This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/AFp3F2X8yQTaBQfkM_zsF9UYmww.roa
File:                     AFp3F2X8yQTaBQfkM_zsF9UYmww.roa (raw, json)
Hash identifier:          7p1zPt6PNmGU8W+3TijuQxRqjYyJqKF96JpQUyZBeZY=
Subject key identifier:   00:5A:77:17:65:FC:C9:04:DA:05:07:E4:33:FC:EC:17:D5:18:9B:0C
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       019BA4421A9A3446D4A1D75F39DC156A7BC3
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/AFp3F2X8yQTaBQfkM_zsF9UYmww.roa
Signing time:             Fri 09 Jan 2026 19:35:54 +0000
ROA not before:           Fri 09 Jan 2026 19:35:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7843
IP address blocks:        212.124.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a4:42:1a:9a:34:46:d4:a1:d7:5f:39:dc:15:6a:7b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Jan  9 19:35:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=005a771765fcc904da0507e433fcec17d5189b0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a9:38:4d:d9:cd:f5:3f:64:75:58:c2:5b:b3:
                    e2:18:21:83:98:09:cd:45:cc:7f:35:3c:05:b9:0b:
                    6d:f6:6c:98:2e:32:5a:41:9e:8c:c8:49:7c:84:35:
                    42:8c:90:67:dc:01:c2:c9:9c:60:be:e2:44:53:14:
                    23:6f:15:75:bd:c5:db:00:67:44:34:22:3a:80:18:
                    ae:64:09:03:7e:38:7d:2d:6e:5f:c3:5f:6e:93:ea:
                    53:6c:a2:82:0b:6f:52:32:8c:02:48:2e:3a:b3:38:
                    cf:07:8e:89:a4:d8:f1:6c:e0:7f:54:26:65:18:6a:
                    1c:0d:2f:1d:15:05:15:43:20:d1:8d:1d:ea:44:ce:
                    fc:38:58:57:a2:ae:02:7a:6f:b0:46:12:d1:84:ee:
                    df:e6:6a:e5:41:ca:6f:1a:74:bb:01:7f:5c:78:df:
                    9c:dc:68:d6:30:46:31:38:2d:ed:7f:1b:26:8c:0c:
                    56:0d:f2:e7:5c:e0:b2:b0:dc:2e:7c:2b:27:d7:78:
                    55:46:81:ea:4f:93:42:ce:58:16:ba:e4:2e:d5:27:
                    7a:43:c7:d0:36:4d:6c:56:0f:1a:3f:91:13:3e:d1:
                    e5:0b:9b:e4:e0:6e:a1:0f:99:85:7f:42:bd:e5:8b:
                    c4:8e:e6:23:09:76:05:76:fb:20:dd:60:c8:4a:7b:
                    db:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:5A:77:17:65:FC:C9:04:DA:05:07:E4:33:FC:EC:17:D5:18:9B:0C
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/AFp3F2X8yQTaBQfkM_zsF9UYmww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:11:a2:63:9d:22:6d:46:76:2c:73:34:f6:2a:0a:c5:99:49:
         b1:91:9b:b6:b8:9a:75:7c:ab:b4:9a:62:53:8e:3c:41:fb:cc:
         ae:a2:b5:56:8c:c6:94:84:41:84:29:27:c4:84:8b:64:41:59:
         03:10:4b:f3:43:02:03:1e:31:c3:f4:c0:ea:bc:f5:3f:fb:da:
         fd:c9:79:98:01:f0:5b:ae:4c:dc:25:ea:1a:3e:89:6c:83:05:
         9b:37:76:fd:5f:8a:05:de:29:b8:00:64:c4:7d:c3:ce:6e:27:
         c4:ee:91:fc:93:e7:7c:78:14:4a:71:15:28:ac:e8:d6:4c:49:
         da:ba:16:e0:6d:73:4b:a4:8c:41:c4:ce:be:8d:3a:ca:99:c2:
         82:d4:32:cb:6e:b0:91:de:d1:77:b5:51:25:e6:ae:8d:f1:d0:
         03:64:c6:5d:aa:cb:fa:0b:90:2d:75:4f:1b:32:6b:92:db:a1:
         16:f1:dc:70:54:99:c2:2c:67:bb:91:bd:bf:58:41:6b:5f:d0:
         bb:65:82:43:55:a1:46:81:8e:6e:71:b1:93:c7:60:6f:f6:12:
         ee:7e:ff:56:c5:0c:85:a0:af:78:52:9e:34:6b:d7:79:27:04:
         e2:56:98:c6:c5:05:fc:d9:ec:d4:cf:18:fa:4c:fd:2f:e3:07:
         ed:49:5f:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZukQhqaNEbUoddfOdwVanvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjYwMTA5MTkzNTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDVhNzcxNzY1ZmNjOTA0ZGEwNTA3ZTQzM2ZjZWMxN2Q1MTg5YjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKk4TdnN9T9kdVjCW7PiGCGDmAnN
Rcx/NTwFuQtt9myYLjJaQZ6MyEl8hDVCjJBn3AHCyZxgvuJEUxQjbxV1vcXbAGdE
NCI6gBiuZAkDfjh9LW5fw19uk+pTbKKCC29SMowCSC46szjPB46JpNjxbOB/VCZl
GGocDS8dFQUVQyDRjR3qRM78OFhXoq4Cem+wRhLRhO7f5mrlQcpvGnS7AX9ceN+c
3GjWMEYxOC3tfxsmjAxWDfLnXOCysNwufCsn13hVRoHqT5NCzlgWuuQu1Sd6Q8fQ
Nk1sVg8aP5ETPtHlC5vk4G6hD5mFf0K95YvEjuYjCXYFdvsg3WDISnvb+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABadxdl/MkE2gUH5DP87BfVGJsMMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvQUZwM0YyWDh5UVRhQlFma01fenNGOVVZbXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HxMMA0G
CSqGSIb3DQEBCwUAA4IBAQBxEaJjnSJtRnYsczT2KgrFmUmxkZu2uJp1fKu0mmJT
jjxB+8yuorVWjMaUhEGEKSfEhItkQVkDEEvzQwIDHjHD9MDqvPU/+9r9yXmYAfBb
rkzcJeoaPolsgwWbN3b9X4oF3im4AGTEfcPObifE7pH8k+d8eBRKcRUorOjWTEna
uhbgbXNLpIxBxM6+jTrKmcKC1DLLbrCR3tF3tVEl5q6N8dADZMZdqsv6C5AtdU8b
MmuS26EW8dxwVJnCLGe7kb2/WEFrX9C7ZYJDVaFGgY5ucbGTx2Bv9hLufv9WxQyF
oK94Up40a9d5JwTiVpjGxQX82ezUzxj6TP0v4wftSV/7
-----END CERTIFICATE-----