This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/nP3EGicDZfiR5ZgckruxBJyoECY.roa
File:                     nP3EGicDZfiR5ZgckruxBJyoECY.roa (raw, json)
Hash identifier:          BB5Uj3DY8cxr4Rb47wF34MrssQh6rDw+XyqbJxAmiXs=
Subject key identifier:   9C:FD:C4:1A:27:03:65:F8:91:E5:98:1C:92:BB:B1:04:9C:A8:10:26
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       019B76EAF566D8B92809D8012C0F84DBCC2C
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/nP3EGicDZfiR5ZgckruxBJyoECY.roa
Signing time:             Thu 01 Jan 2026 00:17:48 +0000
ROA not before:           Thu 01 Jan 2026 00:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16418
IP address blocks:        185.8.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f5:66:d8:b9:28:09:d8:01:2c:0f:84:db:cc:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Jan  1 00:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9cfdc41a270365f891e5981c92bbb1049ca81026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:92:69:83:b4:8c:ea:33:0c:8e:ae:90:28:ee:
                    d7:9d:04:a3:87:cd:a5:ca:7a:62:d8:95:4e:9b:14:
                    84:8f:66:9e:b2:ba:96:43:c9:f1:d9:ed:97:f6:d8:
                    f5:85:95:58:96:2e:d1:3a:3d:b7:3c:e6:65:1f:5a:
                    86:0d:c1:87:8f:2b:fd:52:6d:bb:1c:cc:fa:a5:f6:
                    39:26:e4:ce:02:99:4a:46:94:d0:ca:f6:88:4b:51:
                    62:8a:22:7f:ab:14:9d:8d:f4:c9:06:db:30:d1:a2:
                    09:63:82:58:17:98:56:14:74:ad:ea:07:8e:79:cd:
                    45:48:e9:51:c9:18:15:52:5e:92:e2:73:7d:c2:ce:
                    51:09:16:a5:7b:ee:ca:82:a3:46:c1:27:65:b3:c7:
                    04:91:f4:6f:18:4d:bf:cf:bd:2f:1f:a6:69:e7:3a:
                    78:f3:a6:ad:d6:9e:40:b1:c1:cf:31:ea:d7:20:c9:
                    31:70:98:d9:ea:89:29:00:4d:e8:7c:53:6d:ed:e2:
                    59:ba:64:8f:17:ea:25:08:21:c9:1b:0e:ac:c4:1d:
                    39:f0:07:fd:88:04:9f:ff:34:72:c2:0a:6d:28:ab:
                    16:4e:7e:50:12:ab:ef:27:ee:48:fa:29:e4:76:73:
                    7d:72:1c:b8:52:f7:aa:eb:bd:07:4a:64:05:0b:9b:
                    8f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:FD:C4:1A:27:03:65:F8:91:E5:98:1C:92:BB:B1:04:9C:A8:10:26
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/nP3EGicDZfiR5ZgckruxBJyoECY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:52:4b:3b:33:b0:70:8a:c3:ba:d5:db:ad:af:69:1d:1a:4d:
         d0:bd:51:4d:b7:c7:15:bf:48:95:b5:8e:6f:15:46:c7:30:4b:
         d9:df:80:3b:11:e0:8c:7d:1e:79:33:8b:00:01:0c:af:2a:69:
         34:77:f4:51:ef:7d:93:a7:bb:81:4f:11:74:8a:e9:2f:79:43:
         59:9b:f1:d4:af:76:99:85:05:fe:45:b4:89:3c:bd:3f:32:ba:
         7a:b6:e1:2c:fa:86:18:b2:de:93:7c:af:ff:ac:cc:21:4f:df:
         11:24:30:75:cc:48:df:d9:f7:51:52:24:44:f5:0c:b8:15:8b:
         c9:8e:9d:ae:58:3c:f5:42:95:99:52:56:1a:de:f4:26:e8:0e:
         ae:81:43:1a:49:a1:e3:f4:c8:01:8d:3f:79:e3:c3:70:3d:e6:
         ee:dd:31:3e:3b:75:cc:19:93:10:25:63:f2:e3:2e:20:bd:5e:
         55:64:a6:b1:13:92:1f:a6:26:fc:71:2e:00:48:a3:27:8b:e6:
         2d:3c:d6:45:cf:5f:76:f0:23:9b:cf:b6:7f:e4:a3:c9:72:97:
         0f:52:98:5d:64:50:48:e8:9a:ae:48:bb:96:4b:33:3e:69:67:
         71:73:f7:56:4b:51:d2:cf:0a:3f:e2:a0:be:1e:5a:c4:77:07:
         13:ac:f2:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vVm2LkoCdgBLA+E28wsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjYwMTAxMDAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ZkYzQxYTI3MDM2NWY4OTFlNTk4MWM5MmJiYjEwNDljYTgxMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZJpg7SM6jMMjq6QKO7XnQSjh82l
ynpi2JVOmxSEj2aesrqWQ8nx2e2X9tj1hZVYli7ROj23POZlH1qGDcGHjyv9Um27
HMz6pfY5JuTOAplKRpTQyvaIS1FiiiJ/qxSdjfTJBtsw0aIJY4JYF5hWFHSt6geO
ec1FSOlRyRgVUl6S4nN9ws5RCRale+7KgqNGwSdls8cEkfRvGE2/z70vH6Zp5zp4
86at1p5AscHPMerXIMkxcJjZ6okpAE3ofFNt7eJZumSPF+olCCHJGw6sxB058Af9
iASf/zRywgptKKsWTn5QEqvvJ+5I+inkdnN9chy4Uveq670HSmQFC5uPfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJz9xBonA2X4keWYHJK7sQScqBAmMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvblAzRUdpY0RaZmlSNVpnY2tydXhCSnlvRUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQiGMA0G
CSqGSIb3DQEBCwUAA4IBAQClUks7M7BwisO61dutr2kdGk3QvVFNt8cVv0iVtY5v
FUbHMEvZ34A7EeCMfR55M4sAAQyvKmk0d/RR732Tp7uBTxF0iukveUNZm/HUr3aZ
hQX+RbSJPL0/Mrp6tuEs+oYYst6TfK//rMwhT98RJDB1zEjf2fdRUiRE9Qy4FYvJ
jp2uWDz1QpWZUlYa3vQm6A6ugUMaSaHj9MgBjT9548NwPebu3TE+O3XMGZMQJWPy
4y4gvV5VZKaxE5Ifpib8cS4ASKMni+YtPNZFz1928CObz7Z/5KPJcpcPUphdZFBI
6JquSLuWSzM+aWdxc/dWS1HSzwo/4qC+HlrEdwcTrPJ4
-----END CERTIFICATE-----