This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/Ca8Lzw8zNfJDh1Ly0_qC-fHiM6E.roa
File:                     Ca8Lzw8zNfJDh1Ly0_qC-fHiM6E.roa (raw, json)
Hash identifier:          C4RNhoeAXLEJghqWzvBuSPRqznDdmFIllRZiSPyy5uI=
Subject key identifier:   09:AF:0B:CF:0F:33:35:F2:43:87:52:F2:D3:FA:82:F9:F1:E2:33:A1
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B7E389BFF53C1CB9F3517A7B5260022E6
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/Ca8Lzw8zNfJDh1Ly0_qC-fHiM6E.roa
Signing time:             Fri 02 Jan 2026 10:19:57 +0000
ROA not before:           Fri 02 Jan 2026 10:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400039
IP address blocks:        146.19.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:9b:ff:53:c1:cb:9f:35:17:a7:b5:26:00:22:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 10:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09af0bcf0f3335f2438752f2d3fa82f9f1e233a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:32:b7:2e:91:b3:6a:48:d4:b5:bf:f3:7a:74:
                    c5:c7:82:b7:fa:5a:75:0c:37:8e:93:39:ea:89:79:
                    69:34:0b:f1:89:eb:5d:94:22:1e:87:a8:60:80:de:
                    f6:65:d8:bb:0d:6b:ca:c6:29:4a:32:38:b1:60:cc:
                    fc:64:9f:9a:75:b1:f9:fb:17:9e:98:9a:6d:e0:72:
                    5a:3a:28:fa:08:93:9c:eb:df:6f:c3:3c:5f:9d:8c:
                    f9:63:97:d1:45:af:93:31:04:6a:91:86:3a:43:a9:
                    70:4c:c8:67:c0:4e:ab:94:94:aa:b8:60:1c:77:aa:
                    da:9f:50:d2:c9:fe:46:61:55:b3:c5:ce:2c:af:e1:
                    67:39:53:8b:08:10:f4:72:ca:c2:56:f6:a0:6a:ec:
                    80:b3:06:81:4d:e1:cb:8f:86:b2:c2:f8:fd:f4:81:
                    94:71:8e:64:aa:85:80:92:e7:90:f5:4b:b0:95:6c:
                    0d:a4:a2:e9:49:54:a3:49:c1:55:8e:4a:fa:f7:42:
                    63:59:60:0a:78:3d:ec:5a:6b:86:a2:c9:96:d3:ed:
                    06:9f:9e:c7:bf:a0:58:ff:5d:9a:66:23:c7:a7:8b:
                    cc:00:65:97:55:c4:07:ec:a4:c6:c2:0c:f4:bf:e2:
                    2d:f3:9f:38:00:a4:fb:20:b7:6f:87:3b:12:d9:68:
                    5e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:AF:0B:CF:0F:33:35:F2:43:87:52:F2:D3:FA:82:F9:F1:E2:33:A1
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/Ca8Lzw8zNfJDh1Ly0_qC-fHiM6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:4b:c0:b2:a0:a2:61:1b:0a:12:6b:8f:6d:b9:e6:1d:d2:a8:
         d7:9f:3d:4d:c1:5a:56:a4:12:a4:46:e6:7f:b0:29:a0:a6:7a:
         14:99:ae:ad:8b:00:49:d6:d9:37:b9:04:2f:5e:7b:3a:3b:e9:
         56:11:93:aa:6c:7a:12:30:7e:28:03:d6:cb:f2:71:a8:64:6b:
         b8:fb:8e:69:be:1e:ce:f0:ff:8d:ee:17:4e:51:7f:dc:75:d2:
         22:66:57:ad:4e:6c:c5:18:fd:c9:bd:7c:5f:90:75:b3:03:0e:
         12:3a:fa:78:4a:13:93:33:48:26:32:3c:75:91:f8:46:3d:f9:
         c5:20:f2:04:94:1b:8e:00:75:62:ec:1a:45:33:68:c4:92:c2:
         df:3d:7a:bb:fe:6a:ff:fb:b9:48:f1:68:29:92:9a:bf:73:d0:
         d1:96:4e:2a:2d:94:84:5b:2b:72:27:04:54:06:99:24:bd:29:
         81:49:f8:cb:a7:e7:27:ba:57:51:4f:c3:ce:f7:c2:49:ec:24:
         17:8d:0f:49:ef:12:d0:30:69:4e:b3:00:80:62:34:bd:d8:3a:
         b2:69:0f:5f:0e:91:bc:04:70:b7:34:bd:d6:52:92:ed:3c:0c:
         7b:d3:31:db:df:5e:95:0b:d3:ac:94:9b:c9:f8:a3:ad:97:a9:
         b4:a9:9a:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJv/U8HLnzUXp7UmACLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMTAyMTAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWFmMGJjZjBmMzMzNWYyNDM4NzUyZjJkM2ZhODJmOWYxZTIzM2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTK3LpGzakjUtb/zenTFx4K3+lp1
DDeOkznqiXlpNAvxietdlCIeh6hggN72Zdi7DWvKxilKMjixYMz8ZJ+adbH5+xee
mJpt4HJaOij6CJOc699vwzxfnYz5Y5fRRa+TMQRqkYY6Q6lwTMhnwE6rlJSquGAc
d6ran1DSyf5GYVWzxc4sr+FnOVOLCBD0csrCVvagauyAswaBTeHLj4aywvj99IGU
cY5kqoWAkueQ9UuwlWwNpKLpSVSjScFVjkr690JjWWAKeD3sWmuGosmW0+0Gn57H
v6BY/12aZiPHp4vMAGWXVcQH7KTGwgz0v+It8584AKT7ILdvhzsS2WherwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmvC88PMzXyQ4dS8tP6gvnx4jOhMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvQ2E4THp3OHpOZkpEaDFMeTBfcUMtZkhpTTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNcMA0G
CSqGSIb3DQEBCwUAA4IBAQCOS8CyoKJhGwoSa49tueYd0qjXnz1NwVpWpBKkRuZ/
sCmgpnoUma6tiwBJ1tk3uQQvXns6O+lWEZOqbHoSMH4oA9bL8nGoZGu4+45pvh7O
8P+N7hdOUX/cddIiZletTmzFGP3JvXxfkHWzAw4SOvp4ShOTM0gmMjx1kfhGPfnF
IPIElBuOAHVi7BpFM2jEksLfPXq7/mr/+7lI8Wgpkpq/c9DRlk4qLZSEWytyJwRU
BpkkvSmBSfjLp+cnuldRT8PO98JJ7CQXjQ9J7xLQMGlOswCAYjS92DqyaQ9fDpG8
BHC3NL3WUpLtPAx70zHb316VC9OslJvJ+KOtl6m0qZqL
-----END CERTIFICATE-----