This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/3GG8eWEP0AsTR5hlJBndfjSVqXE.roa
File:                     3GG8eWEP0AsTR5hlJBndfjSVqXE.roa (raw, json)
Hash identifier:          OqQ6t5k1StJuUPb2wymY353zmLAJ5m9iQ1cfSGHhatc=
Subject key identifier:   DC:61:BC:79:61:0F:D0:0B:13:47:98:65:24:19:DD:7E:34:95:A9:71
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       019B78A2A21A506792EC5E3C85FB7BE83C51
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/3GG8eWEP0AsTR5hlJBndfjSVqXE.roa
Signing time:             Thu 01 Jan 2026 08:18:02 +0000
ROA not before:           Thu 01 Jan 2026 08:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        80.128.0.0/11 maxlen: 11
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:a2:1a:50:67:92:ec:5e:3c:85:fb:7b:e8:3c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  1 08:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc61bc79610fd00b134798652419dd7e3495a971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d5:a0:00:1f:f9:98:32:e4:8a:fa:0c:d9:60:
                    17:e2:d5:af:a5:1d:48:ba:e0:4e:fd:c4:90:ae:55:
                    90:d2:96:d1:5f:79:b6:27:30:50:14:f3:da:42:10:
                    29:7b:69:c5:3d:2d:7b:5c:d7:e3:2e:ae:3f:3f:a3:
                    d8:c8:5e:8f:14:7e:58:f2:19:a8:8d:6d:73:15:40:
                    ad:37:ae:82:7a:ed:d9:39:46:25:e0:81:9c:cd:7d:
                    ef:6a:fe:aa:a1:71:e6:28:34:ad:27:74:59:f8:f4:
                    62:eb:a1:d9:0f:14:8b:ac:82:57:22:80:d9:43:06:
                    28:5f:b2:f9:bd:28:44:2c:5b:04:b9:62:94:12:5b:
                    31:d4:34:66:09:4b:11:1f:7a:63:0c:e8:7a:71:a3:
                    b9:2e:5e:f9:c1:90:02:07:d0:16:bb:72:19:36:bc:
                    d8:ac:b0:88:2e:b5:64:f7:eb:d9:3f:1d:00:9d:0a:
                    d7:4e:31:e3:f6:96:02:2c:a9:dd:ed:34:87:cc:ab:
                    f2:14:e7:e0:1a:48:4e:b3:11:aa:28:9e:94:e0:50:
                    f4:79:fc:09:36:2c:35:3d:5c:21:02:f9:2c:77:57:
                    01:76:86:d3:4e:7d:6a:63:c5:1b:9b:7a:59:1d:1e:
                    c6:92:b4:d2:b3:72:87:ee:7d:c9:a4:53:8f:bc:15:
                    c7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:61:BC:79:61:0F:D0:0B:13:47:98:65:24:19:DD:7E:34:95:A9:71
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/3GG8eWEP0AsTR5hlJBndfjSVqXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.128.0.0/11

    Signature Algorithm: sha256WithRSAEncryption
         4c:57:2a:6d:fd:f1:0a:9a:38:2e:c7:df:9b:7f:c3:80:1c:ed:
         7d:e6:e8:1d:8f:21:e4:68:b5:3e:65:86:23:6a:49:c9:6e:b1:
         a7:b2:4e:e7:e3:c3:88:4b:09:2b:32:be:b2:b1:88:85:87:c3:
         4a:94:1e:9c:6d:be:ce:45:c5:1b:b0:b2:9e:a1:57:83:f0:e9:
         d2:d8:fe:34:63:ba:3b:a9:60:72:db:3e:5c:40:22:e3:b7:67:
         d3:00:a3:a8:ed:b7:58:dc:8e:7b:01:b3:83:f6:47:82:3b:d8:
         06:82:93:10:1b:94:7e:9f:5f:09:b5:7a:93:20:cb:b8:8a:f6:
         cc:a2:44:e1:9e:f4:20:be:86:a9:9f:97:df:2c:3d:aa:d6:cb:
         63:c7:6d:83:00:fc:f6:fc:e6:e3:78:c6:82:aa:92:f9:92:05:
         d4:06:d3:75:84:9b:21:e5:a7:d4:d7:88:e3:6f:a7:ae:58:d4:
         a4:03:58:31:2d:d6:b2:08:ec:63:80:21:97:c9:57:81:7e:4d:
         6b:b7:1e:57:06:21:8f:1b:99:60:eb:70:cf:60:61:16:5c:44:
         6b:48:9c:1a:db:a3:c8:b0:01:26:43:ba:1b:9a:f2:99:9f:8a:
         72:9f:1e:1c:9e:aa:62:7a:90:1c:18:99:42:89:a6:16:2f:5a:
         eb:2a:26:d0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4oqIaUGeS7F48hft76DxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjYwMTAxMDgxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzYxYmM3OTYxMGZkMDBiMTM0Nzk4NjUyNDE5ZGQ3ZTM0OTVhOTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49WgAB/5mDLkivoM2WAX4tWvpR1I
uuBO/cSQrlWQ0pbRX3m2JzBQFPPaQhApe2nFPS17XNfjLq4/P6PYyF6PFH5Y8hmo
jW1zFUCtN66Ceu3ZOUYl4IGczX3vav6qoXHmKDStJ3RZ+PRi66HZDxSLrIJXIoDZ
QwYoX7L5vShELFsEuWKUElsx1DRmCUsRH3pjDOh6caO5Ll75wZACB9AWu3IZNrzY
rLCILrVk9+vZPx0AnQrXTjHj9pYCLKnd7TSHzKvyFOfgGkhOsxGqKJ6U4FD0efwJ
Niw1PVwhAvksd1cBdobTTn1qY8Ubm3pZHR7GkrTSs3KH7n3JpFOPvBXHxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNxhvHlhD9ALE0eYZSQZ3X40lalxMB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xLzNHRzhlV0VQMEFzVFI1aGxKQm5kZmpTVnFYRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUDAwVQgDAN
BgkqhkiG9w0BAQsFAAOCAQEATFcqbf3xCpo4Lsffm3/DgBztfeboHY8h5Gi1PmWG
I2pJyW6xp7JO5+PDiEsJKzK+srGIhYfDSpQenG2+zkXFG7CynqFXg/Dp0tj+NGO6
O6lgcts+XEAi47dn0wCjqO23WNyOewGzg/ZHgjvYBoKTEBuUfp9fCbV6kyDLuIr2
zKJE4Z70IL6GqZ+X3yw9qtbLY8dtgwD89vzm43jGgqqS+ZIF1AbTdYSbIeWn1NeI
42+nrljUpANYMS3WsgjsY4Ahl8lXgX5Na7ceVwYhjxuZYOtwz2BhFlxEa0icGtuj
yLABJkO6G5rymZ+Kcp8eHJ6qYnqQHBiZQommFi9a6yom0A==
-----END CERTIFICATE-----