This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/3f7cda-1062-4b7c-afd9-9d0dfd38d949/1/3ToCoWRbwQIxnoDHHaq-sPlgMyY.roa
File:                     3ToCoWRbwQIxnoDHHaq-sPlgMyY.roa (raw, json)
Hash identifier:          QcOyon6JbPWT+YBxjPmL38UPWGZe+8sOMVBjlq5tN+Q=
Subject key identifier:   DD:3A:02:A1:64:5B:C1:02:31:9E:80:C7:1D:AA:BE:B0:F9:60:33:26
Certificate issuer:       /CN=7515829b7f03411bbe21b1a200498ceebf5c06c0
Certificate serial:       019B40EFB3AD9291BC6B7A550ADF6E9D3F5B
Authority key identifier: 75:15:82:9B:7F:03:41:1B:BE:21:B1:A2:00:49:8C:EE:BF:5C:06:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dRWCm38DQRu-IbGiAEmM7r9cBsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/3f7cda-1062-4b7c-afd9-9d0dfd38d949/1/3ToCoWRbwQIxnoDHHaq-sPlgMyY.roa
Signing time:             Sun 21 Dec 2025 12:43:29 +0000
ROA not before:           Sun 21 Dec 2025 12:43:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205786
IP address blocks:        185.146.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/3f7cda-1062-4b7c-afd9-9d0dfd38d949/1/dRWCm38DQRu-IbGiAEmM7r9cBsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/3f7cda-1062-4b7c-afd9-9d0dfd38d949/1/dRWCm38DQRu-IbGiAEmM7r9cBsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dRWCm38DQRu-IbGiAEmM7r9cBsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Dec 2025 09:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:40:ef:b3:ad:92:91:bc:6b:7a:55:0a:df:6e:9d:3f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7515829b7f03411bbe21b1a200498ceebf5c06c0
        Validity
            Not Before: Dec 21 12:43:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd3a02a1645bc102319e80c71daabeb0f9603326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:40:68:7b:7b:b9:e2:4a:f9:ab:b3:01:fa:b6:
                    a0:36:8e:f5:df:d3:87:5b:06:2a:72:48:4a:2f:50:
                    2d:e8:9b:47:ef:09:0c:8e:84:54:db:ef:80:4c:c8:
                    9b:d5:1f:1f:58:be:c3:09:81:cc:0e:25:6d:2e:b1:
                    76:b4:83:ff:dd:ad:01:c1:a0:a7:13:b9:86:a7:5f:
                    cd:f6:d6:84:df:a6:66:0d:b4:06:09:aa:6f:58:02:
                    cb:4e:fd:27:b7:b6:1f:3e:54:80:9b:45:9c:c9:2d:
                    23:ad:d6:e7:c0:3d:8e:0c:10:34:e8:75:a3:d3:84:
                    d6:1e:68:65:b8:be:01:18:52:7a:dc:b4:38:92:09:
                    54:a9:23:f7:98:9e:6e:44:ce:df:56:91:97:3b:d9:
                    11:7a:ab:71:b0:34:bf:e2:3e:b4:99:66:84:56:bf:
                    5e:b2:1f:3c:ef:8e:76:06:66:4f:ec:5b:76:91:8b:
                    d8:82:bf:ca:35:b7:75:63:fc:ee:1d:3a:8e:d1:46:
                    86:ff:81:95:74:e8:d5:1b:c5:2a:cf:6e:33:67:7a:
                    ab:ce:26:68:cb:8b:73:78:36:dc:3b:83:69:93:c9:
                    99:b7:5b:2c:41:54:b6:ab:7b:63:7a:bd:24:6f:0f:
                    90:8b:04:14:77:32:6f:ae:b6:fc:9b:40:7e:7c:ca:
                    87:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:3A:02:A1:64:5B:C1:02:31:9E:80:C7:1D:AA:BE:B0:F9:60:33:26
            X509v3 Authority Key Identifier:
                keyid:75:15:82:9B:7F:03:41:1B:BE:21:B1:A2:00:49:8C:EE:BF:5C:06:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dRWCm38DQRu-IbGiAEmM7r9cBsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/3f7cda-1062-4b7c-afd9-9d0dfd38d949/1/3ToCoWRbwQIxnoDHHaq-sPlgMyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/3f7cda-1062-4b7c-afd9-9d0dfd38d949/1/dRWCm38DQRu-IbGiAEmM7r9cBsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:bd:e8:51:1e:df:91:f1:a9:e2:b3:1b:7e:8e:36:59:44:2f:
         84:18:a1:7d:11:d8:7d:dd:16:0b:15:b3:68:fa:61:c3:05:5c:
         87:e0:95:c5:84:51:bd:af:66:6b:9f:dc:49:a0:c7:7f:e6:60:
         db:69:1f:a0:36:9a:4f:ea:06:e1:c8:87:00:0f:e4:03:d2:e7:
         5a:b5:ca:21:aa:3d:75:61:b5:fc:37:3e:f1:96:76:93:2a:6b:
         05:eb:5e:40:4b:98:54:1b:da:66:78:42:f2:3e:b2:ec:3c:8e:
         d5:e2:39:92:b9:37:22:84:2e:35:44:2d:af:d1:aa:42:d3:89:
         9f:7c:15:f8:c0:7f:29:f0:d5:98:eb:4f:72:4d:af:12:63:c3:
         b3:56:02:09:fb:16:25:3c:c4:09:c6:3c:36:55:23:9d:ad:46:
         48:61:74:57:ae:51:bf:f6:36:b4:25:9a:8e:ae:0b:f2:8d:52:
         76:e6:30:5f:dd:de:14:c0:51:d5:84:6d:22:91:52:f9:1b:b6:
         3e:b5:88:9d:e9:4e:0d:e5:ca:fa:9a:f2:c1:cf:c3:9d:b8:b3:
         0f:42:71:b7:50:f9:e1:45:5d:6d:ec:1b:79:9d:36:14:85:93:
         b9:1f:1d:fc:98:79:13:31:fe:51:f5:b4:81:ba:a3:91:64:57:
         ed:73:5a:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZtA77OtkpG8a3pVCt9unT9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MTU4MjliN2YwMzQxMWJiZTIxYjFhMjAwNDk4Y2VlYmY1
YzA2YzAwHhcNMjUxMjIxMTI0MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDNhMDJhMTY0NWJjMTAyMzE5ZTgwYzcxZGFhYmViMGY5NjAzMzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUBoe3u54kr5q7MB+ragNo7139OH
WwYqckhKL1At6JtH7wkMjoRU2++ATMib1R8fWL7DCYHMDiVtLrF2tIP/3a0BwaCn
E7mGp1/N9taE36ZmDbQGCapvWALLTv0nt7YfPlSAm0WcyS0jrdbnwD2ODBA06HWj
04TWHmhluL4BGFJ63LQ4kglUqSP3mJ5uRM7fVpGXO9kReqtxsDS/4j60mWaEVr9e
sh887452BmZP7Ft2kYvYgr/KNbd1Y/zuHTqO0UaG/4GVdOjVG8Uqz24zZ3qrziZo
y4tzeDbcO4Npk8mZt1ssQVS2q3tjer0kbw+QiwQUdzJvrrb8m0B+fMqHTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN06AqFkW8ECMZ6Axx2qvrD5YDMmMB8GA1UdIwQY
MBaAFHUVgpt/A0EbviGxogBJjO6/XAbAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFJXQ20zOERRUnUtSWJHaUFFbU03cjljQnNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zZjdjZGEtMTA2Mi00YjdjLWFmZDkt
OWQwZGZkMzhkOTQ5LzEvM1RvQ29XUmJ3UUl4bm9ESEhhcS1zUGxnTXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zZjdjZGEtMTA2Mi00YjdjLWFmZDktOWQwZGZkMzhkOTQ5
LzEvZFJXQ20zOERRUnUtSWJHaUFFbU03cjljQnNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZJCMA0G
CSqGSIb3DQEBCwUAA4IBAQBXvehRHt+R8anisxt+jjZZRC+EGKF9Edh93RYLFbNo
+mHDBVyH4JXFhFG9r2Zrn9xJoMd/5mDbaR+gNppP6gbhyIcAD+QD0udatcohqj11
YbX8Nz7xlnaTKmsF615AS5hUG9pmeELyPrLsPI7V4jmSuTcihC41RC2v0apC04mf
fBX4wH8p8NWY609yTa8SY8OzVgIJ+xYlPMQJxjw2VSOdrUZIYXRXrlG/9ja0JZqO
rgvyjVJ25jBf3d4UwFHVhG0ikVL5G7Y+tYid6U4N5cr6mvLBz8OduLMPQnG3UPnh
RV1t7Bt5nTYUhZO5Hx38mHkTMf5R9bSBuqORZFftc1qj
-----END CERTIFICATE-----