This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/3lVoSteGkpKcde56m2WcsA8N-s0.roa
File:                     3lVoSteGkpKcde56m2WcsA8N-s0.roa (raw, json)
Hash identifier:          1XrtONYMpJVe4WnBQhEVaGnetVY+4paKXOigWmRK674=
Subject key identifier:   DE:55:68:4A:D7:86:92:92:9C:75:EE:7A:9B:65:9C:B0:0F:0D:FA:CD
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       019B9790AB3765029B79D231A806CABE2246
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/3lVoSteGkpKcde56m2WcsA8N-s0.roa
Signing time:             Wed 07 Jan 2026 08:26:39 +0000
ROA not before:           Wed 07 Jan 2026 08:26:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51402
IP address blocks:        153.97.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:97:90:ab:37:65:02:9b:79:d2:31:a8:06:ca:be:22:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  7 08:26:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de55684ad78692929c75ee7a9b659cb00f0dfacd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c3:11:2d:b7:7e:fd:d7:ee:07:6e:aa:88:50:
                    e9:ad:73:a9:c3:b7:34:4d:52:4c:b6:e7:2b:c5:1e:
                    13:bd:57:e4:96:e9:db:ad:11:64:6d:f7:5c:07:c5:
                    d6:d7:6e:97:57:af:85:ff:b3:c8:b2:5d:f6:7d:ab:
                    cb:b3:63:5a:13:e0:0e:db:e2:27:67:08:35:a2:92:
                    30:24:59:83:1c:23:36:e0:d8:ce:3a:0b:3a:b3:f5:
                    97:1f:e4:bf:64:b0:55:d7:5e:cb:79:8b:ca:68:3b:
                    31:64:bd:f2:04:3b:cd:ea:b0:e0:39:fa:57:33:eb:
                    9d:b3:d4:e9:2e:43:f3:cf:78:11:6c:61:ce:12:64:
                    0a:05:dd:8f:3f:58:77:3a:36:c5:cd:05:e6:31:eb:
                    65:fc:06:24:f0:07:7a:1a:9a:7e:10:e4:2d:93:49:
                    d6:8d:59:62:03:b4:de:fb:2d:20:93:5e:88:2d:80:
                    21:05:d8:22:fa:ff:3f:53:6e:86:04:b4:e7:d2:99:
                    51:fb:9a:3b:00:8d:f9:0b:0c:36:05:54:90:96:a9:
                    5d:61:26:41:c7:19:5d:60:a6:3b:1d:e0:aa:f2:d0:
                    8f:53:56:32:61:c0:0c:6c:b0:14:87:71:81:3d:72:
                    50:47:9a:52:28:12:88:de:00:9e:87:28:c1:68:3e:
                    17:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:55:68:4A:D7:86:92:92:9C:75:EE:7A:9B:65:9C:B0:0F:0D:FA:CD
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/3lVoSteGkpKcde56m2WcsA8N-s0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.97.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:00:e5:2c:e7:d0:99:f2:a2:12:e0:7b:47:64:bc:2d:30:54:
         dc:ec:07:a4:66:2a:08:81:69:da:91:d8:61:0a:c2:40:0f:73:
         df:bf:d1:63:63:92:0f:cd:61:36:14:c0:7a:3d:3d:fe:8a:20:
         df:0b:81:16:51:0d:23:24:8d:27:42:0f:5a:f6:76:f7:4e:d2:
         84:df:a4:c2:1a:f5:10:d5:9e:a6:27:f9:c1:ac:98:4c:4b:7d:
         98:ba:04:89:13:6d:93:24:4c:28:29:50:21:b9:f4:b9:07:27:
         7e:44:65:da:58:c0:35:ed:35:b1:8a:69:15:8b:e0:eb:7a:dc:
         d3:50:12:32:c1:50:3e:46:e5:9d:94:50:f1:04:fa:0f:b0:e7:
         3c:69:82:19:d6:8e:28:c6:b7:9a:07:07:bd:35:c1:cc:91:72:
         17:de:b3:10:e6:30:df:1a:eb:73:a0:85:d8:32:ef:29:08:f0:
         b9:aa:cd:0e:66:f5:29:d6:c6:75:02:af:f9:fb:53:af:d3:bc:
         a5:e4:73:5d:71:1b:54:a1:be:ef:d8:50:68:6b:a3:51:4f:c7:
         40:e1:f8:85:2b:ce:87:fe:89:2c:ef:29:cf:af:b1:1f:5e:d9:
         5f:12:96:c7:60:b2:7b:d8:ba:23:c5:fe:49:8d:56:be:01:82:
         6e:78:05:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuXkKs3ZQKbedIxqAbKviJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjYwMTA3MDgyNjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTU1Njg0YWQ3ODY5MjkyOWM3NWVlN2E5YjY1OWNiMDBmMGRmYWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsMRLbd+/dfuB26qiFDprXOpw7c0
TVJMtucrxR4TvVfklunbrRFkbfdcB8XW126XV6+F/7PIsl32favLs2NaE+AO2+In
Zwg1opIwJFmDHCM24NjOOgs6s/WXH+S/ZLBV117LeYvKaDsxZL3yBDvN6rDgOfpX
M+uds9TpLkPzz3gRbGHOEmQKBd2PP1h3OjbFzQXmMetl/AYk8Ad6Gpp+EOQtk0nW
jVliA7Te+y0gk16ILYAhBdgi+v8/U26GBLTn0plR+5o7AI35Cww2BVSQlqldYSZB
xxldYKY7HeCq8tCPU1YyYcAMbLAUh3GBPXJQR5pSKBKI3gCehyjBaD4XzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5VaErXhpKSnHXueptlnLAPDfrNMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvM2xWb1N0ZUdrcEtjZGU1Nm0yV2NzQThOLXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmWEZMA0G
CSqGSIb3DQEBCwUAA4IBAQCxAOUs59CZ8qIS4HtHZLwtMFTc7AekZioIgWnakdhh
CsJAD3Pfv9FjY5IPzWE2FMB6PT3+iiDfC4EWUQ0jJI0nQg9a9nb3TtKE36TCGvUQ
1Z6mJ/nBrJhMS32YugSJE22TJEwoKVAhufS5Byd+RGXaWMA17TWximkVi+DretzT
UBIywVA+RuWdlFDxBPoPsOc8aYIZ1o4oxreaBwe9NcHMkXIX3rMQ5jDfGutzoIXY
Mu8pCPC5qs0OZvUp1sZ1Aq/5+1Ov07yl5HNdcRtUob7v2FBoa6NRT8dA4fiFK86H
/oks7ynPr7EfXtlfEpbHYLJ72Lojxf5JjVa+AYJueAVV
-----END CERTIFICATE-----