This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3YZF9HkhuXOqOunRkF6rmrLYSy8.roa
File:                     3YZF9HkhuXOqOunRkF6rmrLYSy8.roa (raw, json)
Hash identifier:          vc9sFD8EKpEaXBqgIfSoQI4Gq4fmOQWWdDEtCaljrSo=
Subject key identifier:   DD:86:45:F4:79:21:B9:73:AA:3A:E9:D1:90:5E:AB:9A:B2:D8:4B:2F
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019B7C132728E0C48B6D32541F84E4B96A91
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3YZF9HkhuXOqOunRkF6rmrLYSy8.roa
Signing time:             Fri 02 Jan 2026 00:19:48 +0000
ROA not before:           Fri 02 Jan 2026 00:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52286
IP address blocks:        141.136.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:27:28:e0:c4:8b:6d:32:54:1f:84:e4:b9:6a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 00:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd8645f47921b973aa3ae9d1905eab9ab2d84b2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:70:dd:d2:3f:07:86:56:38:61:8b:d0:5a:0a:
                    7a:f4:f9:58:9f:c6:19:5a:06:04:ff:38:e8:92:43:
                    2c:b4:9d:17:7c:44:b9:8e:c5:df:6b:8c:8f:a1:00:
                    93:0d:7b:cd:76:f4:1c:9b:44:02:50:03:2e:67:3d:
                    ab:33:08:14:68:39:0f:34:28:ac:74:2c:4e:be:22:
                    df:df:1a:55:83:f2:79:22:94:50:3a:92:88:9f:f9:
                    da:51:db:ff:79:52:25:36:dc:ab:44:69:8c:74:0c:
                    38:5b:3b:dd:69:4d:90:aa:8b:24:4e:4d:97:e9:e6:
                    f6:64:bd:32:48:81:d9:7e:fe:a3:5b:37:61:b6:30:
                    ec:df:da:48:0e:04:d2:cc:92:fe:87:db:6e:af:0e:
                    21:21:54:49:c9:34:4b:d3:d5:9b:76:35:0c:ee:33:
                    0c:01:fb:b4:4f:02:25:5a:0c:8b:02:77:6f:6b:2d:
                    9f:70:7a:ca:48:5a:ae:d7:5d:ad:8f:17:ed:45:15:
                    1f:00:54:33:12:a1:17:13:9c:5f:7b:33:aa:93:18:
                    ae:d2:2f:a2:ca:87:82:25:fd:69:53:dc:49:8c:47:
                    ff:af:d2:e6:03:2d:68:a1:41:3c:e1:29:39:e1:f8:
                    18:76:03:2b:bd:48:28:b8:1c:a0:5d:0c:f7:58:8e:
                    76:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:86:45:F4:79:21:B9:73:AA:3A:E9:D1:90:5E:AB:9A:B2:D8:4B:2F
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3YZF9HkhuXOqOunRkF6rmrLYSy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f1:a5:20:df:49:9d:ee:10:98:3f:25:8f:e8:2b:1b:78:18:
         2d:c5:80:11:35:e9:28:d8:04:65:95:90:f1:c3:74:fe:cb:6d:
         03:2c:88:a3:27:53:a8:c5:9f:bb:f4:97:26:05:bb:9d:c0:dd:
         90:e7:c7:3a:36:f5:70:65:8e:7d:7e:b9:9f:3a:b5:8b:c9:0b:
         88:60:8c:71:30:93:8a:8a:78:f3:98:d5:0a:12:a7:f4:42:d6:
         1e:e0:ff:13:5e:d8:8a:86:ae:d5:02:c9:ee:72:a5:aa:53:3c:
         62:73:a8:4b:04:e3:88:f0:23:25:ee:e4:d8:16:e4:8d:46:cd:
         4f:41:68:f2:fa:e4:49:37:b4:ec:f0:c8:5e:d8:74:67:be:51:
         30:fd:b0:4d:fb:ec:b9:f3:0e:74:15:1e:7f:8c:ed:ae:12:34:
         a0:c3:2e:b8:ac:3c:75:bf:54:c9:31:0b:ce:e8:85:07:b6:6a:
         f2:00:e9:b2:99:c0:19:c9:87:80:ac:9c:4c:15:74:e7:23:fa:
         75:56:72:30:8c:01:f3:10:07:c2:65:34:1d:59:c7:90:86:8a:
         85:61:ac:b4:98:00:76:00:9f:e1:02:77:b7:ce:3e:45:a7:78:
         3d:e0:47:65:53:0e:86:7a:54:92:be:6f:e4:39:6a:8f:4c:55:
         04:cd:53:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eyco4MSLbTJUH4TkuWqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMTAyMDAxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDg2NDVmNDc5MjFiOTczYWEzYWU5ZDE5MDVlYWI5YWIyZDg0YjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXDd0j8HhlY4YYvQWgp69PlYn8YZ
WgYE/zjokkMstJ0XfES5jsXfa4yPoQCTDXvNdvQcm0QCUAMuZz2rMwgUaDkPNCis
dCxOviLf3xpVg/J5IpRQOpKIn/naUdv/eVIlNtyrRGmMdAw4WzvdaU2QqoskTk2X
6eb2ZL0ySIHZfv6jWzdhtjDs39pIDgTSzJL+h9turw4hIVRJyTRL09WbdjUM7jMM
Afu0TwIlWgyLAndvay2fcHrKSFqu112tjxftRRUfAFQzEqEXE5xfezOqkxiu0i+i
yoeCJf1pU9xJjEf/r9LmAy1ooUE84Sk54fgYdgMrvUgouBygXQz3WI52MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2GRfR5Iblzqjrp0ZBeq5qy2EsvMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvM1laRjlIa2h1WE9xT3VuUmtGNnJtckxZU3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjYg7MA0G
CSqGSIb3DQEBCwUAA4IBAQAK8aUg30md7hCYPyWP6CsbeBgtxYARNeko2ARllZDx
w3T+y20DLIijJ1OoxZ+79JcmBbudwN2Q58c6NvVwZY59frmfOrWLyQuIYIxxMJOK
injzmNUKEqf0QtYe4P8TXtiKhq7VAsnucqWqUzxic6hLBOOI8CMl7uTYFuSNRs1P
QWjy+uRJN7Ts8Mhe2HRnvlEw/bBN++y58w50FR5/jO2uEjSgwy64rDx1v1TJMQvO
6IUHtmryAOmymcAZyYeArJxMFXTnI/p1VnIwjAHzEAfCZTQdWceQhoqFYay0mAB2
AJ/hAne3zj5Fp3g94EdlUw6GelSSvm/kOWqPTFUEzVNB
-----END CERTIFICATE-----