This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/mG3lXidAEmQtYz9vK0qI_IRBcC0.roa
File:                     mG3lXidAEmQtYz9vK0qI_IRBcC0.roa (raw, json)
Hash identifier:          60gXTR1+cmj+xHmkqaa+iJ7DhgWXTRT1YL/mFyIqWls=
Subject key identifier:   98:6D:E5:5E:27:40:12:64:2D:63:3F:6F:2B:4A:88:FC:84:41:70:2D
Certificate issuer:       /CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
Certificate serial:       019B7758D24C314169CD3D75AED6211C8438
Authority key identifier: BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/mG3lXidAEmQtYz9vK0qI_IRBcC0.roa
Signing time:             Thu 01 Jan 2026 02:17:48 +0000
ROA not before:           Thu 01 Jan 2026 02:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        212.96.150.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:d2:4c:31:41:69:cd:3d:75:ae:d6:21:1c:84:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
        Validity
            Not Before: Jan  1 02:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=986de55e274012642d633f6f2b4a88fc8441702d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f7:13:6d:e9:a6:98:c2:e7:a0:44:81:c8:a2:
                    a3:f1:1c:59:d4:d6:e2:ac:c1:c2:8d:5f:85:8c:d9:
                    8d:59:93:ca:02:5d:6e:92:bd:7d:c0:eb:59:26:69:
                    52:23:f9:18:2d:0c:a7:de:12:4d:64:ee:be:08:8d:
                    3a:3f:00:86:41:35:ce:db:e1:a1:b2:ae:2d:fa:1f:
                    72:14:a1:38:6c:99:30:62:db:7d:26:ac:da:97:96:
                    ed:86:18:f1:28:37:02:46:07:b2:33:84:22:e2:1d:
                    d7:61:f0:28:00:cd:c0:ac:bd:32:5e:81:8e:c8:5b:
                    99:bc:98:18:7b:3c:85:a8:8e:0c:ea:58:ce:2c:38:
                    c5:b8:28:ca:1f:94:58:6e:88:59:cf:08:f4:15:34:
                    f6:c8:64:c7:dd:ad:0a:02:d8:a7:1f:46:f3:50:29:
                    49:f7:70:a7:88:4d:5d:0e:67:56:44:e8:34:0c:3c:
                    96:76:6d:aa:1f:b4:82:ee:db:cc:48:7e:90:c9:fb:
                    4d:02:12:22:30:59:0a:34:ca:38:97:02:9a:13:d3:
                    b5:08:f3:30:06:ef:19:dd:a9:2a:a1:f8:b1:03:1f:
                    7d:6c:bf:ec:b3:60:6a:01:1c:ac:f2:6d:79:5d:c2:
                    21:60:37:06:3e:d8:07:ff:c2:9b:b2:c2:14:98:94:
                    8d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:6D:E5:5E:27:40:12:64:2D:63:3F:6F:2B:4A:88:FC:84:41:70:2D
            X509v3 Authority Key Identifier:
                keyid:BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/mG3lXidAEmQtYz9vK0qI_IRBcC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.96.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:45:69:d7:5b:bc:1e:3a:ab:77:44:01:ea:0d:f2:2b:53:84:
         fd:d1:e5:3d:9c:bc:84:d7:ec:fd:91:0c:f6:a9:7f:f6:97:59:
         ac:eb:33:e3:58:79:66:0d:04:e3:72:3b:8e:a3:1f:7f:1a:b5:
         38:14:9e:42:aa:03:87:5b:2c:da:9b:71:80:3c:0c:d7:7a:d1:
         49:8c:89:ef:fb:5a:c1:2b:e8:3e:e7:2b:f3:76:41:52:4e:7b:
         2a:5d:40:eb:ce:ac:81:3c:e9:46:a5:21:0a:3a:cd:e9:70:40:
         52:ab:8c:22:33:15:91:77:42:7d:7f:38:3e:1b:42:39:49:c8:
         9e:92:78:14:95:21:41:1d:a4:ff:33:36:4d:33:92:98:f9:f7:
         e4:73:f1:26:07:5d:bd:ba:ea:27:6f:af:d6:15:52:f2:d6:f3:
         6a:dc:8b:a7:11:94:5d:53:9e:87:86:4a:35:be:10:7f:a2:39:
         32:d8:00:b3:c8:e5:ab:b6:4a:d5:b2:19:80:74:7c:0d:b5:cb:
         ee:69:33:98:34:35:3e:7b:d7:71:48:fc:ae:9c:fb:52:8f:81:
         e9:f0:47:a6:a1:0e:44:de:e8:4a:f1:37:de:e9:95:2b:70:96:
         c8:6f:88:56:11:e1:7a:0f:d6:d2:ca:fa:87:cc:be:89:ed:82:
         d8:de:9c:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WNJMMUFpzT11rtYhHIQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2EyNTJhOGZjY2EwMzYxZGEyMzRhNGYzZGRiOTU3Nzg5
ZDBlNTUwHhcNMjYwMTAxMDIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZkZTU1ZTI3NDAxMjY0MmQ2MzNmNmYyYjRhODhmYzg0NDE3MDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPcTbemmmMLnoESByKKj8RxZ1Nbi
rMHCjV+FjNmNWZPKAl1ukr19wOtZJmlSI/kYLQyn3hJNZO6+CI06PwCGQTXO2+Gh
sq4t+h9yFKE4bJkwYtt9Jqzal5bthhjxKDcCRgeyM4Qi4h3XYfAoAM3ArL0yXoGO
yFuZvJgYezyFqI4M6ljOLDjFuCjKH5RYbohZzwj0FTT2yGTH3a0KAtinH0bzUClJ
93CniE1dDmdWROg0DDyWdm2qH7SC7tvMSH6QyftNAhIiMFkKNMo4lwKaE9O1CPMw
Bu8Z3akqofixAx99bL/ss2BqARys8m15XcIhYDcGPtgH/8KbssIUmJSNPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJht5V4nQBJkLWM/bytKiPyEQXAtMB8GA1UdIwQY
MBaAFLw6JSqPzKA2HaI0pPPduVd4nQ5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDkt
MGExOTUxOGY3MzU4LzEvbUczbFhpZEFFbVF0WXo5dkswcUlfSVJCY0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDktMGExOTUxOGY3MzU4
LzEvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1GCWMA0G
CSqGSIb3DQEBCwUAA4IBAQCNRWnXW7weOqt3RAHqDfIrU4T90eU9nLyE1+z9kQz2
qX/2l1ms6zPjWHlmDQTjcjuOox9/GrU4FJ5CqgOHWyzam3GAPAzXetFJjInv+1rB
K+g+5yvzdkFSTnsqXUDrzqyBPOlGpSEKOs3pcEBSq4wiMxWRd0J9fzg+G0I5Scie
kngUlSFBHaT/MzZNM5KY+ffkc/EmB129uuonb6/WFVLy1vNq3IunEZRdU56Hhko1
vhB/ojky2ACzyOWrtkrVshmAdHwNtcvuaTOYNDU+e9dxSPyunPtSj4Hp8EemoQ5E
3uhK8Tfe6ZUrcJbIb4hWEeF6D9bSyvqHzL6J7YLY3pxT
-----END CERTIFICATE-----