This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e8444-8da5-466b-8400-7bd96d9c6286/1/3UvocN8YemmoOwL53sgwSszmnzc.roa
File:                     3UvocN8YemmoOwL53sgwSszmnzc.roa (raw, json)
Hash identifier:          RJjvrheXtGevJ6D0OMvxOIdvCPxuFznkOJ4LPhI3QMA=
Subject key identifier:   DD:4B:E8:70:DF:18:7A:69:A8:3B:02:F9:DE:C8:30:4A:CC:E6:9F:37
Certificate issuer:       /CN=9d17d9388e7631a6d19afb2b2642795a24c84081
Certificate serial:       019B7A5A7403711955E78E14AEB56009869D
Authority key identifier: 9D:17:D9:38:8E:76:31:A6:D1:9A:FB:2B:26:42:79:5A:24:C8:40:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nRfZOI52MabRmvsrJkJ5WiTIQIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/6e8444-8da5-466b-8400-7bd96d9c6286/1/3UvocN8YemmoOwL53sgwSszmnzc.roa
Signing time:             Thu 01 Jan 2026 16:18:26 +0000
ROA not before:           Thu 01 Jan 2026 16:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203927
IP address blocks:        185.119.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/6e8444-8da5-466b-8400-7bd96d9c6286/1/nRfZOI52MabRmvsrJkJ5WiTIQIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/6e8444-8da5-466b-8400-7bd96d9c6286/1/nRfZOI52MabRmvsrJkJ5WiTIQIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nRfZOI52MabRmvsrJkJ5WiTIQIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:74:03:71:19:55:e7:8e:14:ae:b5:60:09:86:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d17d9388e7631a6d19afb2b2642795a24c84081
        Validity
            Not Before: Jan  1 16:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd4be870df187a69a83b02f9dec8304acce69f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:82:8a:a9:5f:86:42:ff:3f:7d:52:77:ba:78:
                    ec:68:71:0c:b9:4b:62:ef:79:3a:ab:9d:7e:15:af:
                    34:8f:a9:c2:ff:07:1a:b0:ae:20:4c:a0:2e:f4:31:
                    1e:e3:b2:a5:75:8c:eb:06:d5:f1:4a:12:69:5a:60:
                    c1:d5:c5:45:aa:7f:43:0e:cc:b0:8e:f9:c1:78:08:
                    38:4b:11:d0:64:27:e1:66:28:a1:e7:b8:44:81:39:
                    04:83:9f:93:9a:96:a9:b1:0c:92:2c:70:e3:4a:e7:
                    9f:93:1b:e4:42:77:20:b0:b3:98:ca:e5:5e:a1:99:
                    01:19:57:83:ae:3d:0e:b2:f9:67:cd:17:d6:92:f7:
                    e8:5b:bb:40:bc:3c:e5:db:0b:f8:dc:86:db:e0:e6:
                    a8:65:a7:0f:25:a5:e4:b1:14:9f:46:6d:75:1e:4d:
                    40:02:81:6f:68:f1:01:fe:8f:b1:df:9d:96:03:90:
                    df:71:b2:6e:f8:f9:60:f0:b5:52:58:f7:2e:7c:7d:
                    04:25:78:69:b2:f2:41:93:1b:86:b2:3a:39:71:13:
                    ae:00:26:6b:cb:5e:79:6f:4b:1e:9a:9e:94:7f:fc:
                    99:30:11:89:b2:4b:1b:36:e6:ac:d0:9d:7a:0c:7f:
                    2b:43:3c:62:5b:6e:2f:97:99:01:42:05:1e:6c:84:
                    e3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4B:E8:70:DF:18:7A:69:A8:3B:02:F9:DE:C8:30:4A:CC:E6:9F:37
            X509v3 Authority Key Identifier:
                keyid:9D:17:D9:38:8E:76:31:A6:D1:9A:FB:2B:26:42:79:5A:24:C8:40:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nRfZOI52MabRmvsrJkJ5WiTIQIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e8444-8da5-466b-8400-7bd96d9c6286/1/3UvocN8YemmoOwL53sgwSszmnzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e8444-8da5-466b-8400-7bd96d9c6286/1/nRfZOI52MabRmvsrJkJ5WiTIQIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:a9:ab:11:5f:9f:af:70:fb:cc:13:20:1a:4f:3c:5b:e0:f2:
         4c:e2:5c:bd:87:7f:38:5a:5b:8f:c5:f4:11:cf:72:de:1a:0b:
         0e:26:9a:37:46:e5:ca:66:da:d8:ab:a5:f5:2a:3d:43:ba:0d:
         2f:7e:23:76:57:e9:11:78:18:4c:84:15:87:e0:11:ed:04:58:
         f5:bd:64:0c:b5:f4:12:e2:4c:4f:6d:8d:da:49:c8:0e:ff:91:
         46:c4:03:dc:b9:73:e2:4a:2b:66:19:88:55:fb:52:de:ad:af:
         ce:27:32:47:d8:96:30:b6:ab:2a:57:af:6d:06:1b:3a:3c:00:
         1e:04:a0:0a:8d:e4:1e:92:44:7b:1b:bb:b4:7c:6e:2b:f7:12:
         12:7b:a8:14:30:3f:12:29:c3:b8:f4:ad:ea:ef:48:66:41:8f:
         91:d7:5f:fa:bd:0d:f1:43:88:d0:f1:0d:e1:03:7f:96:9c:db:
         33:5d:81:45:e0:5a:00:e8:37:e1:9f:c3:73:02:fe:4a:58:57:
         ef:09:fe:55:d6:b2:79:4f:6b:1a:57:53:02:6e:3f:51:73:77:
         36:8b:2e:d6:41:ff:e9:18:7f:aa:ce:e1:d4:e4:07:84:65:96:
         60:01:2b:4b:76:3e:25:8d:10:09:17:80:5f:43:e3:ba:7b:d0:
         54:23:25:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WnQDcRlV544UrrVgCYadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMTdkOTM4OGU3NjMxYTZkMTlhZmIyYjI2NDI3OTVhMjRj
ODQwODEwHhcNMjYwMTAxMTYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRiZTg3MGRmMTg3YTY5YTgzYjAyZjlkZWM4MzA0YWNjZTY5ZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4KKqV+GQv8/fVJ3unjsaHEMuUti
73k6q51+Fa80j6nC/wcasK4gTKAu9DEe47KldYzrBtXxShJpWmDB1cVFqn9DDsyw
jvnBeAg4SxHQZCfhZiih57hEgTkEg5+TmpapsQySLHDjSuefkxvkQncgsLOYyuVe
oZkBGVeDrj0OsvlnzRfWkvfoW7tAvDzl2wv43Ibb4OaoZacPJaXksRSfRm11Hk1A
AoFvaPEB/o+x352WA5DfcbJu+Plg8LVSWPcufH0EJXhpsvJBkxuGsjo5cROuACZr
y155b0semp6Uf/yZMBGJsksbNuas0J16DH8rQzxiW24vl5kBQgUebITjywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1L6HDfGHppqDsC+d7IMErM5p83MB8GA1UdIwQY
MBaAFJ0X2TiOdjGm0Zr7KyZCeVokyECBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblJmWk9JNTJNYWJSbXZzckprSjVXaVRJUUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg0NDQtOGRhNS00NjZiLTg0MDAt
N2JkOTZkOWM2Mjg2LzEvM1V2b2NOOFllbW1vT3dMNTNzZ3dTc3ptbnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg0NDQtOGRhNS00NjZiLTg0MDAtN2JkOTZkOWM2Mjg2
LzEvblJmWk9JNTJNYWJSbXZzckprSjVXaVRJUUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXfMMA0G
CSqGSIb3DQEBCwUAA4IBAQBCqasRX5+vcPvMEyAaTzxb4PJM4ly9h384WluPxfQR
z3LeGgsOJpo3RuXKZtrYq6X1Kj1Dug0vfiN2V+kReBhMhBWH4BHtBFj1vWQMtfQS
4kxPbY3aScgO/5FGxAPcuXPiSitmGYhV+1Lera/OJzJH2JYwtqsqV69tBhs6PAAe
BKAKjeQekkR7G7u0fG4r9xISe6gUMD8SKcO49K3q70hmQY+R11/6vQ3xQ4jQ8Q3h
A3+WnNszXYFF4FoA6Dfhn8NzAv5KWFfvCf5V1rJ5T2saV1MCbj9Rc3c2iy7WQf/p
GH+qzuHU5AeEZZZgAStLdj4ljRAJF4BfQ+O6e9BUIyXP
-----END CERTIFICATE-----