This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/O3I3dPNJmuPHHGSvxBN1f_yBOHY.roa
File:                     O3I3dPNJmuPHHGSvxBN1f_yBOHY.roa (raw, json)
Hash identifier:          10TrND9dHn901lZi0YPPGwosIvC+vYHaO133ffw1VKE=
Subject key identifier:   3B:72:37:74:F3:49:9A:E3:C7:1C:64:AF:C4:13:75:7F:FC:81:38:76
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B7910AF5C942743210CA19BFFF9CB1FBC
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/O3I3dPNJmuPHHGSvxBN1f_yBOHY.roa
Signing time:             Thu 01 Jan 2026 10:18:15 +0000
ROA not before:           Thu 01 Jan 2026 10:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214079
IP address blocks:        2a12:bec4:1570::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:af:5c:94:27:43:21:0c:a1:9b:ff:f9:cb:1f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b723774f3499ae3c71c64afc413757ffc813876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:19:52:50:68:ca:15:6b:be:75:66:25:f5:b8:
                    36:a1:4f:60:ef:e4:29:f2:10:8c:23:64:bf:26:41:
                    ba:51:7b:d3:77:70:90:a5:92:ed:c9:6a:35:42:f8:
                    40:89:27:67:e6:e8:85:e8:ed:e3:b7:70:2e:35:ac:
                    df:ec:ef:c2:13:3b:5f:c9:d8:e9:43:67:e2:2d:b7:
                    aa:5d:f6:4f:e5:cb:eb:2e:30:45:44:02:92:6e:e2:
                    3e:39:31:4c:cc:80:ce:7f:5e:fe:44:1e:d8:64:7f:
                    d7:92:c8:63:92:aa:a0:f8:f0:34:b4:44:7c:37:60:
                    5f:3a:69:50:8d:fa:70:aa:6c:00:23:a0:68:5e:28:
                    a2:b1:99:8a:e8:d8:11:6a:e1:63:85:ac:2c:62:70:
                    68:88:57:d7:46:9a:49:8b:e4:f7:82:04:62:b1:50:
                    ab:21:8f:75:f1:36:74:31:2c:c5:78:40:44:53:9b:
                    ac:aa:26:bd:fd:3c:4b:3e:ea:00:db:fd:99:7d:f3:
                    c4:a3:24:99:77:8c:3f:0b:77:2a:b9:01:1b:61:8b:
                    41:81:16:d6:cf:65:0f:6c:1d:73:d8:1a:78:2e:ad:
                    e2:38:eb:0d:ae:47:1d:90:b3:37:7c:30:14:c8:19:
                    19:36:63:6e:8e:e5:51:af:2b:71:62:b9:4c:4c:3f:
                    da:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:72:37:74:F3:49:9A:E3:C7:1C:64:AF:C4:13:75:7F:FC:81:38:76
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/O3I3dPNJmuPHHGSvxBN1f_yBOHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1570::/44

    Signature Algorithm: sha256WithRSAEncryption
         93:33:ae:ce:2a:79:31:4f:98:db:32:5b:ac:9f:43:fe:0f:d5:
         76:12:2b:a6:8f:3b:39:c7:b7:a5:cb:31:f9:cb:9b:00:17:3e:
         7e:d3:1a:78:16:0c:78:25:38:ac:1d:29:32:58:f7:43:8a:44:
         17:e7:44:7c:48:ef:83:bb:29:a5:87:64:4b:8b:fa:c9:a3:b0:
         63:57:21:90:7a:28:95:54:13:b5:6f:03:5e:ae:2d:45:9f:0e:
         a8:04:90:48:26:29:84:fa:5e:30:0a:46:9a:b0:47:62:b9:19:
         87:25:33:92:b4:d0:dc:5c:b0:1d:57:b3:cb:63:7c:b0:35:99:
         59:99:36:b2:7e:28:c2:d1:aa:79:93:3c:ab:b7:f0:38:ca:e9:
         96:4d:31:ec:db:d9:5c:7a:9e:ba:8b:2b:ae:0e:d4:89:9d:0a:
         bc:4e:30:7f:5a:d1:73:ae:54:55:19:1a:1a:7b:a2:4f:1a:c8:
         27:f9:1f:02:24:11:c0:8d:a6:5b:da:59:22:4e:4f:82:00:3f:
         ae:c1:36:5d:ec:ce:39:a6:fb:76:82:74:b9:dc:37:77:df:00:
         a5:46:d8:1a:52:ce:61:9a:c3:05:91:7d:b1:2b:8b:75:ca:19:
         50:e4:09:f1:d5:8a:66:8d:11:6e:5f:91:fa:1b:92:ca:c6:fa:
         ed:27:e4:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EK9clCdDIQyhm//5yx+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjcyMzc3NGYzNDk5YWUzYzcxYzY0YWZjNDEzNzU3ZmZjODEzODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhlSUGjKFWu+dWYl9bg2oU9g7+Qp
8hCMI2S/JkG6UXvTd3CQpZLtyWo1QvhAiSdn5uiF6O3jt3AuNazf7O/CEztfydjp
Q2fiLbeqXfZP5cvrLjBFRAKSbuI+OTFMzIDOf17+RB7YZH/Xkshjkqqg+PA0tER8
N2BfOmlQjfpwqmwAI6BoXiiisZmK6NgRauFjhawsYnBoiFfXRppJi+T3ggRisVCr
IY918TZ0MSzFeEBEU5usqia9/TxLPuoA2/2ZffPEoySZd4w/C3cquQEbYYtBgRbW
z2UPbB1z2Bp4Lq3iOOsNrkcdkLM3fDAUyBkZNmNujuVRrytxYrlMTD/aZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDtyN3TzSZrjxxxkr8QTdX/8gTh2MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvTzNJM2RQTkptdVBISEdTdnhCTjFmX3lCT0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBVw
MA0GCSqGSIb3DQEBCwUAA4IBAQCTM67OKnkxT5jbMlusn0P+D9V2Eiumjzs5x7el
yzH5y5sAFz5+0xp4Fgx4JTisHSkyWPdDikQX50R8SO+Duymlh2RLi/rJo7BjVyGQ
eiiVVBO1bwNeri1Fnw6oBJBIJimE+l4wCkaasEdiuRmHJTOStNDcXLAdV7PLY3yw
NZlZmTayfijC0ap5kzyrt/A4yumWTTHs29lcep66iyuuDtSJnQq8TjB/WtFzrlRV
GRoae6JPGsgn+R8CJBHAjaZb2lkiTk+CAD+uwTZd7M45pvt2gnS53Dd33wClRtga
Us5hmsMFkX2xK4t1yhlQ5Anx1YpmjRFuX5H6G5LKxvrtJ+SP
-----END CERTIFICATE-----