This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/p3wMPlKya84iUZAkPyX7yNbRivs.roa
File:                     p3wMPlKya84iUZAkPyX7yNbRivs.roa (raw, json)
Hash identifier:          9KtMDQuIqF8uUlxtTEXKuSIedKKC3ufJcKuZAgmR5Sw=
Subject key identifier:   A7:7C:0C:3E:52:B2:6B:CE:22:51:90:24:3F:25:FB:C8:D6:D1:8A:FB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AB40F7D63987ED2568300EB3E785E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/p3wMPlKya84iUZAkPyX7yNbRivs.roa
Signing time:             Thu 01 Jan 2026 16:18:43 +0000
ROA not before:           Thu 01 Jan 2026 16:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152672
IP address blocks:        82.153.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 06:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b4:0f:7d:63:98:7e:d2:56:83:00:eb:3e:78:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a77c0c3e52b26bce225190243f25fbc8d6d18afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7d:30:e3:12:a5:91:65:b9:bc:81:bf:e7:2b:
                    d2:7d:e8:43:b3:18:5f:e2:26:12:35:7f:d3:d4:6b:
                    96:eb:2d:a4:5a:e0:e3:b9:07:d3:c5:31:32:ce:18:
                    ab:7d:b4:c3:64:01:aa:da:dd:ce:5e:ba:63:d1:2f:
                    14:97:c6:2e:b9:55:5b:87:c6:4c:0e:e4:30:13:61:
                    63:de:2c:22:0a:08:e0:e8:c8:7b:43:e0:72:12:e2:
                    37:72:dc:2b:4c:d8:e0:28:21:a8:81:80:b0:63:93:
                    79:dc:47:49:7e:1f:52:11:fa:e4:4c:9a:4e:8d:68:
                    e1:df:e7:e2:00:26:93:95:da:92:23:00:aa:82:0c:
                    96:2b:34:8c:b8:23:ee:ab:7a:6b:e7:5a:b7:49:7b:
                    4c:cc:75:04:7d:ee:d0:8a:99:b7:5e:60:f8:d1:97:
                    75:be:5e:73:d2:3a:01:59:36:e8:fb:67:15:87:bb:
                    8b:4d:40:06:86:0f:f5:22:01:de:3e:08:92:18:14:
                    35:5d:50:34:24:0b:80:c8:a9:26:31:a1:3e:49:a4:
                    15:8d:dc:d1:c7:b4:ef:ad:a7:fb:18:13:76:49:c9:
                    6a:59:b9:85:33:f6:9d:8e:82:31:06:e3:78:f2:54:
                    56:2b:e2:a4:52:0b:1c:1d:a0:c0:21:cc:42:c5:25:
                    b1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7C:0C:3E:52:B2:6B:CE:22:51:90:24:3F:25:FB:C8:D6:D1:8A:FB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/p3wMPlKya84iUZAkPyX7yNbRivs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:2a:7f:da:a0:f4:4c:17:86:f1:5d:a0:c6:a9:af:dd:dc:0f:
         a4:70:ad:21:2c:3a:66:40:3e:c8:79:79:fc:ec:79:47:8c:0c:
         51:1d:ea:c7:6e:1d:6b:08:a9:4b:8e:46:9f:0d:39:04:3f:98:
         b0:2f:0f:00:2f:b5:67:2b:5f:e8:8b:7b:89:be:47:2b:ce:e5:
         6c:2e:69:7f:62:4f:2f:df:37:f9:a1:b5:39:38:12:37:79:96:
         7d:da:8c:b3:5f:d5:d9:b8:f1:b7:40:55:c1:c6:ea:29:d1:a7:
         cb:85:fb:ed:5d:f8:ef:a2:3a:c3:ac:b8:91:88:ec:fa:c1:b9:
         b7:19:da:fe:f3:b0:c0:d8:a6:71:4d:16:f2:65:a2:1a:7d:e4:
         88:28:c9:76:a8:c5:ff:73:74:5d:28:f7:5b:d9:73:cf:d0:9e:
         44:26:0b:84:35:53:e0:ac:4d:df:22:ee:a1:18:f1:dc:ed:ee:
         c8:b0:ce:8d:0f:4b:a6:c8:14:87:51:84:50:b9:98:85:2a:f5:
         37:ea:eb:da:f3:d7:8a:41:b5:e3:25:ed:62:c2:2a:1f:26:e6:
         eb:3d:24:19:72:a2:e4:a5:69:84:1d:dc:53:5f:08:4f:91:6e:
         ad:8f:99:7e:34:55:b6:fe:5b:06:e7:bd:c8:57:46:86:40:85:
         d0:cf:c8:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WrQPfWOYftJWgwDrPnheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdjMGMzZTUyYjI2YmNlMjI1MTkwMjQzZjI1ZmJjOGQ2ZDE4YWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH0w4xKlkWW5vIG/5yvSfehDsxhf
4iYSNX/T1GuW6y2kWuDjuQfTxTEyzhirfbTDZAGq2t3OXrpj0S8Ul8YuuVVbh8ZM
DuQwE2Fj3iwiCgjg6Mh7Q+ByEuI3ctwrTNjgKCGogYCwY5N53EdJfh9SEfrkTJpO
jWjh3+fiACaTldqSIwCqggyWKzSMuCPuq3pr51q3SXtMzHUEfe7Qipm3XmD40Zd1
vl5z0joBWTbo+2cVh7uLTUAGhg/1IgHePgiSGBQ1XVA0JAuAyKkmMaE+SaQVjdzR
x7Tvraf7GBN2SclqWbmFM/adjoIxBuN48lRWK+KkUgscHaDAIcxCxSWxKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd8DD5SsmvOIlGQJD8l+8jW0Yr7MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcDN3TVBsS3lhODRpVVpBa1B5WDd5TmJSaXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnYMA0G
CSqGSIb3DQEBCwUAA4IBAQCcKn/aoPRMF4bxXaDGqa/d3A+kcK0hLDpmQD7IeXn8
7HlHjAxRHerHbh1rCKlLjkafDTkEP5iwLw8AL7VnK1/oi3uJvkcrzuVsLml/Yk8v
3zf5obU5OBI3eZZ92oyzX9XZuPG3QFXBxuop0afLhfvtXfjvojrDrLiRiOz6wbm3
Gdr+87DA2KZxTRbyZaIafeSIKMl2qMX/c3RdKPdb2XPP0J5EJguENVPgrE3fIu6h
GPHc7e7IsM6ND0umyBSHUYRQuZiFKvU36uva89eKQbXjJe1iwiofJubrPSQZcqLk
pWmEHdxTXwhPkW6tj5l+NFW2/lsG573IV0aGQIXQz8hz
-----END CERTIFICATE-----