This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/EHQpUpEMo4S4SvN6ygFHQVkQJ6A.roa
File:                     EHQpUpEMo4S4SvN6ygFHQVkQJ6A.roa (raw, json)
Hash identifier:          aL98OrOlu07CFPxf6rwXnJMO4vbO/beSHKJmE+F/5nQ=
Subject key identifier:   10:74:29:52:91:0C:A3:84:B8:4A:F3:7A:CA:01:47:41:59:10:27:A0
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       019B78A311B33A6E73368B1972597BBC72F6
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/EHQpUpEMo4S4SvN6ygFHQVkQJ6A.roa
Signing time:             Thu 01 Jan 2026 08:18:31 +0000
ROA not before:           Thu 01 Jan 2026 08:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6762
IP address blocks:        212.124.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 15:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:11:b3:3a:6e:73:36:8b:19:72:59:7b:bc:72:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Jan  1 08:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10742952910ca384b84af37aca014741591027a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d0:ff:ff:6c:9a:ab:5e:1c:0f:37:2f:fd:34:
                    c5:5a:39:58:81:99:c6:da:00:4c:f3:c3:b7:50:7c:
                    19:f5:a4:10:2b:e2:ef:3c:d0:b1:c6:96:2f:48:6a:
                    29:e7:e0:30:8f:12:cf:cc:e2:d5:68:d5:1c:a4:3d:
                    8b:dd:b7:75:61:0e:b5:a6:eb:3d:a6:54:f0:82:f6:
                    6c:d1:55:f1:6f:89:fb:db:2f:9d:56:ca:0b:8d:71:
                    95:83:3c:f9:f3:7e:71:9e:49:0b:8c:31:68:7a:aa:
                    8f:84:a2:7f:10:a7:09:51:7d:4e:06:a6:8f:d6:72:
                    a5:ad:39:fa:84:44:b5:89:e0:81:87:ff:01:ea:56:
                    46:53:4c:98:9b:5c:2e:9d:7c:95:9c:f6:67:4e:fb:
                    0d:85:a1:11:50:64:92:7e:f6:34:e7:ac:6e:08:eb:
                    e7:ab:bc:66:7f:1d:bc:32:f3:6d:5a:11:5f:65:31:
                    db:21:52:57:1d:1c:9c:76:2e:d8:9e:34:94:19:e7:
                    9c:a2:99:a6:f1:13:fc:46:f5:b8:08:bc:b6:6c:f6:
                    69:76:c8:14:b0:75:21:f7:1f:2e:54:b9:1d:ec:df:
                    e3:ec:73:2c:37:97:d2:7a:d2:56:eb:c7:9b:eb:d7:
                    92:19:63:2f:1b:c7:f6:b6:ca:0b:44:25:56:79:34:
                    94:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:74:29:52:91:0C:A3:84:B8:4A:F3:7A:CA:01:47:41:59:10:27:A0
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/EHQpUpEMo4S4SvN6ygFHQVkQJ6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:4a:5a:48:23:9f:41:ca:49:a9:ac:cb:df:2d:6c:db:db:c7:
         d2:b6:83:be:d8:5b:af:1c:f8:58:d5:79:77:a6:f2:b8:3e:70:
         05:9f:37:3d:40:04:ed:2f:40:27:2f:13:87:ca:b6:02:7e:e2:
         60:5c:6a:c6:1a:4e:54:fe:38:d2:7c:c0:ff:f2:36:01:40:b0:
         67:f7:22:1a:e0:5d:07:60:bf:3a:70:74:00:c3:b0:3a:f9:8d:
         24:f5:c3:b1:19:04:c2:c6:bd:c8:d4:b6:08:45:16:12:02:e0:
         65:1d:93:64:c2:2e:ef:50:4e:36:ce:d0:a0:4c:fe:44:65:1e:
         9b:9a:9f:c5:74:1c:65:1a:76:0b:bc:39:64:38:6e:ff:c9:ed:
         bb:21:f7:7e:43:25:65:00:03:22:d6:5e:ed:5a:23:37:83:7d:
         76:43:8b:85:11:df:85:c4:a3:c6:bd:55:d1:b2:33:66:88:b2:
         ac:5f:1e:4f:a0:4f:f1:7e:e7:86:ad:09:1b:c7:47:2b:ab:96:
         a8:c9:32:07:57:9c:51:c9:aa:1c:75:c2:77:f8:10:e1:48:a9:
         65:ee:a4:c5:4c:32:2e:bd:ce:b2:a2:4d:02:8b:bd:95:89:cb:
         6a:30:a7:5a:8e:3f:ca:fe:a7:90:b2:25:a2:a4:a5:1c:a7:1c:
         b1:cf:ff:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oxGzOm5zNosZcll7vHL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjYwMTAxMDgxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDc0Mjk1MjkxMGNhMzg0Yjg0YWYzN2FjYTAxNDc0MTU5MTAyN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsND//2yaq14cDzcv/TTFWjlYgZnG
2gBM88O3UHwZ9aQQK+LvPNCxxpYvSGop5+AwjxLPzOLVaNUcpD2L3bd1YQ61pus9
plTwgvZs0VXxb4n72y+dVsoLjXGVgzz5835xnkkLjDFoeqqPhKJ/EKcJUX1OBqaP
1nKlrTn6hES1ieCBh/8B6lZGU0yYm1wunXyVnPZnTvsNhaERUGSSfvY056xuCOvn
q7xmfx28MvNtWhFfZTHbIVJXHRycdi7YnjSUGeecopmm8RP8RvW4CLy2bPZpdsgU
sHUh9x8uVLkd7N/j7HMsN5fSetJW68eb69eSGWMvG8f2tsoLRCVWeTSUNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBB0KVKRDKOEuErzesoBR0FZECegMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvRUhRcFVwRU1vNFM0U3ZONnlnRkhRVmtRSjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HxYMA0G
CSqGSIb3DQEBCwUAA4IBAQBDSlpII59BykmprMvfLWzb28fStoO+2FuvHPhY1Xl3
pvK4PnAFnzc9QATtL0AnLxOHyrYCfuJgXGrGGk5U/jjSfMD/8jYBQLBn9yIa4F0H
YL86cHQAw7A6+Y0k9cOxGQTCxr3I1LYIRRYSAuBlHZNkwi7vUE42ztCgTP5EZR6b
mp/FdBxlGnYLvDlkOG7/ye27Ifd+QyVlAAMi1l7tWiM3g312Q4uFEd+FxKPGvVXR
sjNmiLKsXx5PoE/xfueGrQkbx0crq5aoyTIHV5xRyaocdcJ3+BDhSKll7qTFTDIu
vc6yok0Ci72VictqMKdajj/K/qeQsiWipKUcpxyxz//k
-----END CERTIFICATE-----