This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/Q3KsXzG_1owp4twp3h32beoBh9Q.roa
File:                     Q3KsXzG_1owp4twp3h32beoBh9Q.roa (raw, json)
Hash identifier:          95YPdhWrEz7hBrK+p1i4JTgHUiXN7Vq6G7x0WIDZtrI=
Subject key identifier:   43:72:AC:5F:31:BF:D6:8C:29:E2:DC:29:DE:1D:F6:6D:EA:01:87:D4
Certificate issuer:       /CN=3b5c2467546f4b078a0224da1ccac5c287e93453
Certificate serial:       019B797E93CA6AD860613D7BE465B65B6C69
Authority key identifier: 3B:5C:24:67:54:6F:4B:07:8A:02:24:DA:1C:CA:C5:C2:87:E9:34:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/Q3KsXzG_1owp4twp3h32beoBh9Q.roa
Signing time:             Thu 01 Jan 2026 12:18:17 +0000
ROA not before:           Thu 01 Jan 2026 12:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50177
IP address blocks:        88.135.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:93:ca:6a:d8:60:61:3d:7b:e4:65:b6:5b:6c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b5c2467546f4b078a0224da1ccac5c287e93453
        Validity
            Not Before: Jan  1 12:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4372ac5f31bfd68c29e2dc29de1df66dea0187d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cf:db:40:99:ff:d3:40:86:51:cf:08:61:9f:
                    c6:38:a8:e4:68:94:c8:de:0f:36:af:ec:34:ba:ff:
                    a9:14:67:8a:55:ca:a0:59:11:63:67:a5:70:33:4c:
                    dd:3d:93:11:f3:f7:74:33:e2:e4:38:4d:cc:87:d6:
                    00:0f:8d:e9:9a:eb:6f:4d:05:c8:88:89:ec:d8:71:
                    70:a1:0b:9e:2d:90:89:b3:26:b3:60:08:3e:d2:da:
                    c5:e2:87:d3:94:28:aa:c4:32:72:57:14:f1:51:3d:
                    f3:7a:a3:28:c1:f2:ad:1e:73:4c:56:c4:a8:79:08:
                    98:17:cd:f1:fe:71:cb:1f:07:95:78:00:37:05:7b:
                    20:40:b6:44:e2:ed:21:c3:c0:2d:e8:bc:d8:1a:44:
                    30:6e:7c:b5:d7:b1:ce:a2:d7:35:ec:b4:e1:85:0d:
                    54:2d:14:f5:82:30:e5:00:5f:2c:c4:12:2c:46:05:
                    51:b5:05:51:b0:f5:03:bf:20:a4:13:09:bb:2c:25:
                    50:5e:bf:06:84:da:5c:0c:ef:5d:a6:82:e2:92:9c:
                    f0:92:d1:b2:1a:8e:08:a1:0c:c7:b2:35:7b:5d:ae:
                    83:45:bc:ff:a9:dd:8c:1c:9b:26:76:f6:03:a4:1a:
                    fd:5f:b1:a4:a5:71:4f:22:d7:de:c5:28:7c:b0:2d:
                    9b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:72:AC:5F:31:BF:D6:8C:29:E2:DC:29:DE:1D:F6:6D:EA:01:87:D4
            X509v3 Authority Key Identifier:
                keyid:3B:5C:24:67:54:6F:4B:07:8A:02:24:DA:1C:CA:C5:C2:87:E9:34:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/Q3KsXzG_1owp4twp3h32beoBh9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:34:6b:df:5d:3f:86:a1:62:5c:5e:93:10:5b:d0:ee:bd:5a:
         88:b7:c5:54:41:dd:72:02:95:37:95:63:2f:b4:47:c9:36:39:
         30:7f:de:e4:91:0f:80:6a:33:38:20:b9:c4:b7:b3:37:30:69:
         b9:c3:7b:d6:71:e3:f3:f6:0d:c7:be:89:21:d8:b6:3b:b8:f8:
         e5:bc:90:36:60:8b:5e:19:6e:39:5b:fc:06:b9:cf:e5:05:fb:
         d8:b6:86:df:c2:7e:d1:af:ce:b2:e3:a3:1c:4a:18:d9:aa:fe:
         9e:23:42:26:0f:1b:97:3a:6f:72:ef:5b:d2:c9:f8:0d:81:73:
         12:f1:58:d6:34:d8:26:4b:96:01:cb:14:2b:fe:dd:be:f5:6c:
         7b:07:fb:8d:08:5c:cd:fb:b2:2b:01:6f:53:f3:3d:62:7d:b5:
         be:78:75:7a:7a:33:4c:ee:f2:95:63:f7:6b:9c:76:b3:19:c1:
         bf:1b:61:49:b1:76:fa:eb:70:28:3a:ae:d6:1e:47:03:57:fe:
         e8:38:7d:af:3f:fe:1d:97:c7:a1:5a:a4:c2:b2:a9:d0:a8:7e:
         7d:e0:59:a1:d5:1b:7e:d7:aa:bb:d1:de:a8:ce:76:b3:cf:c4:
         17:36:9f:92:f9:d1:0e:9d:23:1a:e1:35:53:45:0e:fe:42:96:
         4f:af:5f:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fpPKathgYT175GW2W2xpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNWMyNDY3NTQ2ZjRiMDc4YTAyMjRkYTFjY2FjNWMyODdl
OTM0NTMwHhcNMjYwMTAxMTIxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzcyYWM1ZjMxYmZkNjhjMjllMmRjMjlkZTFkZjY2ZGVhMDE4N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos/bQJn/00CGUc8IYZ/GOKjkaJTI
3g82r+w0uv+pFGeKVcqgWRFjZ6VwM0zdPZMR8/d0M+LkOE3Mh9YAD43pmutvTQXI
iIns2HFwoQueLZCJsyazYAg+0trF4ofTlCiqxDJyVxTxUT3zeqMowfKtHnNMVsSo
eQiYF83x/nHLHweVeAA3BXsgQLZE4u0hw8At6LzYGkQwbny117HOotc17LThhQ1U
LRT1gjDlAF8sxBIsRgVRtQVRsPUDvyCkEwm7LCVQXr8GhNpcDO9dpoLikpzwktGy
Go4IoQzHsjV7Xa6DRbz/qd2MHJsmdvYDpBr9X7GkpXFPItfexSh8sC2bDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENyrF8xv9aMKeLcKd4d9m3qAYfUMB8GA1UdIwQY
MBaAFDtcJGdUb0sHigIk2hzKxcKH6TRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzF3a1oxUnZTd2VLQWlUYUhNckZ3b2ZwTkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iNThkOTQtYjU2NC00ZDQ5LWE4ZmQt
NWMwOTZhODdiYjA3LzEvUTNLc1h6R18xb3dwNHR3cDNoMzJiZW9CaDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iNThkOTQtYjU2NC00ZDQ5LWE4ZmQtNWMwOTZhODdiYjA3
LzEvTzF3a1oxUnZTd2VLQWlUYUhNckZ3b2ZwTkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWIcgMA0G
CSqGSIb3DQEBCwUAA4IBAQBMNGvfXT+GoWJcXpMQW9DuvVqIt8VUQd1yApU3lWMv
tEfJNjkwf97kkQ+AajM4ILnEt7M3MGm5w3vWcePz9g3Hvokh2LY7uPjlvJA2YIte
GW45W/wGuc/lBfvYtobfwn7Rr86y46McShjZqv6eI0ImDxuXOm9y71vSyfgNgXMS
8VjWNNgmS5YByxQr/t2+9Wx7B/uNCFzN+7IrAW9T8z1ifbW+eHV6ejNM7vKVY/dr
nHazGcG/G2FJsXb663AoOq7WHkcDV/7oOH2vP/4dl8ehWqTCsqnQqH594Fmh1Rt+
16q70d6oznazz8QXNp+S+dEOnSMa4TVTRQ7+QpZPr1/I
-----END CERTIFICATE-----