This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/3ozsuY79It-DMdWFEyLhstJbsHI.roa
File:                     3ozsuY79It-DMdWFEyLhstJbsHI.roa (raw, json)
Hash identifier:          zjtvqxxsFQq22pHgPm5ML4HBHgnWmrbjfRUKAtA9O/c=
Subject key identifier:   DE:8C:EC:B9:8E:FD:22:DF:83:31:D5:85:13:22:E1:B2:D2:5B:B0:72
Certificate issuer:       /CN=3ca447fd0979b8a989355c354d304d114d20727a
Certificate serial:       019B7834EB57EE9FAEF2B712D6E42C398836
Authority key identifier: 3C:A4:47:FD:09:79:B8:A9:89:35:5C:35:4D:30:4D:11:4D:20:72:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PKRH_Ql5uKmJNVw1TTBNEU0gcno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/3ozsuY79It-DMdWFEyLhstJbsHI.roa
Signing time:             Thu 01 Jan 2026 06:18:12 +0000
ROA not before:           Thu 01 Jan 2026 06:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205425
IP address blocks:        194.49.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/PKRH_Ql5uKmJNVw1TTBNEU0gcno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/PKRH_Ql5uKmJNVw1TTBNEU0gcno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PKRH_Ql5uKmJNVw1TTBNEU0gcno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:eb:57:ee:9f:ae:f2:b7:12:d6:e4:2c:39:88:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ca447fd0979b8a989355c354d304d114d20727a
        Validity
            Not Before: Jan  1 06:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de8cecb98efd22df8331d5851322e1b2d25bb072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:04:57:01:72:05:77:ac:f5:79:db:b8:12:76:
                    24:f9:ea:a5:8c:5c:6e:4c:d3:98:04:75:6e:96:36:
                    9a:69:37:5c:b8:da:71:89:5d:a5:87:c3:02:6e:1e:
                    23:23:6b:3b:b8:b9:5d:93:87:01:d4:f3:fc:57:47:
                    03:a7:f1:c2:77:0f:58:28:cc:30:4c:35:ef:e7:19:
                    49:9a:dd:a9:cd:24:4f:32:54:68:5b:ac:75:11:4d:
                    2c:31:f2:1e:94:aa:15:df:e7:b6:14:3b:10:ce:be:
                    09:17:65:21:78:e8:8c:3a:98:fb:1e:3e:63:0a:3b:
                    10:32:7e:64:e4:d6:fb:a5:00:ab:5b:6e:58:c4:de:
                    75:c5:4c:8d:be:44:dd:3f:f5:50:75:00:3a:58:91:
                    e2:82:27:5b:41:de:92:db:6e:00:85:7b:6d:dd:a6:
                    a7:8b:ee:ca:ed:59:0b:3c:69:cd:6a:87:ae:6f:44:
                    dd:67:92:79:77:6c:c9:d1:a6:5c:94:ab:48:66:cf:
                    85:7b:e6:0d:3b:16:d8:a6:c8:e2:c3:db:44:6f:12:
                    93:5c:48:2b:ed:4e:45:7e:15:40:47:1e:18:b2:05:
                    a2:68:f2:f4:f1:88:1e:2a:65:8f:10:b4:2c:a5:44:
                    01:91:aa:6e:6f:b5:bd:fd:19:a7:75:7b:cb:19:ea:
                    8a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:8C:EC:B9:8E:FD:22:DF:83:31:D5:85:13:22:E1:B2:D2:5B:B0:72
            X509v3 Authority Key Identifier:
                keyid:3C:A4:47:FD:09:79:B8:A9:89:35:5C:35:4D:30:4D:11:4D:20:72:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PKRH_Ql5uKmJNVw1TTBNEU0gcno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/3ozsuY79It-DMdWFEyLhstJbsHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/PKRH_Ql5uKmJNVw1TTBNEU0gcno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:2e:b0:11:95:94:6f:68:25:13:4d:9f:bf:12:43:fc:ce:e7:
         65:58:50:9a:c6:ee:47:e9:7b:82:7d:ab:11:65:a2:86:d0:4b:
         5f:4f:42:d7:ef:08:17:b5:e5:d7:68:5b:e2:d8:4f:88:1e:2b:
         a9:ed:50:51:a0:27:05:3b:fb:88:c1:3d:b1:2e:b9:d9:9b:f8:
         15:c3:da:68:44:58:e9:c1:dc:52:f1:6e:3d:3e:ba:ff:78:bf:
         cf:b3:65:c0:41:ba:7d:b0:e8:e8:d0:fb:2d:2d:b2:90:bd:b0:
         32:43:6c:1e:a6:8b:ac:58:83:00:8d:98:af:58:a5:c8:06:de:
         64:9d:bb:28:78:3a:f6:c6:ad:de:ea:f0:e1:4d:f5:2f:62:2d:
         67:2d:18:53:9e:38:fd:ef:75:9f:e2:36:c6:10:9c:1d:b4:b6:
         c5:20:1c:02:24:56:a8:3d:7c:24:c9:be:71:70:bf:0d:1b:7c:
         59:71:75:48:4c:ee:13:1f:36:d6:81:58:72:d4:33:68:d3:c7:
         d5:e3:d1:c1:14:b1:a8:ea:e2:dd:35:4a:80:01:e1:ac:d5:d0:
         b9:1c:c0:e7:53:4f:6d:f7:ea:5d:42:60:9e:59:f1:9a:4e:f3:
         80:d9:d9:e5:55:b7:b6:6a:dc:5a:93:f8:c2:83:1f:8a:6d:c9:
         ea:56:af:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NOtX7p+u8rcS1uQsOYg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYTQ0N2ZkMDk3OWI4YTk4OTM1NWMzNTRkMzA0ZDExNGQy
MDcyN2EwHhcNMjYwMTAxMDYxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThjZWNiOThlZmQyMmRmODMzMWQ1ODUxMzIyZTFiMmQyNWJiMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wRXAXIFd6z1edu4EnYk+eqljFxu
TNOYBHVuljaaaTdcuNpxiV2lh8MCbh4jI2s7uLldk4cB1PP8V0cDp/HCdw9YKMww
TDXv5xlJmt2pzSRPMlRoW6x1EU0sMfIelKoV3+e2FDsQzr4JF2UheOiMOpj7Hj5j
CjsQMn5k5Nb7pQCrW25YxN51xUyNvkTdP/VQdQA6WJHigidbQd6S224AhXtt3aan
i+7K7VkLPGnNaoeub0TdZ5J5d2zJ0aZclKtIZs+Fe+YNOxbYpsjiw9tEbxKTXEgr
7U5FfhVARx4YsgWiaPL08YgeKmWPELQspUQBkapub7W9/RmndXvLGeqK8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6M7LmO/SLfgzHVhRMi4bLSW7ByMB8GA1UdIwQY
MBaAFDykR/0JebipiTVcNU0wTRFNIHJ6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEtSSF9RbDV1S21KTlZ3MVRUQk5FVTBnY25vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9iNWEwOGYtZDlmOC00MzJkLWJhNGIt
YTZlZjc1MmM2ZGMyLzEvM296c3VZNzlJdC1ETWRXRkV5TGhzdEpic0hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9iNWEwOGYtZDlmOC00MzJkLWJhNGItYTZlZjc1MmM2ZGMy
LzEvUEtSSF9RbDV1S21KTlZ3MVRUQk5FVTBnY25vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjFcMA0G
CSqGSIb3DQEBCwUAA4IBAQAHLrARlZRvaCUTTZ+/EkP8zudlWFCaxu5H6XuCfasR
ZaKG0EtfT0LX7wgXteXXaFvi2E+IHiup7VBRoCcFO/uIwT2xLrnZm/gVw9poRFjp
wdxS8W49Prr/eL/Ps2XAQbp9sOjo0PstLbKQvbAyQ2wepousWIMAjZivWKXIBt5k
nbsoeDr2xq3e6vDhTfUvYi1nLRhTnjj973Wf4jbGEJwdtLbFIBwCJFaoPXwkyb5x
cL8NG3xZcXVITO4THzbWgVhy1DNo08fV49HBFLGo6uLdNUqAAeGs1dC5HMDnU09t
9+pdQmCeWfGaTvOA2dnlVbe2atxak/jCgx+KbcnqVq+c
-----END CERTIFICATE-----