This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/Z943jXHlAqEjC8HhkAmn0vuwcbY.roa
File:                     Z943jXHlAqEjC8HhkAmn0vuwcbY.roa (raw, json)
Hash identifier:          zwEb4pXvmmR3brxpaMTgJgnaLu7vluGbc09IMA9MXt4=
Subject key identifier:   67:DE:37:8D:71:E5:02:A1:23:0B:C1:E1:90:09:A7:D2:FB:B0:71:B6
Certificate issuer:       /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial:       019B7B367C5F33CC5A731F22059CE1D6F457
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/Z943jXHlAqEjC8HhkAmn0vuwcbY.roa
Signing time:             Thu 01 Jan 2026 20:18:46 +0000
ROA not before:           Thu 01 Jan 2026 20:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206505
IP address blocks:        62.3.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:7c:5f:33:cc:5a:73:1f:22:05:9c:e1:d6:f4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
        Validity
            Not Before: Jan  1 20:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67de378d71e502a1230bc1e19009a7d2fbb071b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d5:90:57:c3:bd:34:46:77:0e:b7:52:27:da:
                    7a:1f:79:7b:de:65:17:e4:99:bf:bd:e1:ab:c2:1e:
                    05:6c:c9:0c:bb:c9:67:e7:a8:0d:24:b7:5f:16:6f:
                    3c:f7:da:01:fa:3e:23:56:d1:12:11:8c:c7:36:6c:
                    b4:e5:dc:cd:7d:ed:f5:cf:ee:bb:f7:81:0e:7a:67:
                    9a:34:bc:68:79:49:1a:1a:18:9f:f8:56:03:b9:74:
                    d4:12:08:ee:aa:e8:35:2d:a0:59:9e:04:6f:04:e0:
                    bf:b1:9d:98:67:d9:8d:8d:70:ab:60:c8:85:35:8d:
                    a5:5f:10:8f:c7:a9:f7:61:4a:d3:10:ab:bc:f6:cc:
                    dd:82:3e:8c:4b:39:8d:00:d3:dc:86:38:39:39:7e:
                    9c:42:64:48:37:7c:c4:16:27:68:ec:60:1f:91:0d:
                    3c:f2:6c:85:a1:8b:0d:4e:03:15:f2:75:eb:e9:17:
                    69:61:54:74:6b:58:0c:48:8a:1a:45:ae:0d:ce:45:
                    dc:d2:20:5a:d2:f8:f7:28:9c:7e:e9:21:93:1a:37:
                    51:43:45:66:40:e2:3c:f5:1a:ea:65:d8:5b:f9:78:
                    46:12:3e:bd:a0:7f:1d:d4:97:23:f8:7b:9a:f2:c5:
                    64:80:aa:bb:9c:1f:99:ca:f4:cd:65:aa:61:fc:21:
                    e7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:DE:37:8D:71:E5:02:A1:23:0B:C1:E1:90:09:A7:D2:FB:B0:71:B6
            X509v3 Authority Key Identifier:
                keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/Z943jXHlAqEjC8HhkAmn0vuwcbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:64:e2:53:d1:b9:95:37:db:79:66:a1:d4:79:28:1e:c3:a1:
         97:af:61:31:ef:ff:00:ef:2e:bd:46:8d:ac:5b:b6:de:74:f4:
         f0:18:2b:51:d2:16:26:1a:7e:4b:cb:15:d0:18:90:94:1e:f7:
         de:96:2e:51:cb:7a:a7:71:e2:8d:7d:b6:6c:f6:9d:ab:3a:c6:
         22:bf:1d:ec:4c:fd:02:7d:78:8a:22:24:e9:e6:e2:b9:02:b2:
         ba:55:1a:03:01:7d:a9:d0:ec:66:5f:a0:b9:19:86:ba:d3:78:
         ed:14:e9:9b:81:e3:fb:5d:ad:3d:37:8f:b1:ee:8a:8a:84:9b:
         cc:53:2a:24:d7:18:4a:87:8c:f2:70:23:07:48:85:01:51:ab:
         69:c9:f1:2f:7d:1e:81:e5:40:e0:86:a8:df:d5:cb:0b:34:54:
         2a:42:8e:55:10:ae:5c:9f:27:10:32:78:e5:0e:65:6e:6b:84:
         d7:ad:65:b3:b1:b4:df:ac:d2:8b:e7:fe:9e:55:1f:79:47:da:
         92:5c:c1:ba:64:aa:a7:68:5b:f5:5c:1c:23:71:b7:a7:be:b7:
         ed:52:4a:91:dd:da:cd:ad:e2:a0:c3:cc:c5:7a:a4:03:b7:1b:
         d4:fc:6c:f4:1b:99:5b:c2:06:b2:91:88:5e:05:7f:e9:df:98:
         2f:a8:e4:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NnxfM8xacx8iBZzh1vRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjYwMTAxMjAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2RlMzc4ZDcxZTUwMmExMjMwYmMxZTE5MDA5YTdkMmZiYjA3MWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydWQV8O9NEZ3DrdSJ9p6H3l73mUX
5Jm/veGrwh4FbMkMu8ln56gNJLdfFm8899oB+j4jVtESEYzHNmy05dzNfe31z+67
94EOemeaNLxoeUkaGhif+FYDuXTUEgjuqug1LaBZngRvBOC/sZ2YZ9mNjXCrYMiF
NY2lXxCPx6n3YUrTEKu89szdgj6MSzmNANPchjg5OX6cQmRIN3zEFido7GAfkQ08
8myFoYsNTgMV8nXr6RdpYVR0a1gMSIoaRa4NzkXc0iBa0vj3KJx+6SGTGjdRQ0Vm
QOI89RrqZdhb+XhGEj69oH8d1Jcj+Hua8sVkgKq7nB+ZyvTNZaph/CHnkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfeN41x5QKhIwvB4ZAJp9L7sHG2MB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvWjk0M2pYSGxBcUVqQzhIaGtBbW4wdnV3Y2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMjMA0G
CSqGSIb3DQEBCwUAA4IBAQBzZOJT0bmVN9t5ZqHUeSgew6GXr2Ex7/8A7y69Ro2s
W7bedPTwGCtR0hYmGn5LyxXQGJCUHvfeli5Ry3qnceKNfbZs9p2rOsYivx3sTP0C
fXiKIiTp5uK5ArK6VRoDAX2p0OxmX6C5GYa603jtFOmbgeP7Xa09N4+x7oqKhJvM
Uyok1xhKh4zycCMHSIUBUatpyfEvfR6B5UDghqjf1csLNFQqQo5VEK5cnycQMnjl
DmVua4TXrWWzsbTfrNKL5/6eVR95R9qSXMG6ZKqnaFv1XBwjcbenvrftUkqR3drN
reKgw8zFeqQDtxvU/Gz0G5lbwgaykYheBX/p35gvqOTD
-----END CERTIFICATE-----