This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/ER7043w15E5TfxjID-TYUpdQDx0.roa
File:                     ER7043w15E5TfxjID-TYUpdQDx0.roa (raw, json)
Hash identifier:          QCEnuybWNl7OwdBInx1m2/kcO9FbiGhdTyF0PQgFlqg=
Subject key identifier:   11:1E:F4:E3:7C:35:E4:4E:53:7F:18:C8:0F:E4:D8:52:97:50:0F:1D
Certificate issuer:       /CN=3a77508994ca4d2cc189d35f3382a2a8ab57b84b
Certificate serial:       019B7F829DC5EF4EC5B667F9514517638948
Authority key identifier: 3A:77:50:89:94:CA:4D:2C:C1:89:D3:5F:33:82:A2:A8:AB:57:B8:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OndQiZTKTSzBidNfM4KiqKtXuEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/ER7043w15E5TfxjID-TYUpdQDx0.roa
Signing time:             Fri 02 Jan 2026 16:20:25 +0000
ROA not before:           Fri 02 Jan 2026 16:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48650
IP address blocks:        195.8.40.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OndQiZTKTSzBidNfM4KiqKtXuEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OndQiZTKTSzBidNfM4KiqKtXuEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OndQiZTKTSzBidNfM4KiqKtXuEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:9d:c5:ef:4e:c5:b6:67:f9:51:45:17:63:89:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a77508994ca4d2cc189d35f3382a2a8ab57b84b
        Validity
            Not Before: Jan  2 16:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=111ef4e37c35e44e537f18c80fe4d85297500f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c8:59:77:31:cf:4d:76:23:b0:ec:76:5a:3e:
                    04:9d:1d:49:08:49:6a:1a:85:6d:39:ac:54:cb:5d:
                    40:03:c7:1c:20:ad:bb:2d:c2:94:7e:fb:b2:40:53:
                    f4:bf:b3:3e:40:ec:ce:fb:45:59:84:1a:2b:39:5e:
                    97:9b:f5:ee:fa:39:04:73:ca:15:99:24:ee:37:f0:
                    f9:a4:3a:b1:4c:10:3d:62:b9:03:2c:16:98:b3:1e:
                    6f:92:c6:b7:b9:bd:6c:b1:3e:9c:ca:d4:81:6b:43:
                    0b:bd:77:ef:72:6d:8b:3d:d9:7e:4c:48:b2:48:93:
                    67:6b:65:a1:b7:0f:c0:82:f6:80:aa:22:e9:08:06:
                    dd:eb:f4:56:fc:50:c7:c5:f7:89:a0:d1:5f:29:0f:
                    e8:23:09:8d:27:6b:34:44:d2:db:78:40:23:02:47:
                    3b:e3:da:54:d3:32:0c:9b:7f:e5:f5:0b:6a:b1:d1:
                    14:d4:4b:8a:b8:b6:35:9b:6e:38:14:d3:46:0a:ff:
                    47:67:2c:36:d3:13:3d:cb:0b:f0:91:e1:fe:7b:4a:
                    ff:a3:01:4f:d4:9a:c9:1b:80:24:bf:9c:7c:42:8c:
                    eb:22:96:16:3c:84:a9:42:ad:5f:82:08:d6:cb:e0:
                    a5:af:e3:70:41:57:85:02:a6:30:4e:ab:51:48:08:
                    5d:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:1E:F4:E3:7C:35:E4:4E:53:7F:18:C8:0F:E4:D8:52:97:50:0F:1D
            X509v3 Authority Key Identifier:
                keyid:3A:77:50:89:94:CA:4D:2C:C1:89:D3:5F:33:82:A2:A8:AB:57:B8:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OndQiZTKTSzBidNfM4KiqKtXuEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/ER7043w15E5TfxjID-TYUpdQDx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OndQiZTKTSzBidNfM4KiqKtXuEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:92:c6:d0:ef:17:c7:a9:de:ed:43:36:cf:ee:db:9b:7c:98:
         c1:85:50:4f:0f:86:84:8a:6f:23:20:19:bf:d5:f4:86:24:fd:
         46:63:f7:d3:a5:d2:df:16:04:79:d1:4e:59:50:06:76:8e:bb:
         c1:93:76:44:d9:73:7e:d5:58:26:1b:74:f4:42:00:b0:ac:e9:
         34:6e:51:14:b8:2a:54:b8:0f:49:c2:cf:d6:06:01:67:d8:f6:
         f2:74:0e:29:2f:72:7c:93:57:46:32:1b:81:36:a0:13:c9:86:
         8a:cd:7d:9b:70:e0:00:aa:34:bb:2e:a9:69:c6:e0:1b:4f:86:
         f7:b7:9d:75:7d:54:8b:ad:08:89:c5:34:80:0e:d5:04:9b:7d:
         f9:93:20:33:0a:f9:72:bc:d2:b4:f7:11:53:eb:92:96:5f:32:
         bc:b8:89:ec:5f:04:d7:da:93:21:71:9a:13:59:e9:c2:59:c2:
         a0:41:48:54:40:8b:ab:87:52:60:f2:3e:87:3e:1c:da:6a:27:
         09:6d:a9:d5:15:0c:7a:20:aa:d4:a3:b4:34:4e:f1:d4:a2:99:
         6d:18:96:44:ca:46:e5:df:f3:ca:72:d2:9b:e2:83:e5:2f:6e:
         5e:e3:dd:77:f0:eb:e9:f5:aa:f0:5a:01:be:98:1c:1e:66:9b:
         14:12:f6:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gp3F707Ftmf5UUUXY4lIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNzc1MDg5OTRjYTRkMmNjMTg5ZDM1ZjMzODJhMmE4YWI1
N2I4NGIwHhcNMjYwMTAyMTYyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTFlZjRlMzdjMzVlNDRlNTM3ZjE4YzgwZmU0ZDg1Mjk3NTAwZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAychZdzHPTXYjsOx2Wj4EnR1JCElq
GoVtOaxUy11AA8ccIK27LcKUfvuyQFP0v7M+QOzO+0VZhBorOV6Xm/Xu+jkEc8oV
mSTuN/D5pDqxTBA9YrkDLBaYsx5vksa3ub1ssT6cytSBa0MLvXfvcm2LPdl+TEiy
SJNna2Whtw/AgvaAqiLpCAbd6/RW/FDHxfeJoNFfKQ/oIwmNJ2s0RNLbeEAjAkc7
49pU0zIMm3/l9QtqsdEU1EuKuLY1m244FNNGCv9HZyw20xM9ywvwkeH+e0r/owFP
1JrJG4Akv5x8QozrIpYWPISpQq1fggjWy+Clr+NwQVeFAqYwTqtRSAhdHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEe9ON8NeROU38YyA/k2FKXUA8dMB8GA1UdIwQY
MBaAFDp3UImUyk0swYnTXzOCoqirV7hLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25kUWlaVEtUU3pCaWROZk00S2lxS3RYdUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8zYjRkOGUtMDZlOC00ZWEyLTkyN2It
YTc5NjMwYjA2ZDkzLzEvRVI3MDQzdzE1RTVUZnhqSUQtVFlVcGRRRHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8zYjRkOGUtMDZlOC00ZWEyLTkyN2ItYTc5NjMwYjA2ZDkz
LzEvT25kUWlaVEtUU3pCaWROZk00S2lxS3RYdUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwwgoMA0G
CSqGSIb3DQEBCwUAA4IBAQAbksbQ7xfHqd7tQzbP7tubfJjBhVBPD4aEim8jIBm/
1fSGJP1GY/fTpdLfFgR50U5ZUAZ2jrvBk3ZE2XN+1VgmG3T0QgCwrOk0blEUuCpU
uA9Jws/WBgFn2PbydA4pL3J8k1dGMhuBNqATyYaKzX2bcOAAqjS7LqlpxuAbT4b3
t511fVSLrQiJxTSADtUEm335kyAzCvlyvNK09xFT65KWXzK8uInsXwTX2pMhcZoT
WenCWcKgQUhUQIurh1Jg8j6HPhzaaicJbanVFQx6IKrUo7Q0TvHUopltGJZEykbl
3/PKctKb4oPlL25e49138Ovp9arwWgG+mBweZpsUEvYz
-----END CERTIFICATE-----