This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/p3Hyh0jdIC43PpzpiNKWSt6UDNw.roa
File:                     p3Hyh0jdIC43PpzpiNKWSt6UDNw.roa (raw, json)
Hash identifier:          86IUgNRYLJym0R1U8pna9EY1nXyW2/1MDv4LItk2nWg=
Subject key identifier:   A7:71:F2:87:48:DD:20:2E:37:3E:9C:E9:88:D2:96:4A:DE:94:0C:DC
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019B7DCB891B7C8DE9C0BD70947BB6D202B5
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/p3Hyh0jdIC43PpzpiNKWSt6UDNw.roa
Signing time:             Fri 02 Jan 2026 08:20:49 +0000
ROA not before:           Fri 02 Jan 2026 08:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215943
IP address blocks:        84.252.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:89:1b:7c:8d:e9:c0:bd:70:94:7b:b6:d2:02:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  2 08:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a771f28748dd202e373e9ce988d2964ade940cdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:31:88:c6:10:90:7f:98:af:36:00:31:aa:3a:
                    fb:e4:5e:4f:01:ca:81:6f:3e:28:00:5c:16:52:0d:
                    e5:10:59:21:07:d2:9a:13:05:8d:68:4e:79:c4:1b:
                    f4:83:de:7d:6c:27:d4:45:42:23:17:df:bb:04:ed:
                    07:67:d1:81:1c:29:62:a5:91:75:23:ed:77:2d:d8:
                    8f:03:05:03:c4:63:ba:ee:67:63:72:e5:90:70:c1:
                    43:ee:80:ba:b4:41:36:b5:4b:7a:b1:7a:3a:d9:9b:
                    de:14:46:3e:bf:4f:de:b8:22:49:2f:c8:75:d2:87:
                    ca:a8:ea:b9:cf:d4:c6:09:3b:19:c4:c5:b6:6c:20:
                    16:fc:3d:87:f1:09:da:f4:e9:de:21:ee:e3:82:1f:
                    e9:c0:5a:d4:2e:2a:06:bb:f2:ed:d0:6b:d3:1c:a3:
                    b4:34:aa:92:58:0e:d8:9f:23:9e:2c:cd:33:d0:f7:
                    45:f2:c9:e1:1a:04:cb:b7:10:93:ab:48:f8:aa:f9:
                    8b:40:23:93:91:3f:95:6b:26:8d:9d:0e:d5:0b:3d:
                    c2:bb:1c:7d:d8:ed:74:2d:7d:50:10:10:79:f4:5c:
                    c3:0c:ba:d3:6b:22:16:78:52:a7:a2:84:68:02:b9:
                    75:eb:1f:da:68:02:72:ac:db:03:90:bf:1d:a1:ef:
                    ab:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:71:F2:87:48:DD:20:2E:37:3E:9C:E9:88:D2:96:4A:DE:94:0C:DC
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/p3Hyh0jdIC43PpzpiNKWSt6UDNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:eb:1f:ad:04:88:c1:d5:14:7c:db:8c:bc:5a:90:31:ac:b1:
         f8:2c:0f:83:88:f5:5d:08:a1:e0:de:71:08:48:2b:8a:29:37:
         3e:f6:d8:b8:bb:e5:6c:eb:70:36:fc:58:34:95:b4:a4:86:bb:
         8b:57:fe:0d:15:43:91:6f:d0:d6:ae:c3:4b:61:5b:af:3b:7d:
         e8:74:02:ca:8e:c4:54:42:79:7b:4a:0e:3a:5a:6e:a4:c2:f6:
         58:e3:6b:af:e5:f4:61:99:11:87:99:3b:45:bc:c6:10:e3:a1:
         cd:2e:77:26:94:db:6f:5c:52:fa:7f:4b:49:5f:6c:e1:d3:4f:
         41:7f:7c:c8:5a:4d:35:bb:32:49:1f:a4:aa:70:10:23:0b:e7:
         07:e5:66:07:a3:c7:f8:39:64:3b:b7:ca:6f:71:df:ff:a0:70:
         94:2a:d1:87:4c:c9:ea:d5:42:07:4c:1b:98:61:3e:eb:b3:f3:
         f1:12:b6:e8:5b:fd:ab:0b:e1:42:f7:1d:ae:d7:3e:c6:64:6e:
         1c:55:e7:93:06:fb:ee:e0:70:3d:eb:41:0d:de:61:d2:8d:1d:
         9b:08:0e:2e:f6:cd:25:25:93:2b:a6:5f:f9:03:bc:81:d2:7a:
         7e:d4:1a:41:72:73:b0:35:ca:80:80:61:39:fb:9f:22:16:cb:
         7a:1c:5d:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y4kbfI3pwL1wlHu20gK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMTAyMDgyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzcxZjI4NzQ4ZGQyMDJlMzczZTljZTk4OGQyOTY0YWRlOTQwY2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTGIxhCQf5ivNgAxqjr75F5PAcqB
bz4oAFwWUg3lEFkhB9KaEwWNaE55xBv0g959bCfURUIjF9+7BO0HZ9GBHClipZF1
I+13LdiPAwUDxGO67mdjcuWQcMFD7oC6tEE2tUt6sXo62ZveFEY+v0/euCJJL8h1
0ofKqOq5z9TGCTsZxMW2bCAW/D2H8Qna9OneIe7jgh/pwFrULioGu/Lt0GvTHKO0
NKqSWA7YnyOeLM0z0PdF8snhGgTLtxCTq0j4qvmLQCOTkT+VayaNnQ7VCz3Cuxx9
2O10LX1QEBB59FzDDLrTayIWeFKnooRoArl16x/aaAJyrNsDkL8doe+rswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdx8odI3SAuNz6c6YjSlkrelAzcMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvcDNIeWgwamRJQzQzUHB6cGlOS1dTdDZVRE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPxEMA0G
CSqGSIb3DQEBCwUAA4IBAQBR6x+tBIjB1RR824y8WpAxrLH4LA+DiPVdCKHg3nEI
SCuKKTc+9ti4u+Vs63A2/Fg0lbSkhruLV/4NFUORb9DWrsNLYVuvO33odALKjsRU
Qnl7Sg46Wm6kwvZY42uv5fRhmRGHmTtFvMYQ46HNLncmlNtvXFL6f0tJX2zh009B
f3zIWk01uzJJH6SqcBAjC+cH5WYHo8f4OWQ7t8pvcd//oHCUKtGHTMnq1UIHTBuY
YT7rs/PxErboW/2rC+FC9x2u1z7GZG4cVeeTBvvu4HA960EN3mHSjR2bCA4u9s0l
JZMrpl/5A7yB0np+1BpBcnOwNcqAgGE5+58iFst6HF3g
-----END CERTIFICATE-----