This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/3BHr6J86i1nd7sPGUlUbY2_YEaU.roa
File:                     3BHr6J86i1nd7sPGUlUbY2_YEaU.roa (raw, json)
Hash identifier:          ta+5BOP0BbP5GuV/znqiWEjaRRUHuZbw6F434Y3PEM0=
Subject key identifier:   DC:11:EB:E8:9F:3A:8B:59:DD:EE:C3:C6:52:55:1B:63:6F:D8:11:A5
Certificate issuer:       /CN=07a0486dc0b4ba730903788ff3f3f7c8249b921f
Certificate serial:       019B7EA653366FE509C0E4A3D0DEBD5B4C0A
Authority key identifier: 07:A0:48:6D:C0:B4:BA:73:09:03:78:8F:F3:F3:F7:C8:24:9B:92:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6BIbcC0unMJA3iP8_P3yCSbkh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/3BHr6J86i1nd7sPGUlUbY2_YEaU.roa
Signing time:             Fri 02 Jan 2026 12:19:48 +0000
ROA not before:           Fri 02 Jan 2026 12:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3223
IP address blocks:        185.246.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/B6BIbcC0unMJA3iP8_P3yCSbkh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/B6BIbcC0unMJA3iP8_P3yCSbkh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6BIbcC0unMJA3iP8_P3yCSbkh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:53:36:6f:e5:09:c0:e4:a3:d0:de:bd:5b:4c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a0486dc0b4ba730903788ff3f3f7c8249b921f
        Validity
            Not Before: Jan  2 12:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc11ebe89f3a8b59ddeec3c652551b636fd811a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:44:d0:30:f1:c1:34:d4:06:1c:36:f5:1a:9b:
                    cd:b6:ad:ac:84:5d:21:f5:f9:2f:30:b8:e1:9e:27:
                    30:28:83:85:d0:97:4b:2a:14:1d:d5:54:d9:56:ec:
                    23:de:25:33:ed:6f:07:a3:4c:7d:e6:c3:b0:0e:ed:
                    31:c2:f8:03:3a:9a:2b:33:97:d7:f1:24:0e:f2:9e:
                    c6:53:34:24:0b:38:e1:2d:09:f2:68:a4:a2:68:4a:
                    97:45:94:d6:f4:47:4e:92:f5:6b:fc:6c:32:8d:81:
                    5b:b9:11:ea:eb:f8:ae:7b:74:3d:e4:49:bd:29:5c:
                    fd:da:74:e0:57:25:16:ca:33:4d:63:12:08:3a:9e:
                    74:be:eb:c1:5b:21:2c:37:0b:d0:90:0f:99:ad:49:
                    d8:57:b6:0d:a6:a6:86:36:77:a8:6a:60:84:9d:17:
                    f2:fe:65:30:07:01:20:57:32:ae:55:e7:a8:b3:95:
                    ff:bd:08:ff:7a:f3:4b:e6:af:48:be:ca:f6:2e:1c:
                    69:d2:a6:81:99:fb:03:59:3c:b5:4f:2a:72:9f:bb:
                    5e:89:bb:c7:ec:8a:e6:8e:c4:bb:70:40:44:a1:30:
                    c3:b7:5a:98:fc:e0:48:19:69:f1:b1:1f:2f:aa:58:
                    d9:ec:64:b8:ff:ee:9a:b7:85:b0:73:ae:ab:0b:eb:
                    aa:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:11:EB:E8:9F:3A:8B:59:DD:EE:C3:C6:52:55:1B:63:6F:D8:11:A5
            X509v3 Authority Key Identifier:
                keyid:07:A0:48:6D:C0:B4:BA:73:09:03:78:8F:F3:F3:F7:C8:24:9B:92:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6BIbcC0unMJA3iP8_P3yCSbkh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/3BHr6J86i1nd7sPGUlUbY2_YEaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/B6BIbcC0unMJA3iP8_P3yCSbkh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:50:d9:f6:94:4c:02:72:23:51:9d:06:51:a4:1e:3e:77:ab:
         82:fc:c4:23:0b:95:f1:96:d1:7a:5c:63:9f:4c:1a:22:fa:7f:
         ff:77:5c:cf:4a:f0:31:cd:ba:0e:59:5e:cd:ba:41:cf:44:e4:
         ce:00:71:40:85:1e:40:82:8b:78:66:5f:f0:a5:7c:cf:54:52:
         02:06:a6:d9:5a:cc:71:66:b3:0f:e9:79:ab:82:cc:d7:09:0e:
         a1:6e:10:7f:8c:51:89:eb:0c:b5:a5:28:68:29:c8:3d:59:95:
         63:c0:c3:54:d1:5d:63:7d:81:92:66:fc:b5:4b:75:c4:08:c6:
         b5:23:19:c2:9e:08:31:32:cb:d7:fd:5f:2d:27:9a:c4:b3:c9:
         6b:d7:23:c9:da:1b:4d:0b:cd:58:3f:25:84:74:98:01:29:3e:
         13:4c:31:ee:8d:3b:01:ee:28:64:8d:47:f2:51:b9:d5:76:13:
         4e:da:57:e6:bc:d1:b0:5c:44:8c:ab:c8:94:38:83:78:6e:4f:
         08:47:6e:ea:e1:c4:08:7c:dc:6f:bc:af:bf:88:f7:1c:3c:38:
         57:e0:50:a4:72:bc:ee:8e:28:35:25:da:2d:12:ac:64:c5:e7:
         4d:4c:43:d6:70:8c:f5:94:38:63:27:57:e7:ba:c0:6d:7a:ab:
         c8:41:92:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+plM2b+UJwOSj0N69W0wKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTA0ODZkYzBiNGJhNzMwOTAzNzg4ZmYzZjNmN2M4MjQ5
YjkyMWYwHhcNMjYwMTAyMTIxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzExZWJlODlmM2E4YjU5ZGRlZWMzYzY1MjU1MWI2MzZmZDgxMWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UTQMPHBNNQGHDb1GpvNtq2shF0h
9fkvMLjhnicwKIOF0JdLKhQd1VTZVuwj3iUz7W8Ho0x95sOwDu0xwvgDOporM5fX
8SQO8p7GUzQkCzjhLQnyaKSiaEqXRZTW9EdOkvVr/GwyjYFbuRHq6/iue3Q95Em9
KVz92nTgVyUWyjNNYxIIOp50vuvBWyEsNwvQkA+ZrUnYV7YNpqaGNneoamCEnRfy
/mUwBwEgVzKuVeeos5X/vQj/evNL5q9Ivsr2Lhxp0qaBmfsDWTy1Typyn7teibvH
7IrmjsS7cEBEoTDDt1qY/OBIGWnxsR8vqljZ7GS4/+6at4Wwc66rC+uqDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwR6+ifOotZ3e7DxlJVG2Nv2BGlMB8GA1UdIwQY
MBaAFAegSG3AtLpzCQN4j/Pz98gkm5IfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZCSWJjQzB1bk1KQTNpUDhfUDN5Q1Nia2g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NmNjOTEtYmE2Mi00MDM3LWI1N2Yt
NmJkZGIzMTdlNzhiLzEvM0JIcjZKODZpMW5kN3NQR1VsVWJZMl9ZRWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NmNjOTEtYmE2Mi00MDM3LWI1N2YtNmJkZGIzMTdlNzhi
LzEvQjZCSWJjQzB1bk1KQTNpUDhfUDN5Q1Nia2g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBAUNn2lEwCciNRnQZRpB4+d6uC/MQjC5XxltF6XGOf
TBoi+n//d1zPSvAxzboOWV7NukHPROTOAHFAhR5Agot4Zl/wpXzPVFICBqbZWsxx
ZrMP6XmrgszXCQ6hbhB/jFGJ6wy1pShoKcg9WZVjwMNU0V1jfYGSZvy1S3XECMa1
IxnCnggxMsvX/V8tJ5rEs8lr1yPJ2htNC81YPyWEdJgBKT4TTDHujTsB7ihkjUfy
UbnVdhNO2lfmvNGwXESMq8iUOIN4bk8IR27q4cQIfNxvvK+/iPccPDhX4FCkcrzu
jig1JdotEqxkxedNTEPWcIz1lDhjJ1fnusBteqvIQZL5
-----END CERTIFICATE-----