This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/3R5g76dVvoZ3hbqttjNUSKbFIB0.roa
File:                     3R5g76dVvoZ3hbqttjNUSKbFIB0.roa (raw, json)
Hash identifier:          rtDmg5+SMVya5wLcSYnXovjRonU3uTPe2cR9Qa4/bgU=
Subject key identifier:   DD:1E:60:EF:A7:55:BE:86:77:85:BA:AD:B6:33:54:48:A6:C5:20:1D
Certificate issuer:       /CN=4303f1334d75ac432c0caa78d389a70c09c12ca6
Certificate serial:       019B7C7FF549B9C44BBCA2BA3F2FD9B1717E
Authority key identifier: 43:03:F1:33:4D:75:AC:43:2C:0C:AA:78:D3:89:A7:0C:09:C1:2C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwPxM011rEMsDKp404mnDAnBLKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/3R5g76dVvoZ3hbqttjNUSKbFIB0.roa
Signing time:             Fri 02 Jan 2026 02:18:39 +0000
ROA not before:           Fri 02 Jan 2026 02:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21022
IP address blocks:        193.138.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/QwPxM011rEMsDKp404mnDAnBLKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/QwPxM011rEMsDKp404mnDAnBLKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QwPxM011rEMsDKp404mnDAnBLKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 17:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:f5:49:b9:c4:4b:bc:a2:ba:3f:2f:d9:b1:71:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4303f1334d75ac432c0caa78d389a70c09c12ca6
        Validity
            Not Before: Jan  2 02:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd1e60efa755be867785baadb6335448a6c5201d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4d:90:80:6a:cd:76:4b:fe:cd:98:a6:c2:7a:
                    02:e0:55:2a:62:0d:1c:ff:ef:ca:bb:15:b5:7f:83:
                    cc:0a:59:09:62:28:b3:91:93:b5:cc:a4:8b:7a:53:
                    d6:e0:a5:87:00:5c:67:25:2e:1d:37:8c:e2:31:37:
                    d0:07:c8:2c:d3:57:81:b3:da:fe:a8:85:66:63:13:
                    99:be:b5:2d:d7:2f:70:d1:54:4b:cd:85:b7:ab:d3:
                    d6:18:2a:cc:85:c5:e8:50:9d:89:67:db:ed:dc:94:
                    34:c0:15:d9:99:94:7c:be:c2:90:54:3f:4b:e6:43:
                    7b:73:3a:14:40:95:0c:2c:5b:f0:f1:8d:55:55:65:
                    7d:e2:80:a1:65:97:c4:b5:16:6e:e0:f5:8d:29:04:
                    9b:c0:96:02:b3:73:8b:b8:e0:04:1a:a8:a2:f6:13:
                    c9:6f:f3:3f:1f:12:18:1d:f7:c8:0f:46:fa:dd:a1:
                    7b:82:5b:89:5d:a1:97:07:04:30:73:e8:ab:55:8b:
                    91:8c:1e:28:f2:ad:c4:8e:5b:91:81:12:c7:db:71:
                    a3:a9:88:ca:89:ba:4b:b9:79:c1:24:02:2f:7a:3f:
                    ec:9c:b5:d6:c8:28:cc:b9:cf:62:b6:7d:da:52:7b:
                    be:35:bc:d2:a2:86:58:27:98:94:20:5b:1e:19:c6:
                    07:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:1E:60:EF:A7:55:BE:86:77:85:BA:AD:B6:33:54:48:A6:C5:20:1D
            X509v3 Authority Key Identifier:
                keyid:43:03:F1:33:4D:75:AC:43:2C:0C:AA:78:D3:89:A7:0C:09:C1:2C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwPxM011rEMsDKp404mnDAnBLKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/3R5g76dVvoZ3hbqttjNUSKbFIB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/QwPxM011rEMsDKp404mnDAnBLKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:61:8a:9d:8c:52:d5:33:5b:bd:56:e9:90:58:19:0c:da:49:
         7d:76:58:ec:da:7b:2f:36:e2:53:f4:32:25:28:a9:16:f8:db:
         b3:7c:6e:4a:db:26:8d:74:e9:de:5b:ee:c2:cb:45:c3:7a:cc:
         22:2b:39:3f:60:52:b2:16:da:96:cf:6f:6c:f1:25:67:7a:f4:
         5f:5d:87:79:e4:3a:c3:22:d5:21:70:ec:f5:17:0c:0d:95:f2:
         d1:8f:a0:82:a9:49:1f:ca:6d:25:98:c5:94:95:60:bc:8e:12:
         2a:89:b6:57:8e:b5:d1:4f:8a:e7:0c:e9:44:9c:5f:ea:31:3f:
         df:c2:56:a6:f8:a7:d9:51:8d:a4:47:7b:68:e5:48:18:9f:e4:
         a6:6f:63:b4:d2:15:ed:7e:7d:17:94:65:2e:49:36:a3:64:ee:
         3c:41:d0:a6:07:fb:27:7d:9e:8e:6b:c8:9c:5e:ef:e1:6a:02:
         16:77:7a:31:26:94:9a:99:51:e7:57:61:41:21:9d:1d:2f:75:
         1c:49:dd:12:5f:ff:60:41:23:cc:85:c8:a7:a1:39:da:9c:eb:
         28:ae:36:56:21:34:27:eb:d8:71:d7:86:b2:56:da:3f:95:a0:
         b0:d5:8d:91:dd:1b:86:88:c6:ce:34:ce:e2:cd:e9:6e:8e:72:
         56:15:ce:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f/VJucRLvKK6Py/ZsXF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDNmMTMzNGQ3NWFjNDMyYzBjYWE3OGQzODlhNzBjMDlj
MTJjYTYwHhcNMjYwMTAyMDIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDFlNjBlZmE3NTViZTg2Nzc4NWJhYWRiNjMzNTQ0OGE2YzUyMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzk2QgGrNdkv+zZimwnoC4FUqYg0c
/+/KuxW1f4PMClkJYiizkZO1zKSLelPW4KWHAFxnJS4dN4ziMTfQB8gs01eBs9r+
qIVmYxOZvrUt1y9w0VRLzYW3q9PWGCrMhcXoUJ2JZ9vt3JQ0wBXZmZR8vsKQVD9L
5kN7czoUQJUMLFvw8Y1VVWV94oChZZfEtRZu4PWNKQSbwJYCs3OLuOAEGqii9hPJ
b/M/HxIYHffID0b63aF7gluJXaGXBwQwc+irVYuRjB4o8q3EjluRgRLH23GjqYjK
ibpLuXnBJAIvej/snLXWyCjMuc9itn3aUnu+NbzSooZYJ5iUIFseGcYHAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0eYO+nVb6Gd4W6rbYzVEimxSAdMB8GA1UdIwQY
MBaAFEMD8TNNdaxDLAyqeNOJpwwJwSymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdQeE0wMTFyRU1zREtwNDA0bW5EQW5CTEtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80MzgwMDgtMzM4ZC00YzMxLTk3YzUt
NGNiOTcwNzZjZmYyLzEvM1I1Zzc2ZFZ2b1ozaGJxdHRqTlVTS2JGSUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80MzgwMDgtMzM4ZC00YzMxLTk3YzUtNGNiOTcwNzZjZmYy
LzEvUXdQeE0wMTFyRU1zREtwNDA0bW5EQW5CTEtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYpjMA0G
CSqGSIb3DQEBCwUAA4IBAQAoYYqdjFLVM1u9VumQWBkM2kl9dljs2nsvNuJT9DIl
KKkW+NuzfG5K2yaNdOneW+7Cy0XDeswiKzk/YFKyFtqWz29s8SVnevRfXYd55DrD
ItUhcOz1FwwNlfLRj6CCqUkfym0lmMWUlWC8jhIqibZXjrXRT4rnDOlEnF/qMT/f
wlam+KfZUY2kR3to5UgYn+Smb2O00hXtfn0XlGUuSTajZO48QdCmB/snfZ6Oa8ic
Xu/hagIWd3oxJpSamVHnV2FBIZ0dL3UcSd0SX/9gQSPMhcinoTnanOsorjZWITQn
69hx14ayVto/laCw1Y2R3RuGiMbONM7izelujnJWFc7P
-----END CERTIFICATE-----