This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/3TWQKB1cnPa0egTpgv4hHONnk6g.roa
File:                     3TWQKB1cnPa0egTpgv4hHONnk6g.roa (raw, json)
Hash identifier:          7Md6IbzdaA19dddiYJSTqvYDtis8EUY+mCYILklb6m4=
Subject key identifier:   DD:35:90:28:1D:5C:9C:F6:B4:7A:04:E9:82:FE:21:1C:E3:67:93:A8
Certificate issuer:       /CN=a5c6373eab19cf43dd2f43111398383ee2bad030
Certificate serial:       019B7BA5221FDE1EFEE1C51608B6F007B1B6
Authority key identifier: A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/3TWQKB1cnPa0egTpgv4hHONnk6g.roa
Signing time:             Thu 01 Jan 2026 22:19:38 +0000
ROA not before:           Thu 01 Jan 2026 22:19:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206092
IP address blocks:        185.228.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 01:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:22:1f:de:1e:fe:e1:c5:16:08:b6:f0:07:b1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c6373eab19cf43dd2f43111398383ee2bad030
        Validity
            Not Before: Jan  1 22:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd3590281d5c9cf6b47a04e982fe211ce36793a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5f:e5:e0:ed:0c:26:35:ef:2c:f2:b9:9f:3b:
                    20:d0:6d:09:bf:49:1a:a8:1b:14:88:87:d3:ad:ec:
                    0e:6f:3d:e3:b2:0a:b5:d8:b1:b9:1a:62:ec:1d:6c:
                    7c:63:25:cb:31:73:12:a5:a7:b6:d3:d9:4c:3e:70:
                    43:68:73:c6:1a:b3:71:1c:4c:92:49:5b:b9:39:96:
                    f2:90:4c:e1:71:ce:f2:ea:23:5e:55:86:2a:2c:8f:
                    30:90:f8:55:54:af:39:80:c7:e2:05:ff:e2:17:5a:
                    ed:da:91:be:cf:a6:cf:2b:5a:3d:5c:d8:58:3f:ef:
                    76:64:17:58:71:98:65:4d:44:71:1e:f2:8b:b1:7c:
                    a2:39:68:98:94:46:a9:08:f9:6d:1a:59:5a:4f:0f:
                    0c:e0:97:f9:d7:55:d0:93:62:2b:a4:de:ea:0d:19:
                    6e:2f:98:c9:0b:86:ec:70:d1:dd:de:63:14:25:ab:
                    8e:a1:de:ad:67:51:9b:40:50:ba:b1:53:06:91:2f:
                    b3:7d:95:89:ea:8a:94:64:61:52:28:5f:1a:20:f1:
                    3b:c2:6a:87:3c:ad:34:bf:7c:cc:67:b8:c8:be:97:
                    dd:7c:e6:e9:e4:da:24:e5:bf:f9:e7:d7:8a:fd:d1:
                    01:ee:d0:8b:d4:c2:ed:ac:9f:08:f6:c7:1a:65:5e:
                    16:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:35:90:28:1D:5C:9C:F6:B4:7A:04:E9:82:FE:21:1C:E3:67:93:A8
            X509v3 Authority Key Identifier:
                keyid:A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/3TWQKB1cnPa0egTpgv4hHONnk6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:cf:da:cb:3d:61:02:73:13:b9:a0:c2:41:5e:61:1d:b9:54:
         cd:4e:78:cc:8b:09:41:bd:73:b3:c9:27:8a:b0:23:24:4a:92:
         34:2d:f1:59:bb:db:2d:61:01:95:81:47:6d:a7:da:53:be:fa:
         e0:1c:b3:08:cf:12:2a:f3:38:2a:6c:bd:63:e3:d3:be:4d:02:
         31:71:59:65:96:6a:e3:92:95:e0:7b:ab:f8:b8:4a:8d:66:30:
         5f:92:ac:24:76:6d:42:53:f7:fe:c1:9c:91:61:39:04:8c:2b:
         ef:96:4b:97:9f:f1:35:0e:c6:09:26:11:3f:b1:bd:2e:a3:fe:
         b8:a5:b6:6f:48:a1:2f:2c:67:a6:53:d0:26:01:86:5a:a8:01:
         11:eb:1f:74:87:b3:a8:16:eb:50:19:13:3d:52:4a:77:42:6f:
         b4:7e:bf:1d:d9:c5:5f:13:3f:6c:bf:5e:6e:2b:3c:0f:34:25:
         27:db:c4:65:78:26:57:c5:05:de:93:57:84:9c:d4:d6:6c:79:
         85:08:7a:1a:11:69:3b:17:37:93:5e:e4:14:af:fd:31:61:59:
         17:1b:97:6d:f0:27:3f:d4:48:7e:79:59:36:e8:9f:ec:9a:b9:
         4c:b2:e2:7f:dc:1c:62:d7:c2:11:14:ea:28:3f:1e:fe:7a:1e:
         39:b2:ab:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSIf3h7+4cUWCLbwB7G2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzYzNzNlYWIxOWNmNDNkZDJmNDMxMTEzOTgzODNlZTJi
YWQwMzAwHhcNMjYwMTAxMjIxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM1OTAyODFkNWM5Y2Y2YjQ3YTA0ZTk4MmZlMjExY2UzNjc5M2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF/l4O0MJjXvLPK5nzsg0G0Jv0ka
qBsUiIfTrewObz3jsgq12LG5GmLsHWx8YyXLMXMSpae209lMPnBDaHPGGrNxHEyS
SVu5OZbykEzhcc7y6iNeVYYqLI8wkPhVVK85gMfiBf/iF1rt2pG+z6bPK1o9XNhY
P+92ZBdYcZhlTURxHvKLsXyiOWiYlEapCPltGllaTw8M4Jf511XQk2IrpN7qDRlu
L5jJC4bscNHd3mMUJauOod6tZ1GbQFC6sVMGkS+zfZWJ6oqUZGFSKF8aIPE7wmqH
PK00v3zMZ7jIvpfdfObp5Nok5b/559eK/dEB7tCL1MLtrJ8I9scaZV4WOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN01kCgdXJz2tHoE6YL+IRzjZ5OoMB8GA1UdIwQY
MBaAFKXGNz6rGc9D3S9DEROYOD7iutAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEt
YTRlYTBhNjNmNzY2LzEvM1RXUUtCMWNuUGEwZWdUcGd2NGhIT05uazZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEtYTRlYTBhNjNmNzY2
LzEvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueQDMA0G
CSqGSIb3DQEBCwUAA4IBAQBMz9rLPWECcxO5oMJBXmEduVTNTnjMiwlBvXOzySeK
sCMkSpI0LfFZu9stYQGVgUdtp9pTvvrgHLMIzxIq8zgqbL1j49O+TQIxcVlllmrj
kpXge6v4uEqNZjBfkqwkdm1CU/f+wZyRYTkEjCvvlkuXn/E1DsYJJhE/sb0uo/64
pbZvSKEvLGemU9AmAYZaqAER6x90h7OoFutQGRM9Ukp3Qm+0fr8d2cVfEz9sv15u
KzwPNCUn28RleCZXxQXek1eEnNTWbHmFCHoaEWk7FzeTXuQUr/0xYVkXG5dt8Cc/
1Eh+eVk26J/smrlMsuJ/3Bxi18IRFOooPx7+eh45sqv6
-----END CERTIFICATE-----