This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/M3d-ndtS-EWKNtc6mJwZhcKWXhE.roa
File:                     M3d-ndtS-EWKNtc6mJwZhcKWXhE.roa (raw, json)
Hash identifier:          IX96+0wugdLurSubiSiT1icuKiERC0yGvvvWL4yy+fQ=
Subject key identifier:   33:77:7E:9D:DB:52:F8:45:8A:36:D7:3A:98:9C:19:85:C2:96:5E:11
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019B7FF23E461E8DE62A36388416E0459883
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/M3d-ndtS-EWKNtc6mJwZhcKWXhE.roa
Signing time:             Fri 02 Jan 2026 18:22:20 +0000
ROA not before:           Fri 02 Jan 2026 18:22:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63018
IP address blocks:        193.105.95.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 18:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:3e:46:1e:8d:e6:2a:36:38:84:16:e0:45:98:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 18:22:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33777e9ddb52f8458a36d73a989c1985c2965e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:48:b0:8f:c6:3a:6c:45:03:8a:89:6e:4b:dd:
                    6c:71:6b:2f:b7:30:94:08:50:34:f5:ef:ec:67:58:
                    56:cc:f9:d4:29:4c:98:bb:2f:8f:04:48:83:e6:77:
                    c8:7f:17:f8:40:a0:87:a6:ab:79:b0:42:3b:af:06:
                    97:8b:9c:63:f0:4d:8f:9b:a2:17:d8:ce:f1:16:5b:
                    f2:3c:3d:3b:12:19:70:fb:bb:3a:5c:3a:4c:65:11:
                    dd:75:29:f9:7c:67:95:fd:ad:0c:48:c0:a1:3c:1e:
                    d0:45:37:c7:4c:8e:c3:5b:4f:9c:2f:65:da:57:32:
                    2f:d2:24:f8:13:de:df:1f:18:78:2d:93:6d:2d:ef:
                    5d:ec:62:7d:2a:d9:b6:70:46:95:07:00:ac:d5:11:
                    23:6d:64:54:1a:c4:5a:2d:35:34:d1:8f:8c:28:86:
                    b8:23:df:b8:93:4c:c3:3a:90:41:22:2b:f0:74:59:
                    87:64:96:83:0f:39:da:85:04:c3:6d:d1:ee:6f:d7:
                    ac:f6:e5:fb:1f:7b:77:f2:fa:de:f2:03:15:fa:13:
                    d4:38:30:66:ca:a2:5c:f4:0f:a1:f1:31:2a:1b:5d:
                    ca:4f:cf:ba:7f:f7:72:0e:aa:ac:07:74:c5:c1:04:
                    5b:da:e2:70:f4:f8:a1:7f:2a:59:4d:e4:8c:1a:e6:
                    ea:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:77:7E:9D:DB:52:F8:45:8A:36:D7:3A:98:9C:19:85:C2:96:5E:11
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/M3d-ndtS-EWKNtc6mJwZhcKWXhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:a8:b9:24:43:d4:41:65:fd:b7:96:a1:12:3b:cc:d3:f8:b5:
         0f:a1:f9:d0:11:0d:56:37:15:f1:1c:45:3b:2b:67:13:ad:0e:
         22:98:dd:72:b8:ba:6b:85:03:25:d6:80:c8:77:c7:0a:4f:1a:
         e8:42:fc:83:96:89:94:ac:52:ca:c3:66:62:99:ff:2d:b7:62:
         d2:2f:57:4f:59:c7:46:16:d2:ed:cd:43:f9:72:fb:d9:67:5a:
         3d:bb:83:09:2d:1f:ab:e2:92:0a:22:36:2c:e4:26:df:a6:46:
         9e:d5:d3:31:dd:37:a9:6a:85:13:b7:98:2c:e8:97:27:25:80:
         a4:2c:bb:d4:40:aa:b2:2e:1b:24:79:6c:61:db:0c:d8:e3:ac:
         31:8e:3b:ac:5d:2c:62:2f:e1:53:09:e0:70:61:66:8d:e4:3f:
         15:8d:ce:a9:34:54:ee:b4:0b:43:3d:7d:2c:cb:13:96:99:ee:
         d4:31:d4:26:b6:f6:91:62:c1:02:74:58:ae:f3:bd:8a:cd:68:
         13:c3:40:2c:35:95:78:9c:73:1a:ad:b2:71:ea:3d:f5:d6:d2:
         a9:b6:3d:62:af:d3:c7:58:a0:05:10:ce:f6:7c:82:90:cc:05:
         1e:fd:71:cd:16:94:d8:fd:de:ab:1f:cf:4f:0b:f6:7a:4b:1c:
         df:0c:ce:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8j5GHo3mKjY4hBbgRZiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjYwMTAyMTgyMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc3N2U5ZGRiNTJmODQ1OGEzNmQ3M2E5ODljMTk4NWMyOTY1ZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Uiwj8Y6bEUDioluS91scWsvtzCU
CFA09e/sZ1hWzPnUKUyYuy+PBEiD5nfIfxf4QKCHpqt5sEI7rwaXi5xj8E2Pm6IX
2M7xFlvyPD07Ehlw+7s6XDpMZRHddSn5fGeV/a0MSMChPB7QRTfHTI7DW0+cL2Xa
VzIv0iT4E97fHxh4LZNtLe9d7GJ9Ktm2cEaVBwCs1REjbWRUGsRaLTU00Y+MKIa4
I9+4k0zDOpBBIivwdFmHZJaDDznahQTDbdHub9es9uX7H3t38vre8gMV+hPUODBm
yqJc9A+h8TEqG13KT8+6f/dyDqqsB3TFwQRb2uJw9PihfypZTeSMGubqcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDN3fp3bUvhFijbXOpicGYXCll4RMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvTTNkLW5kdFMtRVdLTnRjNm1Kd1poY0tXWGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlfMA0G
CSqGSIb3DQEBCwUAA4IBAQCjqLkkQ9RBZf23lqESO8zT+LUPofnQEQ1WNxXxHEU7
K2cTrQ4imN1yuLprhQMl1oDId8cKTxroQvyDlomUrFLKw2Zimf8tt2LSL1dPWcdG
FtLtzUP5cvvZZ1o9u4MJLR+r4pIKIjYs5Cbfpkae1dMx3TepaoUTt5gs6JcnJYCk
LLvUQKqyLhskeWxh2wzY46wxjjusXSxiL+FTCeBwYWaN5D8Vjc6pNFTutAtDPX0s
yxOWme7UMdQmtvaRYsECdFiu872KzWgTw0AsNZV4nHMarbJx6j311tKptj1ir9PH
WKAFEM72fIKQzAUe/XHNFpTY/d6rH89PC/Z6SxzfDM59
-----END CERTIFICATE-----