This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/A3GUvEekSZoXZuhfSPChuO_j1Ks.roa
File:                     A3GUvEekSZoXZuhfSPChuO_j1Ks.roa (raw, json)
Hash identifier:          Sr4IKLMyPH4Jv5IyKyZQx1tQrF3BoNSld9Sli9uKBCI=
Subject key identifier:   03:71:94:BC:47:A4:49:9A:17:66:E8:5F:48:F0:A1:B8:EF:E3:D4:AB
Certificate issuer:       /CN=5d99e8d5713a5e6382c0d1389d6242816f9d6fb9
Certificate serial:       019B76EB4341707552284F922A701ABBA686
Authority key identifier: 5D:99:E8:D5:71:3A:5E:63:82:C0:D1:38:9D:62:42:81:6F:9D:6F:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/A3GUvEekSZoXZuhfSPChuO_j1Ks.roa
Signing time:             Thu 01 Jan 2026 00:18:08 +0000
ROA not before:           Thu 01 Jan 2026 00:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208034
IP address blocks:        185.194.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/XZno1XE6XmOCwNE4nWJCgW-db7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/XZno1XE6XmOCwNE4nWJCgW-db7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:43:41:70:75:52:28:4f:92:2a:70:1a:bb:a6:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d99e8d5713a5e6382c0d1389d6242816f9d6fb9
        Validity
            Not Before: Jan  1 00:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=037194bc47a4499a1766e85f48f0a1b8efe3d4ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1f:ed:4d:28:4e:7d:90:65:5d:e9:cb:96:f0:
                    7f:66:fd:19:83:7a:d4:6b:36:1e:f7:3a:6b:6d:bf:
                    2d:44:87:e0:93:38:59:a6:42:83:12:b1:ee:1b:ec:
                    03:4e:05:25:0f:b2:5d:3a:aa:0d:3d:4f:81:9e:99:
                    da:85:5f:82:1b:3c:44:b8:bd:1e:4f:f4:c9:c3:2f:
                    5b:66:e2:74:f1:3f:91:43:02:19:89:4a:e1:59:0f:
                    ce:18:65:48:f7:9f:3d:b4:54:a0:87:d5:f6:f8:77:
                    79:c8:bb:67:19:38:d4:6b:a6:9e:05:0e:d2:3b:f8:
                    8f:71:bd:58:c0:03:af:43:72:7d:0e:24:4c:63:12:
                    fb:ec:ae:dd:0d:55:9f:47:7a:46:c1:a9:a2:b0:49:
                    8b:07:b3:53:39:86:be:32:de:7d:b5:41:0d:57:c2:
                    78:cd:64:2a:36:26:e9:8f:0b:d7:68:86:fa:3b:e0:
                    51:b3:45:58:0b:65:25:60:4e:71:fd:35:7d:f5:30:
                    72:8b:20:c9:09:9c:1f:26:82:8f:2d:de:b7:ba:ca:
                    aa:8b:83:89:cc:37:1b:3a:e0:c5:a6:dc:66:a0:13:
                    30:f4:cf:c8:20:01:3a:3c:90:d5:2d:31:fc:76:40:
                    06:a9:db:d7:02:0a:3a:37:77:1b:e6:63:d0:ac:4e:
                    0b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:71:94:BC:47:A4:49:9A:17:66:E8:5F:48:F0:A1:B8:EF:E3:D4:AB
            X509v3 Authority Key Identifier:
                keyid:5D:99:E8:D5:71:3A:5E:63:82:C0:D1:38:9D:62:42:81:6F:9D:6F:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/A3GUvEekSZoXZuhfSPChuO_j1Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/XZno1XE6XmOCwNE4nWJCgW-db7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:81:79:aa:0e:4e:b7:f5:a4:60:a6:99:70:ce:75:ed:67:ce:
         49:cd:2b:a8:53:2f:c6:94:6b:d0:57:83:b0:b5:39:63:d4:c4:
         58:48:da:43:0e:5c:a2:65:99:a8:0a:f3:14:de:d8:f3:d9:24:
         3f:70:60:e5:1c:4e:90:c4:af:a8:eb:46:0e:4c:92:d0:62:22:
         1f:0c:6f:fb:25:05:1d:82:c2:00:e9:9c:13:40:0f:70:88:7e:
         64:f5:e5:c0:99:ae:a9:8b:11:63:5d:6b:0a:90:42:4a:ec:96:
         00:04:b7:88:24:d4:5a:86:d5:3c:74:10:5b:9e:47:b7:9d:af:
         db:46:20:b4:2a:39:d4:eb:c0:24:39:fa:c1:d4:1d:72:79:38:
         60:c9:28:8f:dd:26:4d:5d:dc:9c:60:8f:7e:12:0e:8f:98:04:
         4c:ae:22:fd:ab:1b:46:dd:77:bc:00:0f:3a:f1:d5:d9:d5:54:
         8f:a0:87:8b:c9:52:e1:b2:1b:38:0f:2f:4e:7c:22:45:b8:48:
         a9:99:be:7c:97:c4:31:30:a6:81:48:dc:b0:44:c3:85:1a:34:
         a6:a1:3e:13:ce:2b:08:02:07:0c:04:c0:60:ef:88:e8:fa:c0:
         3b:68:8d:b0:07:4d:e4:6f:d7:f2:10:08:70:23:79:a5:57:9d:
         b4:8f:82:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260NBcHVSKE+SKnAau6aGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOTllOGQ1NzEzYTVlNjM4MmMwZDEzODlkNjI0MjgxNmY5
ZDZmYjkwHhcNMjYwMTAxMDAxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzcxOTRiYzQ3YTQ0OTlhMTc2NmU4NWY0OGYwYTFiOGVmZTNkNGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB/tTShOfZBlXenLlvB/Zv0Zg3rU
azYe9zprbb8tRIfgkzhZpkKDErHuG+wDTgUlD7JdOqoNPU+BnpnahV+CGzxEuL0e
T/TJwy9bZuJ08T+RQwIZiUrhWQ/OGGVI9589tFSgh9X2+Hd5yLtnGTjUa6aeBQ7S
O/iPcb1YwAOvQ3J9DiRMYxL77K7dDVWfR3pGwamisEmLB7NTOYa+Mt59tUENV8J4
zWQqNibpjwvXaIb6O+BRs0VYC2UlYE5x/TV99TByiyDJCZwfJoKPLd63usqqi4OJ
zDcbOuDFptxmoBMw9M/IIAE6PJDVLTH8dkAGqdvXAgo6N3cb5mPQrE4LKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANxlLxHpEmaF2boX0jwobjv49SrMB8GA1UdIwQY
MBaAFF2Z6NVxOl5jgsDROJ1iQoFvnW+5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFpubzFYRTZYbU9Dd05FNG5XSkNnVy1kYjdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9kMmY5OTItM2ExNy00OTc1LTljMmMt
OWNhOGVhOTBlNjE3LzEvQTNHVXZFZWtTWm9YWnVoZlNQQ2h1T19qMUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9kMmY5OTItM2ExNy00OTc1LTljMmMtOWNhOGVhOTBlNjE3
LzEvWFpubzFYRTZYbU9Dd05FNG5XSkNnVy1kYjdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucL5MA0G
CSqGSIb3DQEBCwUAA4IBAQBpgXmqDk639aRgpplwznXtZ85JzSuoUy/GlGvQV4Ow
tTlj1MRYSNpDDlyiZZmoCvMU3tjz2SQ/cGDlHE6QxK+o60YOTJLQYiIfDG/7JQUd
gsIA6ZwTQA9wiH5k9eXAma6pixFjXWsKkEJK7JYABLeIJNRahtU8dBBbnke3na/b
RiC0KjnU68AkOfrB1B1yeThgySiP3SZNXdycYI9+Eg6PmARMriL9qxtG3Xe8AA86
8dXZ1VSPoIeLyVLhshs4Dy9OfCJFuEipmb58l8QxMKaBSNywRMOFGjSmoT4TzisI
AgcMBMBg74jo+sA7aI2wB03kb9fyEAhwI3mlV520j4KW
-----END CERTIFICATE-----