This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/iI7xLboa7mEZTIbddDCXnP5vHMU.roa
File:                     iI7xLboa7mEZTIbddDCXnP5vHMU.roa (raw, json)
Hash identifier:          l1gOEktDNyT5wyXeiyrREcT0TszwTr6ef8RWw/aj+04=
Subject key identifier:   88:8E:F1:2D:BA:1A:EE:61:19:4C:86:DD:74:30:97:9C:FE:6F:1C:C5
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B7E3893AAC2EA8BD42A1D90A6798407A6
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/iI7xLboa7mEZTIbddDCXnP5vHMU.roa
Signing time:             Fri 02 Jan 2026 10:19:55 +0000
ROA not before:           Fri 02 Jan 2026 10:19:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62563
IP address blocks:        193.108.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:93:aa:c2:ea:8b:d4:2a:1d:90:a6:79:84:07:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 10:19:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=888ef12dba1aee61194c86dd7430979cfe6f1cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1c:77:b4:77:7a:90:ba:f8:11:37:7d:71:b9:
                    91:fd:99:45:63:9f:3a:b9:c9:7f:88:c8:9e:42:49:
                    df:b0:1f:10:51:57:1c:d2:b3:1b:d9:c1:ff:ab:6d:
                    3f:20:18:bf:62:ec:d1:c7:aa:ed:ad:16:d2:2d:34:
                    56:ee:0f:50:f0:36:66:c0:81:3f:fe:18:aa:b7:76:
                    4d:fa:6f:1a:df:6f:50:44:6a:f9:0f:28:fa:72:c9:
                    ac:6f:e0:bf:41:6f:a7:0f:ce:9a:d2:65:38:d9:fe:
                    bf:b6:b9:d1:ec:07:4d:f4:17:6d:26:65:bb:ad:03:
                    b4:21:a7:22:81:29:0f:fe:78:ab:af:5d:70:57:17:
                    31:b4:1f:67:b6:65:56:52:45:90:41:e0:83:c2:43:
                    3e:ad:35:ed:e9:11:88:b5:01:4a:f2:21:d0:2f:7b:
                    1f:98:ed:0b:58:a4:2e:0f:1c:18:9d:10:12:31:83:
                    8e:b2:8d:c0:85:74:5c:4c:5f:3a:3a:b6:d0:e8:8c:
                    3e:ca:2a:c0:66:e5:31:ae:b3:ef:d0:cb:a8:61:1b:
                    fb:dc:7f:83:48:ac:d5:1e:96:70:2e:79:66:5d:f4:
                    1c:c2:8e:ff:10:40:07:90:6d:30:13:15:ae:bb:56:
                    c7:f3:77:5c:43:12:01:a4:67:f2:18:97:98:af:64:
                    18:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:8E:F1:2D:BA:1A:EE:61:19:4C:86:DD:74:30:97:9C:FE:6F:1C:C5
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/iI7xLboa7mEZTIbddDCXnP5vHMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:e9:1b:31:94:13:9f:f4:7c:47:c9:5b:bb:c0:eb:0f:42:9c:
         50:ff:13:07:04:67:f5:a0:64:bb:75:30:9d:ad:ef:de:d1:58:
         eb:34:8d:29:a4:47:32:39:f0:39:bf:2d:03:e5:c3:23:97:54:
         12:25:51:9b:ec:88:6c:b9:8c:94:77:cf:34:2f:fd:3f:5a:50:
         2e:ed:05:96:fe:f2:1a:f6:5c:92:85:9e:b3:59:01:0c:54:7f:
         7b:46:05:8f:11:51:d2:8f:2e:e6:22:df:76:ce:11:c5:59:e3:
         87:cb:84:be:66:5d:13:6f:34:b9:f4:86:6d:32:db:3f:c8:a6:
         37:af:5d:71:41:2a:58:b0:c9:a9:a6:26:e8:76:66:75:9c:0b:
         8e:c4:da:74:3e:37:36:70:c9:ff:d5:49:4e:c6:8f:e7:40:0b:
         48:04:6f:6b:fb:9c:17:50:9f:0a:7f:8c:2e:e7:6b:d9:d0:ce:
         ac:58:0c:c1:b5:21:59:22:66:b7:9b:50:6f:99:13:37:eb:c0:
         87:e0:63:c4:7b:9e:c2:5b:1e:85:18:8e:eb:d9:47:a7:bd:48:
         c6:d5:18:85:13:e8:59:b4:ea:14:39:52:7c:7b:60:d7:3c:c3:
         88:e4:ca:56:25:da:1f:f6:89:b4:10:13:2b:bf:0f:9f:a4:d5:
         21:c7:63:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJOqwuqL1CodkKZ5hAemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMTAyMTAxOTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODhlZjEyZGJhMWFlZTYxMTk0Yzg2ZGQ3NDMwOTc5Y2ZlNmYxY2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRx3tHd6kLr4ETd9cbmR/ZlFY586
ucl/iMieQknfsB8QUVcc0rMb2cH/q20/IBi/YuzRx6rtrRbSLTRW7g9Q8DZmwIE/
/hiqt3ZN+m8a329QRGr5Dyj6csmsb+C/QW+nD86a0mU42f6/trnR7AdN9BdtJmW7
rQO0IacigSkP/nirr11wVxcxtB9ntmVWUkWQQeCDwkM+rTXt6RGItQFK8iHQL3sf
mO0LWKQuDxwYnRASMYOOso3AhXRcTF86OrbQ6Iw+yirAZuUxrrPv0MuoYRv73H+D
SKzVHpZwLnlmXfQcwo7/EEAHkG0wExWuu1bH83dcQxIBpGfyGJeYr2QYNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiO8S26Gu5hGUyG3XQwl5z+bxzFMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvaUk3eExib2E3bUVaVEliZGREQ1huUDV2SE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw6MA0G
CSqGSIb3DQEBCwUAA4IBAQAx6RsxlBOf9HxHyVu7wOsPQpxQ/xMHBGf1oGS7dTCd
re/e0VjrNI0ppEcyOfA5vy0D5cMjl1QSJVGb7IhsuYyUd880L/0/WlAu7QWW/vIa
9lyShZ6zWQEMVH97RgWPEVHSjy7mIt92zhHFWeOHy4S+Zl0TbzS59IZtMts/yKY3
r11xQSpYsMmppibodmZ1nAuOxNp0Pjc2cMn/1UlOxo/nQAtIBG9r+5wXUJ8Kf4wu
52vZ0M6sWAzBtSFZIma3m1BvmRM368CH4GPEe57CWx6FGI7r2UenvUjG1RiFE+hZ
tOoUOVJ8e2DXPMOI5MpWJdof9om0EBMrvw+fpNUhx2P+
-----END CERTIFICATE-----