This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/3Q0KlyVvFSo2Z_aPwEFvT37S6rE.roa
File:                     3Q0KlyVvFSo2Z_aPwEFvT37S6rE.roa (raw, json)
Hash identifier:          dAIGOyn30sK6qZGwmIyy2qshNSNaRwmKNbigfQVfRhE=
Subject key identifier:   DD:0D:0A:97:25:6F:15:2A:36:67:F6:8F:C0:41:6F:4F:7E:D2:EA:B1
Certificate issuer:       /CN=5740040e1b7a532dd2aec22e93a622b2e1b3bdef
Certificate serial:       019B7DCAA3C8A75FC6662C9AE1E396F8E323
Authority key identifier: 57:40:04:0E:1B:7A:53:2D:D2:AE:C2:2E:93:A6:22:B2:E1:B3:BD:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V0AEDht6Uy3SrsIuk6YisuGzve8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/3Q0KlyVvFSo2Z_aPwEFvT37S6rE.roa
Signing time:             Fri 02 Jan 2026 08:19:50 +0000
ROA not before:           Fri 02 Jan 2026 08:19:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        194.76.232.0/22 maxlen: 22
                          194.76.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/V0AEDht6Uy3SrsIuk6YisuGzve8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/V0AEDht6Uy3SrsIuk6YisuGzve8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V0AEDht6Uy3SrsIuk6YisuGzve8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:a3:c8:a7:5f:c6:66:2c:9a:e1:e3:96:f8:e3:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5740040e1b7a532dd2aec22e93a622b2e1b3bdef
        Validity
            Not Before: Jan  2 08:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd0d0a97256f152a3667f68fc0416f4f7ed2eab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a5:5c:4e:f7:b8:1a:e2:5a:16:ca:df:ab:29:
                    54:5a:4c:38:fd:ca:6f:65:13:ad:94:13:c8:25:7a:
                    58:d0:99:7a:1c:c1:69:19:0c:13:35:23:ed:e0:ae:
                    9d:75:42:57:1c:cd:e5:ee:1f:d0:d4:c9:2d:5e:d5:
                    43:9d:ee:5d:51:ca:40:73:7b:66:9b:a1:8b:90:70:
                    bd:cf:ab:c7:bf:b0:b4:87:73:f5:51:7c:d4:41:8d:
                    5e:dc:d7:ac:75:c4:34:f3:8a:dc:18:08:4e:15:73:
                    46:4a:12:5e:42:cc:13:52:54:54:1a:99:b5:3c:3b:
                    2f:fe:38:6b:bb:d6:c2:fe:02:d8:c6:9a:65:1a:46:
                    10:93:8a:67:6e:44:40:ea:ec:4d:03:2c:8a:8c:d6:
                    a6:5f:d0:ed:ec:66:cd:61:03:09:d7:ef:2e:d4:60:
                    ad:77:ae:1b:25:d0:9f:64:f3:ed:06:4a:97:14:d1:
                    35:1b:1f:cd:22:a1:bf:27:96:ba:8c:8e:34:f1:ad:
                    82:14:48:c0:96:86:5f:30:9d:26:fb:82:6d:a6:32:
                    5c:c7:15:66:6f:1b:a4:59:74:59:8a:c9:f8:b0:05:
                    5f:63:b8:38:96:91:48:b4:06:6d:17:a1:f0:aa:57:
                    24:3c:70:7d:12:6e:d5:3d:62:0e:84:e3:b7:d7:d0:
                    a6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0D:0A:97:25:6F:15:2A:36:67:F6:8F:C0:41:6F:4F:7E:D2:EA:B1
            X509v3 Authority Key Identifier:
                keyid:57:40:04:0E:1B:7A:53:2D:D2:AE:C2:2E:93:A6:22:B2:E1:B3:BD:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V0AEDht6Uy3SrsIuk6YisuGzve8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/3Q0KlyVvFSo2Z_aPwEFvT37S6rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/V0AEDht6Uy3SrsIuk6YisuGzve8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:9d:b7:0d:5b:cf:90:a5:40:d1:c5:75:84:45:d0:e6:60:73:
         e7:2b:74:1a:1c:47:17:49:39:b0:6f:5f:9f:d0:e9:86:07:a1:
         9c:43:fe:c8:7d:aa:57:b6:32:6c:39:5c:df:30:f8:27:df:ab:
         98:22:9d:0e:eb:12:86:f0:80:6f:f7:38:db:33:cd:8c:4a:62:
         03:a7:f0:d4:e0:c6:82:5b:54:5e:80:5c:3c:a7:68:ad:89:7e:
         da:7e:56:4a:ae:59:7f:ae:b0:47:50:c0:5b:a1:46:7a:71:af:
         56:dd:d1:4a:3f:cf:aa:d7:4c:8f:61:28:5f:56:83:79:a2:fe:
         14:d1:e3:7c:9d:88:14:f3:88:a9:7f:cd:f1:f4:4b:eb:5a:67:
         8e:db:22:8e:3a:ec:6f:02:0a:a5:bd:9b:1f:a1:ff:ce:39:24:
         40:be:ca:48:2b:2e:49:cd:cd:a1:ed:77:96:9f:ae:0b:4c:ad:
         b3:be:36:f6:93:de:06:b8:68:6b:d5:20:0c:1c:bf:66:63:a0:
         1f:28:ed:eb:a1:73:67:aa:89:d6:c0:cf:03:63:5f:4e:1d:0c:
         0b:72:e6:5b:08:68:2b:f4:f3:bb:79:2a:04:5c:ff:cd:61:c2:
         02:50:24:5c:fb:b3:02:00:87:14:b1:46:7f:3e:05:c7:24:82:
         4a:cb:15:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yqPIp1/GZiya4eOW+OMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NDAwNDBlMWI3YTUzMmRkMmFlYzIyZTkzYTYyMmIyZTFi
M2JkZWYwHhcNMjYwMTAyMDgxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBkMGE5NzI1NmYxNTJhMzY2N2Y2OGZjMDQxNmY0ZjdlZDJlYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aVcTve4GuJaFsrfqylUWkw4/cpv
ZROtlBPIJXpY0Jl6HMFpGQwTNSPt4K6ddUJXHM3l7h/Q1MktXtVDne5dUcpAc3tm
m6GLkHC9z6vHv7C0h3P1UXzUQY1e3NesdcQ084rcGAhOFXNGShJeQswTUlRUGpm1
PDsv/jhru9bC/gLYxpplGkYQk4pnbkRA6uxNAyyKjNamX9Dt7GbNYQMJ1+8u1GCt
d64bJdCfZPPtBkqXFNE1Gx/NIqG/J5a6jI408a2CFEjAloZfMJ0m+4JtpjJcxxVm
bxukWXRZisn4sAVfY7g4lpFItAZtF6HwqlckPHB9Em7VPWIOhOO319CmvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0NCpclbxUqNmf2j8BBb09+0uqxMB8GA1UdIwQY
MBaAFFdABA4belMt0q7CLpOmIrLhs73vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjBBRURodDZVeTNTcnNJdWs2WWlzdUd6dmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xYzAyMDUtNWM2NS00N2NkLWIxYjMt
MjdjMjZiMjNiODQ1LzEvM1EwS2x5VnZGU28yWl9hUHdFRnZUMzdTNnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xYzAyMDUtNWM2NS00N2NkLWIxYjMtMjdjMjZiMjNiODQ1
LzEvVjBBRURodDZVeTNTcnNJdWs2WWlzdUd6dmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwkzoMA0G
CSqGSIb3DQEBCwUAA4IBAQBWnbcNW8+QpUDRxXWERdDmYHPnK3QaHEcXSTmwb1+f
0OmGB6GcQ/7IfapXtjJsOVzfMPgn36uYIp0O6xKG8IBv9zjbM82MSmIDp/DU4MaC
W1RegFw8p2itiX7aflZKrll/rrBHUMBboUZ6ca9W3dFKP8+q10yPYShfVoN5ov4U
0eN8nYgU84ipf83x9EvrWmeO2yKOOuxvAgqlvZsfof/OOSRAvspIKy5Jzc2h7XeW
n64LTK2zvjb2k94GuGhr1SAMHL9mY6AfKO3roXNnqonWwM8DY19OHQwLcuZbCGgr
9PO7eSoEXP/NYcICUCRc+7MCAIcUsUZ/PgXHJIJKyxVf
-----END CERTIFICATE-----