This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/3UAZ9rdQ7CQL1hhCNvVOCg9iO4o.roa
File:                     3UAZ9rdQ7CQL1hhCNvVOCg9iO4o.roa (raw, json)
Hash identifier:          63VmVtm/xbRBRuJte8hk1vPrq7aNoUtneWqvYwJNXks=
Subject key identifier:   DD:40:19:F6:B7:50:EC:24:0B:D6:18:42:36:F5:4E:0A:0F:62:3B:8A
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019B76EB1DD064130363248E91B974D4677D
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/3UAZ9rdQ7CQL1hhCNvVOCg9iO4o.roa
Signing time:             Thu 01 Jan 2026 00:17:58 +0000
ROA not before:           Thu 01 Jan 2026 00:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215898
IP address blocks:        193.106.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 12:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:1d:d0:64:13:03:63:24:8e:91:b9:74:d4:67:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Jan  1 00:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd4019f6b750ec240bd6184236f54e0a0f623b8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fd:f7:22:87:1c:5b:ed:74:d2:fd:76:5a:42:
                    f1:00:d4:68:74:a9:b5:d4:9c:61:53:32:c2:4a:57:
                    f8:a0:c1:df:c7:66:87:90:b7:66:9a:3f:72:60:8b:
                    2c:81:f9:c8:71:8f:cd:ea:05:bc:7a:59:40:f8:b1:
                    6d:76:14:de:ce:f2:be:9b:2d:16:63:6a:94:cc:18:
                    aa:1d:7c:9b:f6:8a:02:c0:c1:fa:da:4c:37:79:f5:
                    3c:c3:2f:a0:f4:a5:54:cd:2b:94:7e:f4:d0:1a:e4:
                    c4:ba:e3:14:42:2f:3e:2f:e8:b0:f3:8e:94:a0:ef:
                    f0:56:d2:d9:38:7e:b1:af:f1:77:55:02:5e:e4:34:
                    a1:ba:d0:c2:e7:9a:a8:ef:93:ba:fc:ca:b4:e7:c2:
                    d2:5c:8d:70:52:34:06:04:56:54:35:33:b2:9d:dd:
                    6e:4c:93:f8:35:3d:2f:2a:a3:44:f9:99:b8:0a:e8:
                    6d:b8:7d:2e:6c:cd:86:c3:a3:b7:fc:2f:f6:b5:1c:
                    20:de:7b:46:94:c5:02:5c:24:fe:ee:ed:d6:ec:fc:
                    b5:f5:bb:46:5c:e2:8e:81:60:da:3c:a1:bd:18:0f:
                    79:58:75:96:15:75:7a:90:07:ca:79:55:ec:69:52:
                    e0:a1:8e:78:03:b8:fe:52:c9:a7:09:78:65:4d:3e:
                    df:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:40:19:F6:B7:50:EC:24:0B:D6:18:42:36:F5:4E:0A:0F:62:3B:8A
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/3UAZ9rdQ7CQL1hhCNvVOCg9iO4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:d6:e4:9f:9b:8c:d4:78:38:b0:c3:35:d2:c7:7c:a5:f6:2c:
         df:7b:f0:1b:74:32:dc:cd:2a:2c:40:31:d6:db:f0:4a:b0:d0:
         0a:77:76:7f:0d:29:14:1c:c6:d1:76:35:48:c4:2c:fc:a6:49:
         ca:13:3c:25:01:b9:67:47:04:da:40:94:3f:37:5e:b5:f1:13:
         8d:06:ff:eb:3b:5e:6e:db:6f:22:44:4b:83:28:75:c6:8b:4b:
         6f:60:b1:2d:f3:06:b8:51:1a:d6:77:1e:db:c0:b1:7b:92:8d:
         41:19:2d:36:87:6f:e0:c5:88:e5:ab:71:42:2a:11:12:c6:75:
         94:55:43:e9:a5:1a:f2:13:f4:02:66:ac:da:d5:3b:9e:ef:ef:
         9b:f0:e8:65:c0:fb:55:61:89:b0:4a:e9:73:11:51:f5:83:a3:
         8f:e8:68:61:8d:64:0b:27:60:af:8b:c8:bd:2e:fe:0a:77:3f:
         11:77:69:1c:94:06:d2:01:51:49:09:c9:3a:f1:76:93:93:91:
         20:f5:25:24:d3:13:5a:98:5b:b5:8d:9f:8c:3b:c1:71:5f:7c:
         07:0d:cd:81:30:d4:a9:b4:53:8e:7c:17:04:9f:c7:ac:be:cd:
         39:c6:e6:2f:77:92:92:cf:8b:12:a8:fe:0f:b8:25:06:31:3c:
         65:7c:85:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26x3QZBMDYySOkbl01Gd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjYwMTAxMDAxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQwMTlmNmI3NTBlYzI0MGJkNjE4NDIzNmY1NGUwYTBmNjIzYjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/33IoccW+100v12WkLxANRodKm1
1JxhUzLCSlf4oMHfx2aHkLdmmj9yYIssgfnIcY/N6gW8ellA+LFtdhTezvK+my0W
Y2qUzBiqHXyb9ooCwMH62kw3efU8wy+g9KVUzSuUfvTQGuTEuuMUQi8+L+iw846U
oO/wVtLZOH6xr/F3VQJe5DShutDC55qo75O6/Mq058LSXI1wUjQGBFZUNTOynd1u
TJP4NT0vKqNE+Zm4CuhtuH0ubM2Gw6O3/C/2tRwg3ntGlMUCXCT+7u3W7Py19btG
XOKOgWDaPKG9GA95WHWWFXV6kAfKeVXsaVLgoY54A7j+UsmnCXhlTT7fsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1AGfa3UOwkC9YYQjb1TgoPYjuKMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvM1VBWjlyZFE3Q1FMMWhoQ052Vk9DZzlpTzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWrEMA0G
CSqGSIb3DQEBCwUAA4IBAQCw1uSfm4zUeDiwwzXSx3yl9izfe/AbdDLczSosQDHW
2/BKsNAKd3Z/DSkUHMbRdjVIxCz8pknKEzwlAblnRwTaQJQ/N1618RONBv/rO15u
228iREuDKHXGi0tvYLEt8wa4URrWdx7bwLF7ko1BGS02h2/gxYjlq3FCKhESxnWU
VUPppRryE/QCZqza1Tue7++b8OhlwPtVYYmwSulzEVH1g6OP6GhhjWQLJ2Cvi8i9
Lv4Kdz8Rd2kclAbSAVFJCck68XaTk5Eg9SUk0xNamFu1jZ+MO8FxX3wHDc2BMNSp
tFOOfBcEn8esvs05xuYvd5KSz4sSqP4PuCUGMTxlfIXl
-----END CERTIFICATE-----