This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/mU500IrDA34-_DZykJnyPTlrppE.roa
File:                     mU500IrDA34-_DZykJnyPTlrppE.roa (raw, json)
Hash identifier:          +vAVh1Yr0k044C+InehYRlf3YBv6rAWFpbl7IasP7yg=
Subject key identifier:   99:4E:74:D0:8A:C3:03:7E:3E:FC:36:72:90:99:F2:3D:39:6B:A6:91
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B7E389A7FA6F45DB3C7AA93A7D80F2FF4
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/mU500IrDA34-_DZykJnyPTlrppE.roa
Signing time:             Fri 02 Jan 2026 10:19:57 +0000
ROA not before:           Fri 02 Jan 2026 10:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215727
IP address blocks:        188.66.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:9a:7f:a6:f4:5d:b3:c7:aa:93:a7:d8:0f:2f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 10:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=994e74d08ac3037e3efc36729099f23d396ba691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:18:bf:e9:fe:1a:eb:7e:73:0b:96:23:b2:56:
                    6b:bd:49:24:9e:30:d8:e5:46:e3:be:c2:32:22:d4:
                    89:ce:41:7c:8e:bc:0f:58:f0:1b:da:15:1c:3c:3b:
                    e8:bd:5c:44:da:2d:2c:7d:e4:6a:54:64:db:2c:05:
                    8a:c7:78:6f:bb:a6:44:ec:d2:b2:e3:42:f8:e9:e5:
                    9c:4f:67:14:35:dc:84:50:1f:0d:af:65:89:db:74:
                    55:47:91:db:a9:93:06:dd:1b:9a:d4:3a:ec:d5:0c:
                    43:af:64:89:57:c0:67:e6:fe:23:3a:2c:12:00:bf:
                    9e:b0:c6:23:1f:2e:05:fa:b7:cb:85:16:dc:8d:4c:
                    5c:74:aa:25:43:65:4a:5f:09:30:85:37:b0:03:de:
                    da:de:dd:95:7e:7c:bd:35:fb:69:12:db:eb:4b:bb:
                    21:08:16:12:a7:d9:db:ee:37:01:ef:26:96:9a:c4:
                    06:a1:3b:e2:ee:87:cc:d1:fe:2d:23:2e:00:0e:b6:
                    ed:ce:5d:2d:00:8d:ea:8b:0e:f5:13:c7:87:1c:0b:
                    92:0d:25:22:9e:d6:f1:ad:15:5e:4b:13:39:ca:f9:
                    ce:83:ff:a5:7f:2b:29:2f:4b:66:94:74:e0:e8:c0:
                    5a:7c:be:d4:60:25:78:8a:1b:f3:88:ca:1b:78:73:
                    2d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:4E:74:D0:8A:C3:03:7E:3E:FC:36:72:90:99:F2:3D:39:6B:A6:91
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/mU500IrDA34-_DZykJnyPTlrppE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:61:d6:52:b8:f3:74:c0:25:2d:bd:ed:d5:bc:87:e8:b1:66:
         5c:58:a7:01:f7:5c:e1:75:d9:96:39:69:ca:c2:00:c2:52:fc:
         8f:1f:ce:04:b3:c4:fa:ba:58:17:b5:9a:3d:92:ed:40:8e:3c:
         2f:d0:e1:ad:ff:9f:63:ec:43:0b:ca:72:eb:55:8e:a3:fd:74:
         7e:a9:54:36:b0:ec:6b:37:a8:a0:8d:ee:cb:dd:be:e8:95:50:
         a3:74:2e:81:b6:7f:7a:0d:1a:a6:4f:33:d4:ba:60:cc:b8:e5:
         bf:db:fd:92:61:ac:80:30:5e:0c:ef:50:39:8d:68:80:81:27:
         6d:3b:c1:cc:2e:3d:b6:97:da:77:1f:5f:d8:9a:f6:fc:67:de:
         39:da:9a:32:f1:c9:06:08:4e:9e:69:02:ad:fc:ef:59:16:ea:
         37:ef:f4:8c:e3:f6:80:88:a0:48:cb:ae:c5:5e:01:22:d5:79:
         d3:d4:2d:93:73:b0:13:07:a4:2c:70:59:c0:cd:48:61:88:97:
         ad:86:ec:19:8c:41:db:d2:13:98:f5:16:bc:fe:8c:cc:4c:ff:
         cd:60:7a:e6:14:09:d3:fa:0f:41:f3:d2:f5:07:95:13:8e:5c:
         ca:e2:9f:41:83:c7:a4:02:8f:71:b1:29:9a:31:dd:52:83:8c:
         40:34:8f:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJp/pvRds8eqk6fYDy/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMTAyMTAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTRlNzRkMDhhYzMwMzdlM2VmYzM2NzI5MDk5ZjIzZDM5NmJhNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxi/6f4a635zC5YjslZrvUkknjDY
5UbjvsIyItSJzkF8jrwPWPAb2hUcPDvovVxE2i0sfeRqVGTbLAWKx3hvu6ZE7NKy
40L46eWcT2cUNdyEUB8Nr2WJ23RVR5HbqZMG3Rua1Drs1QxDr2SJV8Bn5v4jOiwS
AL+esMYjHy4F+rfLhRbcjUxcdKolQ2VKXwkwhTewA97a3t2Vfny9NftpEtvrS7sh
CBYSp9nb7jcB7yaWmsQGoTvi7ofM0f4tIy4ADrbtzl0tAI3qiw71E8eHHAuSDSUi
ntbxrRVeSxM5yvnOg/+lfyspL0tmlHTg6MBafL7UYCV4ihvziMobeHMtOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlOdNCKwwN+Pvw2cpCZ8j05a6aRMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvbVU1MDBJckRBMzQtX0RaeWtKbnlQVGxycHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIbMA0G
CSqGSIb3DQEBCwUAA4IBAQCBYdZSuPN0wCUtve3VvIfosWZcWKcB91zhddmWOWnK
wgDCUvyPH84Es8T6ulgXtZo9ku1Ajjwv0OGt/59j7EMLynLrVY6j/XR+qVQ2sOxr
N6igje7L3b7olVCjdC6Btn96DRqmTzPUumDMuOW/2/2SYayAMF4M71A5jWiAgSdt
O8HMLj22l9p3H1/Ymvb8Z9452poy8ckGCE6eaQKt/O9ZFuo37/SM4/aAiKBIy67F
XgEi1XnT1C2Tc7ATB6QscFnAzUhhiJethuwZjEHb0hOY9Ra8/ozMTP/NYHrmFAnT
+g9B89L1B5UTjlzK4p9Bg8ekAo9xsSmaMd1Sg4xANI/L
-----END CERTIFICATE-----