRCffkBO4=
Subject key identifier:   DD:73:EB:89:1B:27:AC:40:A4:67:E4:62:37:4C:F6:99:9A:5E:E1:CC
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B7E3891E962E62333F9E60C67E3153C7D
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/3XPriRsnrECkZ-RiN0z2mZpe4cw.roa
Signing time:             Fri 02 Jan 2026 10:19:55 +0000
ROA not before:           Fri 02 Jan 2026 10:19:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26042
IP address blocks:        103.216.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:91:e9:62:e6:23:33:f9:e6:0c:67:e3:15:3c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 10:19:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd73eb891b27ac40a467e462374cf6999a5ee1cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:6b:9c:f6:a4:19:75:6d:e7:74:ef:12:f9:
                    8b:03:2c:fc:88:ac:19:7c:1c:1a:aa:58:e7:a8:e6:
                    df:b7:c6:06:ef:67:04:49:15:99:40:4c:6a:6f:16:
                    d4:35:06:91:ea:11:e0:ef:b9:82:57:62:fe:fa:6c:
                    37:a4:5e:bb:95:1d:1a:36:9a:ff:4c:bc:da:25:eb:
                    55:85:ce:09:c7:f6:e4:d8:67:22:17:32:57:d3:ad:
                    e0:32:4d:f7:10:95:eb:d2:e0:15:0e:c5:5c:0f:36:
                    4a:02:5b:9e:bc:83:2c:ef:57:ef:22:09:da:79:d9:
                    45:62:cb:a1:13:a2:c9:c9:b8:13:46:b0:06:33:d7:
                    16:63:cb:f9:38:c3:2a:44:9a:33:e2:9a:2c:63:13:
                    b1:61:9e:a5:52:b3:3d:ae:d2:63:90:b9:fc:1f:f9:
                    67:f5:32:42:4a:d0:43:e2:ce:20:5a:c1:d8:3a:07:
                    49:d1:79:47:8a:d7:1b:8d:67:77:00:a2:ea:42:41:
                    e5:61:fc:8b:bd:40:cc:6e:83:65:60:5c:ed:d1:ca:
                    ca:39:87:88:17:68:d0:2b:8a:3c:78:46:e9:fb:9a:
                    a4:72:6d:73:b7:b0:6a:da:f9:c5:47:d7:14:7e:2c:
                    8b:59:51:f6:89:f2:e2:ae:da:a4:0f:15:48:46:ac:
                    26:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:73:EB:89:1B:27:AC:40:A4:67:E4:62:37:4C:F6:99:9A:5E:E1:CC
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/3XPriRsnrECkZ-RiN0z2mZpe4cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:68:b9:6f:3f:6f:a3:67:05:49:be:c8:5a:a0:8b:8c:6d:3d:
         d4:4e:55:f8:08:96:e9:5d:ec:35:d8:e0:26:60:ac:6e:a6:1e:
         4d:d4:40:c8:f5:fc:1a:06:18:75:0d:c3:5f:92:e9:e9:6d:52:
         92:b1:fc:80:e6:e8:9f:e4:fb:7d:70:b4:40:d7:80:4c:37:fc:
         ad:53:4f:fa:98:07:4f:76:51:79:2e:4d:67:45:85:74:dc:67:
         06:97:81:72:8c:b3:c0:0d:9e:34:0a:61:30:b2:38:4c:98:19:
         23:3e:45:57:c2:4e:f6:1a:bc:3f:f2:e4:30:b1:c8:ce:3f:00:
         ee:6a:4d:f5:d5:ab:c7:2c:3c:ea:19:86:04:96:76:57:b3:5e:
         7f:d7:74:d9:6b:b6:91:12:76:06:53:01:aa:91:ec:9f:cd:9b:
         94:30:1c:b3:5b:15:0f:19:19:79:2e:cb:0c:17:78:4d:cc:84:
         b9:99:46:7c:84:21:77:18:6e:d9:5f:e4:16:cb:a2:40:02:19:
         b3:28:23:5d:d0:b0:45:03:a5:74:0c:69:a1:31:8c:c2:7f:f0:
         13:b3:e7:33:a0:30:9c:ff:71:e2:41:55:e8:1d:ee:9a:c4:81:
         e4:de:64:a3:b7:bc:36:7b:51:35:6e:c2:d6:92:73:e2:e7:f7:
         99:9a:41:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJHpYuYjM/nmDGfjFTx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMTAyMTAxOTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDczZWI4OTFiMjdhYzQwYTQ2N2U0NjIzNzRjZjY5OTlhNWVlMWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudBrnPakGXVt53TvEvmLAyz8iKwZ
fBwaqljnqObft8YG72cESRWZQExqbxbUNQaR6hHg77mCV2L++mw3pF67lR0aNpr/
TLzaJetVhc4Jx/bk2GciFzJX063gMk33EJXr0uAVDsVcDzZKAluevIMs71fvIgna
edlFYsuhE6LJybgTRrAGM9cWY8v5OMMqRJoz4posYxOxYZ6lUrM9rtJjkLn8H/ln
9TJCStBD4s4gWsHYOgdJ0XlHitcbjWd3AKLqQkHlYfyLvUDMboNlYFzt0crKOYeI
F2jQK4o8eEbp+5qkcm1zt7Bq2vnFR9cUfiyLWVH2ifLirtqkDxVIRqwm8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1z64kbJ6xApGfkYjdM9pmaXuHMMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvM1hQcmlSc25yRUNrWi1SaU4wejJtWnBlNGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9isMA0G
CSqGSIb3DQEBCwUAA4IBAQCcaLlvP2+jZwVJvshaoIuMbT3UTlX4CJbpXew12OAm
YKxuph5N1EDI9fwaBhh1DcNfkunpbVKSsfyA5uif5Pt9cLRA14BMN/ytU0/6mAdP
dlF5Lk1nRYV03GcGl4FyjLPADZ40CmEwsjhMmBkjPkVXwk72Grw/8uQwscjOPwDu
ak311avHLDzqGYYElnZXs15/13TZa7aREnYGUwGqkeyfzZuUMByzWxUPGRl5LssM
F3hNzIS5mUZ8hCF3GG7ZX+QWy6JAAhmzKCNd0LBFA6V0DGmhMYzCf/ATs+czoDCc
/3HiQVXoHe6axIHk3mSjt7w2e1E1bsLWknPi5/eZmkEL
-----END CERTIFICATE-----