This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/3xxSrQX7ikVH9joHH7QsgCEkz0M.roa
File:                     3xxSrQX7ikVH9joHH7QsgCEkz0M.roa (raw, json)
Hash identifier:          wOzTlwIIx8vGJW4532eTCHLypEd105cx24+b6jsBnOE=
Subject key identifier:   DF:1C:52:AD:05:FB:8A:45:47:F6:3A:07:1F:B4:2C:80:21:24:CF:43
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       019B7B36A277E2F5A13DDC0362CC5C72ED07
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/3xxSrQX7ikVH9joHH7QsgCEkz0M.roa
Signing time:             Thu 01 Jan 2026 20:18:56 +0000
ROA not before:           Thu 01 Jan 2026 20:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        185.126.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a2:77:e2:f5:a1:3d:dc:03:62:cc:5c:72:ed:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  1 20:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df1c52ad05fb8a4547f63a071fb42c802124cf43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f7:a4:93:e6:7c:ae:e7:d2:a0:87:38:d9:84:
                    b5:51:39:ab:05:17:f5:9b:8d:c3:2a:e4:0b:e8:3d:
                    33:17:4e:a8:13:27:55:73:db:07:4b:10:01:35:13:
                    68:ba:0f:a0:8a:38:44:78:d1:f0:26:47:0f:d3:d0:
                    a2:2f:a0:06:4a:78:af:4d:26:12:8c:fc:06:b8:80:
                    15:42:62:df:ad:15:27:db:cc:98:a7:23:78:88:f1:
                    38:dc:25:13:76:dd:eb:a8:c3:1c:b8:04:b4:d2:06:
                    13:1e:1a:7f:04:e8:8c:2f:d3:9c:33:ad:28:20:69:
                    42:2b:cc:72:ab:a2:80:b4:3a:d1:e3:c7:b8:fc:dc:
                    96:3c:fa:da:25:d3:89:91:26:70:9a:c8:ab:3a:68:
                    1f:14:8f:a7:2d:e3:74:fb:42:43:eb:c2:6c:64:ba:
                    55:5b:db:0d:96:69:95:c8:48:a1:50:a3:80:2a:9c:
                    62:43:f3:3e:bd:fc:1d:7f:97:9a:da:42:e8:bf:ac:
                    2c:4c:38:2c:8e:6e:5f:87:06:18:7f:52:24:e1:5e:
                    be:0b:a2:8e:3e:a7:65:1c:66:1e:b6:52:2c:f2:6a:
                    85:6d:b8:26:7c:3f:eb:2b:5a:a1:7d:e8:be:88:60:
                    7a:14:89:1b:d9:98:57:41:cd:d2:90:55:6c:cd:e0:
                    0a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:1C:52:AD:05:FB:8A:45:47:F6:3A:07:1F:B4:2C:80:21:24:CF:43
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/3xxSrQX7ikVH9joHH7QsgCEkz0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:35:c4:f5:7d:34:9c:5f:bd:17:92:75:3a:69:41:55:ee:8d:
         0c:ac:a9:0f:e6:bb:55:c6:b3:1b:6d:38:89:18:86:f3:d6:57:
         02:b5:a2:5b:93:3b:9a:0d:5f:1e:16:12:f0:58:83:bc:6b:4a:
         cf:72:7d:c3:ee:e3:90:f7:51:ad:66:d2:f8:94:99:77:12:be:
         42:19:61:79:ad:84:6b:47:c9:3f:4c:6b:5d:b0:31:d5:29:4b:
         d0:2e:71:47:f1:d8:52:6d:e1:92:f0:31:5d:ef:3d:a1:d7:92:
         e2:43:a4:4f:a6:20:2a:52:ee:82:4c:f4:44:59:f2:6d:2e:9a:
         fe:e7:5d:67:cd:28:1f:fd:e8:14:b5:48:b3:43:85:c1:f1:7b:
         ed:e0:7e:35:61:00:84:a4:d5:3f:71:b3:e7:d0:ee:0e:46:69:
         af:50:6d:fb:23:ef:93:05:53:2f:c6:0b:3b:27:b8:f9:2b:3a:
         dd:56:36:cc:18:bb:fe:18:03:df:58:44:67:71:b0:ba:0d:77:
         08:42:35:cc:d6:8c:99:35:81:c9:69:18:ec:e8:50:7d:cd:31:
         08:bb:6e:29:ae:4e:3a:38:d9:33:24:e5:fa:b4:41:df:c3:a7:
         5c:e9:07:96:03:8e:50:f8:67:1d:a0:f7:e8:60:00:a3:d4:35:
         26:2d:ff:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NqJ34vWhPdwDYsxccu0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjYwMTAxMjAxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjFjNTJhZDA1ZmI4YTQ1NDdmNjNhMDcxZmI0MmM4MDIxMjRjZjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/ekk+Z8rufSoIc42YS1UTmrBRf1
m43DKuQL6D0zF06oEydVc9sHSxABNRNoug+gijhEeNHwJkcP09CiL6AGSnivTSYS
jPwGuIAVQmLfrRUn28yYpyN4iPE43CUTdt3rqMMcuAS00gYTHhp/BOiML9OcM60o
IGlCK8xyq6KAtDrR48e4/NyWPPraJdOJkSZwmsirOmgfFI+nLeN0+0JD68JsZLpV
W9sNlmmVyEihUKOAKpxiQ/M+vfwdf5ea2kLov6wsTDgsjm5fhwYYf1Ik4V6+C6KO
PqdlHGYetlIs8mqFbbgmfD/rK1qhfei+iGB6FIkb2ZhXQc3SkFVszeAKWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8cUq0F+4pFR/Y6Bx+0LIAhJM9DMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvM3h4U3JRWDdpa1ZIOWpvSEg3UXNnQ0VrejBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX4jMA0G
CSqGSIb3DQEBCwUAA4IBAQCANcT1fTScX70XknU6aUFV7o0MrKkP5rtVxrMbbTiJ
GIbz1lcCtaJbkzuaDV8eFhLwWIO8a0rPcn3D7uOQ91GtZtL4lJl3Er5CGWF5rYRr
R8k/TGtdsDHVKUvQLnFH8dhSbeGS8DFd7z2h15LiQ6RPpiAqUu6CTPREWfJtLpr+
511nzSgf/egUtUizQ4XB8Xvt4H41YQCEpNU/cbPn0O4ORmmvUG37I++TBVMvxgs7
J7j5KzrdVjbMGLv+GAPfWERncbC6DXcIQjXM1oyZNYHJaRjs6FB9zTEIu24prk46
ONkzJOX6tEHfw6dc6QeWA45Q+GcdoPfoYACj1DUmLf/+
-----END CERTIFICATE-----
Generated at Sun Jan 18 11:04:22 2026 by rpki-client