This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/aZEJdlE8rryKdFsxcXIyoyt-SOg.roa
File:                     aZEJdlE8rryKdFsxcXIyoyt-SOg.roa (raw, json)
Hash identifier:          BG6zGbPXxvvnXkdjQ9fWCyghzw5YTxYUyEjcqpnK0GU=
Subject key identifier:   69:91:09:76:51:3C:AE:BC:8A:74:5B:31:71:72:32:A3:2B:7E:48:E8
Certificate issuer:       /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial:       019B7B367CB4EF0C639865D6FEFC92F81CE6
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/aZEJdlE8rryKdFsxcXIyoyt-SOg.roa
Signing time:             Thu 01 Jan 2026 20:18:47 +0000
ROA not before:           Thu 01 Jan 2026 20:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213020
IP address blocks:        62.3.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:7c:b4:ef:0c:63:98:65:d6:fe:fc:92:f8:1c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
        Validity
            Not Before: Jan  1 20:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69910976513caebc8a745b31717232a32b7e48e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:65:2c:1f:67:42:69:71:fd:4f:67:e3:88:43:
                    4e:4d:51:48:fd:40:3e:3b:ab:51:4d:0c:46:75:5e:
                    21:1f:9b:9b:b4:52:58:43:21:2a:d1:74:89:03:b0:
                    5c:b8:14:d4:df:ba:eb:12:bf:38:be:e8:7c:74:fd:
                    88:53:69:72:bc:01:82:ce:75:92:43:d5:a4:b0:33:
                    57:b9:95:21:bf:e9:f9:ef:1c:e0:98:4f:35:be:74:
                    84:28:35:c1:86:b0:3c:e5:18:8f:2c:f5:89:2f:7e:
                    65:e2:ea:92:ca:5b:c6:bc:8f:93:fd:e5:a9:a1:e9:
                    db:5f:98:8d:f7:1a:5f:ad:8c:f5:93:18:ff:0e:36:
                    37:e8:63:25:a5:15:46:4e:7c:5d:53:8f:25:a4:00:
                    81:1c:79:33:60:8b:6c:f6:12:99:d6:6a:fb:dd:3e:
                    61:af:45:1b:e8:8e:b4:c2:a7:8b:db:f7:d9:bc:ab:
                    3e:aa:07:50:45:3b:d2:f7:f3:87:ab:59:d4:1c:ab:
                    50:26:df:ab:4c:40:e8:94:02:9b:f9:28:04:61:0c:
                    07:65:07:25:40:bb:1f:cf:c0:b2:bf:c2:0e:b3:02:
                    16:62:00:bc:9b:6d:19:b2:79:e9:97:57:b1:d7:9f:
                    e1:48:20:9d:4d:c6:83:db:6f:f3:f0:66:ea:c3:0e:
                    85:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:91:09:76:51:3C:AE:BC:8A:74:5B:31:71:72:32:A3:2B:7E:48:E8
            X509v3 Authority Key Identifier:
                keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/aZEJdlE8rryKdFsxcXIyoyt-SOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:ed:ae:89:aa:08:83:b0:38:25:7a:b2:36:a3:02:09:da:50:
         61:1e:1b:36:ef:e1:9a:de:da:ed:3d:1c:d4:db:75:96:0b:1a:
         c2:2a:ac:ab:d2:49:db:03:c6:b6:26:5e:ca:37:32:42:c1:68:
         2d:51:6d:2a:f8:91:c8:ae:f4:54:65:93:6b:f8:7a:c7:e3:6a:
         f0:84:4d:73:69:00:6a:ab:e6:85:a1:8c:3e:de:4d:8a:37:1a:
         d2:60:85:6a:ef:aa:d4:6d:15:85:5e:6d:eb:32:73:07:3f:8f:
         15:1a:f7:15:62:73:96:49:a0:2a:ae:33:76:d4:4e:49:5e:92:
         b5:86:c2:41:01:1d:c3:1a:97:63:77:bf:9a:0d:0d:fd:6d:c0:
         99:58:c6:0d:6b:bf:1e:77:7b:ba:f1:1e:49:4c:ea:4d:0e:c3:
         42:87:a2:25:2e:18:a2:92:78:96:06:3a:20:5c:c3:69:2b:71:
         03:f2:e0:bf:d3:4e:09:7b:ff:0c:ea:e7:11:82:6d:79:c0:bf:
         a8:dd:ed:8e:6d:96:c9:aa:ff:5f:f6:4d:9d:21:af:b8:e4:ae:
         ad:11:32:af:2d:12:c3:2e:97:90:3f:be:80:0a:7c:38:9b:7a:
         46:95:88:63:71:64:5d:b9:c4:bd:af:0f:42:06:93:59:43:5b:
         f6:52:e3:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nny07wxjmGXW/vyS+BzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjYwMTAxMjAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTkxMDk3NjUxM2NhZWJjOGE3NDViMzE3MTcyMzJhMzJiN2U0OGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGUsH2dCaXH9T2fjiENOTVFI/UA+
O6tRTQxGdV4hH5ubtFJYQyEq0XSJA7BcuBTU37rrEr84vuh8dP2IU2lyvAGCznWS
Q9WksDNXuZUhv+n57xzgmE81vnSEKDXBhrA85RiPLPWJL35l4uqSylvGvI+T/eWp
oenbX5iN9xpfrYz1kxj/DjY36GMlpRVGTnxdU48lpACBHHkzYIts9hKZ1mr73T5h
r0Ub6I60wqeL2/fZvKs+qgdQRTvS9/OHq1nUHKtQJt+rTEDolAKb+SgEYQwHZQcl
QLsfz8Cyv8IOswIWYgC8m20Zsnnpl1ex15/hSCCdTcaD22/z8Gbqww6FVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmRCXZRPK68inRbMXFyMqMrfkjoMB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvYVpFSmRsRThycnlLZEZzeGNYSXlveXQtU09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMjMA0G
CSqGSIb3DQEBCwUAA4IBAQDQ7a6JqgiDsDglerI2owIJ2lBhHhs27+Ga3trtPRzU
23WWCxrCKqyr0knbA8a2Jl7KNzJCwWgtUW0q+JHIrvRUZZNr+HrH42rwhE1zaQBq
q+aFoYw+3k2KNxrSYIVq76rUbRWFXm3rMnMHP48VGvcVYnOWSaAqrjN21E5JXpK1
hsJBAR3DGpdjd7+aDQ39bcCZWMYNa78ed3u68R5JTOpNDsNCh6IlLhiikniWBjog
XMNpK3ED8uC/004Je/8M6ucRgm15wL+o3e2ObZbJqv9f9k2dIa+45K6tETKvLRLD
LpeQP76ACnw4m3pGlYhjcWRducS9rw9CBpNZQ1v2UuNT
-----END CERTIFICATE-----