This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/nUQG3vVMD7WFpDWiG0W1IymBVlU.roa
File:                     nUQG3vVMD7WFpDWiG0W1IymBVlU.roa (raw, json)
Hash identifier:          EHlmhx+RyBOq9teHa0Af8FNOADjMaSQN2EK+hlsZ4oQ=
Subject key identifier:   9D:44:06:DE:F5:4C:0F:B5:85:A4:35:A2:1B:45:B5:23:29:81:56:55
Certificate issuer:       /CN=603831a61bc8a8f4cb85887022fb6f86397345dc
Certificate serial:       019B7C131B9644F53D952D0D12073596D096
Authority key identifier: 60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/nUQG3vVMD7WFpDWiG0W1IymBVlU.roa
Signing time:             Fri 02 Jan 2026 00:19:45 +0000
ROA not before:           Fri 02 Jan 2026 00:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.34.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:20:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:1b:96:44:f5:3d:95:2d:0d:12:07:35:96:d0:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=603831a61bc8a8f4cb85887022fb6f86397345dc
        Validity
            Not Before: Jan  2 00:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d4406def54c0fb585a435a21b45b52329815655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e3:7f:5d:bf:eb:8b:df:1f:b9:6e:5f:46:32:
                    17:aa:10:3a:18:b9:8d:04:71:1c:19:5d:48:05:8a:
                    b5:91:a2:58:60:ab:bd:ec:1d:d7:c2:f4:ec:5f:99:
                    f4:92:73:8c:d1:a3:51:21:43:0b:32:f1:16:1e:85:
                    aa:c6:b5:17:cc:95:44:9a:d2:fa:be:2f:3d:5a:ae:
                    00:be:93:b6:4b:52:0f:da:49:0b:75:0e:41:38:2e:
                    e0:6e:cf:9b:ac:0e:23:0e:50:9e:2b:ec:99:11:03:
                    ca:79:bd:ef:f0:c5:ae:2c:11:53:8a:62:48:c0:0f:
                    b9:cb:ae:d4:09:35:1b:c1:a9:11:71:b0:bc:b3:9b:
                    df:4d:13:8e:ca:d0:72:8a:9f:df:b1:cd:5c:f2:85:
                    c9:b7:ca:71:c8:00:b5:7a:f9:d0:9b:06:cd:17:db:
                    33:ff:d6:7c:7c:af:dd:d4:b3:9d:bb:c4:3b:2c:39:
                    2f:2f:7f:58:5e:cf:c3:aa:57:78:9d:da:d7:78:87:
                    04:44:94:e0:5e:e5:10:58:40:5c:62:2b:68:d8:dd:
                    93:78:f1:b1:13:37:1e:40:ac:4b:bb:95:3a:ef:06:
                    3d:6f:3c:82:5c:4d:df:1c:c2:f3:96:16:53:64:25:
                    cd:19:d6:b6:0f:27:38:60:d6:b6:0f:6e:b2:e0:af:
                    7e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:44:06:DE:F5:4C:0F:B5:85:A4:35:A2:1B:45:B5:23:29:81:56:55
            X509v3 Authority Key Identifier:
                keyid:60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/nUQG3vVMD7WFpDWiG0W1IymBVlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ab:a6:c2:11:f4:f6:ed:8c:ce:9e:1f:40:6f:55:c3:00:7d:
         ad:da:2e:14:34:29:8d:8c:da:96:5d:7b:e2:f0:ad:8f:45:50:
         c1:cd:88:13:9f:7d:2f:e0:78:da:ca:4e:22:64:5c:d8:dd:38:
         dc:5d:36:f4:b6:48:1c:8b:ac:72:92:96:f8:3a:11:43:01:6a:
         8c:d2:48:2a:05:fd:fa:4b:72:d3:64:64:7a:12:46:c4:5a:12:
         0b:72:d8:e2:f1:c2:80:4f:7c:af:b5:a2:81:35:6e:8f:08:15:
         77:dd:9f:63:ed:c3:3c:9b:01:d0:f3:5f:9b:bf:36:f7:17:65:
         6f:e7:bf:6d:3f:5e:d1:b9:ef:68:cc:a9:3d:aa:eb:43:1e:b8:
         36:bb:b0:82:ac:bf:5f:d8:c2:75:30:ea:ee:9b:4a:98:d1:17:
         9f:9b:14:5d:7f:27:aa:aa:e1:50:46:6f:6f:38:10:f5:1c:d7:
         4a:dd:a0:c4:3b:25:38:49:c2:27:f3:c8:5f:ac:65:83:ba:d6:
         3c:ed:3d:a6:35:23:be:d7:fe:88:aa:62:95:f9:05:9e:de:e6:
         8f:6b:ea:53:5d:22:77:b8:f2:97:8a:c9:51:37:2b:90:06:53:
         77:00:03:e5:c6:dc:27:2b:7b:29:0a:97:2f:a9:c6:b9:c7:d4:
         8a:55:95:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ExuWRPU9lS0NEgc1ltCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzgzMWE2MWJjOGE4ZjRjYjg1ODg3MDIyZmI2Zjg2Mzk3
MzQ1ZGMwHhcNMjYwMTAyMDAxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQ0MDZkZWY1NGMwZmI1ODVhNDM1YTIxYjQ1YjUyMzI5ODE1NjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlON/Xb/ri98fuW5fRjIXqhA6GLmN
BHEcGV1IBYq1kaJYYKu97B3XwvTsX5n0knOM0aNRIUMLMvEWHoWqxrUXzJVEmtL6
vi89Wq4AvpO2S1IP2kkLdQ5BOC7gbs+brA4jDlCeK+yZEQPKeb3v8MWuLBFTimJI
wA+5y67UCTUbwakRcbC8s5vfTROOytByip/fsc1c8oXJt8pxyAC1evnQmwbNF9sz
/9Z8fK/d1LOdu8Q7LDkvL39YXs/Dqld4ndrXeIcERJTgXuUQWEBcYito2N2TePGx
EzceQKxLu5U67wY9bzyCXE3fHMLzlhZTZCXNGda2Dyc4YNa2D26y4K9+XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1EBt71TA+1haQ1ohtFtSMpgVZVMB8GA1UdIwQY
MBaAFGA4MaYbyKj0y4WIcCL7b4Y5c0XcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYt
OTgwODU0NTkzM2M5LzEvblVRRzN2Vk1EN1dGcERXaUcwVzFJeW1CVmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYtOTgwODU0NTkzM2M5
LzEvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSLjMA0G
CSqGSIb3DQEBCwUAA4IBAQCDq6bCEfT27YzOnh9Ab1XDAH2t2i4UNCmNjNqWXXvi
8K2PRVDBzYgTn30v4Hjayk4iZFzY3TjcXTb0tkgci6xykpb4OhFDAWqM0kgqBf36
S3LTZGR6EkbEWhILctji8cKAT3yvtaKBNW6PCBV33Z9j7cM8mwHQ81+bvzb3F2Vv
579tP17Rue9ozKk9qutDHrg2u7CCrL9f2MJ1MOrum0qY0RefmxRdfyeqquFQRm9v
OBD1HNdK3aDEOyU4ScIn88hfrGWDutY87T2mNSO+1/6IqmKV+QWe3uaPa+pTXSJ3
uPKXislRNyuQBlN3AAPlxtwnK3spCpcvqca5x9SKVZV9
-----END CERTIFICATE-----