This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/a3a708-c669-477f-9d3b-e5fa350f8fa8/1/o3IVsTtHp4LvNCkM3vhyjfWuFnU.roa
File:                     o3IVsTtHp4LvNCkM3vhyjfWuFnU.roa (raw, json)
Hash identifier:          lY2LMXKbJT6BlB/lSBYqcfLveqU3+U+eDmIrpngNEak=
Subject key identifier:   A3:72:15:B1:3B:47:A7:82:EF:34:29:0C:DE:F8:72:8D:F5:AE:16:75
Certificate issuer:       /CN=f60707f287a2309beecbb852ee40aa831b9e7866
Certificate serial:       019B7BA52C0B6FB604D123C5A036E96C9B7A
Authority key identifier: F6:07:07:F2:87:A2:30:9B:EE:CB:B8:52:EE:40:AA:83:1B:9E:78:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9gcH8oeiMJvuy7hS7kCqgxueeGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/a3a708-c669-477f-9d3b-e5fa350f8fa8/1/o3IVsTtHp4LvNCkM3vhyjfWuFnU.roa
Signing time:             Thu 01 Jan 2026 22:19:40 +0000
ROA not before:           Thu 01 Jan 2026 22:19:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43736
IP address blocks:        91.195.144.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/a3a708-c669-477f-9d3b-e5fa350f8fa8/1/9gcH8oeiMJvuy7hS7kCqgxueeGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/a3a708-c669-477f-9d3b-e5fa350f8fa8/1/9gcH8oeiMJvuy7hS7kCqgxueeGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9gcH8oeiMJvuy7hS7kCqgxueeGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:2c:0b:6f:b6:04:d1:23:c5:a0:36:e9:6c:9b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f60707f287a2309beecbb852ee40aa831b9e7866
        Validity
            Not Before: Jan  1 22:19:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a37215b13b47a782ef34290cdef8728df5ae1675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:13:2b:53:fa:05:61:c3:3b:35:ec:86:64:6f:
                    22:37:89:9c:0a:a9:a7:c0:b6:e4:c8:78:02:ad:1c:
                    1c:ef:cc:3f:c5:1e:4c:d7:b5:50:2f:95:98:ad:c0:
                    fd:f0:ac:fb:cf:4b:6a:c2:85:b8:d7:2f:cc:6c:0e:
                    22:84:59:57:03:73:03:a6:a5:43:ba:b7:ca:bb:d3:
                    8d:ff:1e:11:5a:5f:73:fa:00:79:99:62:0c:7f:51:
                    26:20:39:6f:53:80:92:62:f5:24:f5:0c:a7:62:a8:
                    a8:01:6c:37:44:5e:51:74:78:79:f9:cb:fa:17:4c:
                    0c:67:1c:0e:5c:e9:05:45:7f:c1:9b:e5:3d:0e:7d:
                    2d:2e:c9:b3:ef:8d:40:bf:21:bf:34:d6:dc:75:62:
                    6a:8f:00:24:e8:22:ed:34:90:cd:12:25:66:d4:62:
                    43:e0:2b:c9:fa:8d:a1:c6:2a:b6:a7:3b:bd:16:8a:
                    f5:d7:f0:26:a1:4e:d0:c8:fb:0b:83:d2:60:f1:05:
                    f0:e9:0d:9a:a6:68:c7:c8:6d:51:7d:01:0d:4a:2b:
                    c6:a4:e9:21:11:eb:f5:0c:78:3d:6e:d3:43:78:34:
                    38:e7:2f:40:aa:e2:e1:53:8a:f1:3d:9c:84:2f:fe:
                    c5:ed:47:30:a0:d9:1f:43:12:22:03:56:d9:a4:40:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:72:15:B1:3B:47:A7:82:EF:34:29:0C:DE:F8:72:8D:F5:AE:16:75
            X509v3 Authority Key Identifier:
                keyid:F6:07:07:F2:87:A2:30:9B:EE:CB:B8:52:EE:40:AA:83:1B:9E:78:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9gcH8oeiMJvuy7hS7kCqgxueeGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a3a708-c669-477f-9d3b-e5fa350f8fa8/1/o3IVsTtHp4LvNCkM3vhyjfWuFnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a3a708-c669-477f-9d3b-e5fa350f8fa8/1/9gcH8oeiMJvuy7hS7kCqgxueeGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:18:bc:3b:13:6b:50:38:64:7f:d2:0d:dd:09:b7:8a:a7:62:
         dc:58:6a:3c:b0:02:2f:74:62:73:6b:05:7e:1e:f3:02:a4:7f:
         17:30:64:d1:56:4f:6d:7b:a7:46:bd:e5:47:e6:1e:e4:11:7f:
         85:ca:30:9c:5e:63:50:ee:e0:fd:23:25:83:8a:84:6f:33:1e:
         97:8a:a6:29:dd:e6:bc:ac:26:98:7c:47:ed:e3:27:62:0b:d1:
         fa:9a:0a:77:e1:a5:5b:ea:f0:99:87:9d:f0:c8:28:30:81:f4:
         82:f0:47:13:27:86:16:c3:3d:67:72:9c:39:9a:cd:4c:e4:6b:
         7a:76:5c:f3:21:0b:99:0c:d6:3e:3f:52:e8:31:e6:ce:5c:ff:
         0b:c2:17:20:37:ba:f9:91:b7:ec:92:76:e6:29:7a:ea:2c:14:
         b2:b0:17:2f:7c:e3:29:50:04:93:1f:cb:5e:49:40:0e:d1:a7:
         66:8d:83:be:62:bf:3a:b3:b1:42:4d:1e:2c:eb:7a:dc:f0:b5:
         75:99:ef:78:b3:fe:02:15:1e:02:16:1a:28:86:af:da:90:b9:
         78:d7:f4:fb:c2:33:c8:16:88:d3:41:9b:8b:52:58:89:95:52:
         46:48:8a:ba:a0:f6:6c:70:87:ef:9e:69:fe:1d:97:cd:27:0f:
         83:53:4c:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSwLb7YE0SPFoDbpbJt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDcwN2YyODdhMjMwOWJlZWNiYjg1MmVlNDBhYTgzMWI5
ZTc4NjYwHhcNMjYwMTAxMjIxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzcyMTViMTNiNDdhNzgyZWYzNDI5MGNkZWY4NzI4ZGY1YWUxNjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhMrU/oFYcM7NeyGZG8iN4mcCqmn
wLbkyHgCrRwc78w/xR5M17VQL5WYrcD98Kz7z0tqwoW41y/MbA4ihFlXA3MDpqVD
urfKu9ON/x4RWl9z+gB5mWIMf1EmIDlvU4CSYvUk9QynYqioAWw3RF5RdHh5+cv6
F0wMZxwOXOkFRX/Bm+U9Dn0tLsmz741AvyG/NNbcdWJqjwAk6CLtNJDNEiVm1GJD
4CvJ+o2hxiq2pzu9For11/AmoU7QyPsLg9Jg8QXw6Q2apmjHyG1RfQENSivGpOkh
Eev1DHg9btNDeDQ45y9AquLhU4rxPZyEL/7F7UcwoNkfQxIiA1bZpED4awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNyFbE7R6eC7zQpDN74co31rhZ1MB8GA1UdIwQY
MBaAFPYHB/KHojCb7su4Uu5AqoMbnnhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdjSDhvZWlNSnZ1eTdoUzdrQ3FneHVlZUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9hM2E3MDgtYzY2OS00NzdmLTlkM2It
ZTVmYTM1MGY4ZmE4LzEvbzNJVnNUdEhwNEx2TkNrTTN2aHlqZld1Rm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9hM2E3MDgtYzY2OS00NzdmLTlkM2ItZTVmYTM1MGY4ZmE4
LzEvOWdjSDhvZWlNSnZ1eTdoUzdrQ3FneHVlZUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8OQMA0G
CSqGSIb3DQEBCwUAA4IBAQB8GLw7E2tQOGR/0g3dCbeKp2LcWGo8sAIvdGJzawV+
HvMCpH8XMGTRVk9te6dGveVH5h7kEX+FyjCcXmNQ7uD9IyWDioRvMx6XiqYp3ea8
rCaYfEft4ydiC9H6mgp34aVb6vCZh53wyCgwgfSC8EcTJ4YWwz1ncpw5ms1M5Gt6
dlzzIQuZDNY+P1LoMebOXP8LwhcgN7r5kbfsknbmKXrqLBSysBcvfOMpUASTH8te
SUAO0admjYO+Yr86s7FCTR4s63rc8LV1me94s/4CFR4CFhoohq/akLl41/T7wjPI
FojTQZuLUliJlVJGSIq6oPZscIfvnmn+HZfNJw+DU0xR
-----END CERTIFICATE-----