This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/3Hr9NkohHp-0dQh6eby1rDTTvtg.roa
File:                     3Hr9NkohHp-0dQh6eby1rDTTvtg.roa (raw, json)
Hash identifier:          31UMAD/tu8ErCfftbrPF1UHKdFAEb8fyigVMsh1vdjY=
Subject key identifier:   DC:7A:FD:36:4A:21:1E:9F:B4:75:08:7A:79:BC:B5:AC:34:D3:BE:D8
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       019B77C725A5099E9DB2FD64B4313307A687
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/3Hr9NkohHp-0dQh6eby1rDTTvtg.roa
Signing time:             Thu 01 Jan 2026 04:18:18 +0000
ROA not before:           Thu 01 Jan 2026 04:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213652
IP address blocks:        212.64.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 10:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:25:a5:09:9e:9d:b2:fd:64:b4:31:33:07:a6:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 04:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc7afd364a211e9fb475087a79bcb5ac34d3bed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ca:35:90:c3:d9:5e:d5:74:07:4a:1d:bb:00:
                    35:d3:82:d9:95:08:18:de:04:9a:9b:56:3a:9a:e4:
                    b0:1b:7d:49:d8:be:15:55:00:47:6a:56:16:1e:b8:
                    71:19:2b:54:37:7d:4d:f5:6f:d4:11:59:f2:d9:0d:
                    54:71:36:9a:7e:7a:3c:4d:5c:9c:33:6e:d5:43:5b:
                    53:9b:49:a5:ab:4b:72:f7:12:a6:0c:c6:45:dd:91:
                    4b:5d:fd:5c:1c:83:b7:46:2d:14:4f:0e:0e:6d:90:
                    ba:3e:18:f8:17:26:13:4d:eb:48:ee:15:a4:14:c1:
                    df:9d:ac:34:23:29:b9:94:4d:94:0a:db:55:c2:fd:
                    1f:76:a7:4f:39:4b:d4:bd:9f:d4:45:4b:15:4a:d8:
                    83:b3:db:d6:37:93:9c:70:6d:14:3d:24:43:2c:6a:
                    c4:40:82:c9:db:af:0c:68:e1:5c:f7:9c:c5:b5:50:
                    f1:46:ac:53:b1:cf:7a:32:90:41:d4:d1:fa:c0:a3:
                    84:34:e1:72:5a:c5:5f:5d:4f:4d:e2:44:8e:9a:41:
                    d5:cb:5f:bc:d7:79:a1:24:47:d0:f5:2b:1e:ee:93:
                    e5:c9:18:fc:4d:af:06:b9:b9:6d:3f:78:a8:85:90:
                    ac:1e:a2:1e:25:33:e6:bc:9b:35:cc:46:ad:93:60:
                    d0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7A:FD:36:4A:21:1E:9F:B4:75:08:7A:79:BC:B5:AC:34:D3:BE:D8
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/3Hr9NkohHp-0dQh6eby1rDTTvtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:a8:45:5d:cc:b4:c3:59:44:5d:1e:2f:4b:1b:01:ac:f0:04:
         e3:94:da:49:b0:cc:72:86:bb:2e:fb:3e:9d:b4:5f:63:bc:6f:
         11:e6:84:27:e4:8c:a0:74:5b:be:e0:f7:ba:69:43:a3:39:41:
         02:51:74:c6:31:29:61:91:22:2d:25:39:3c:32:ce:f7:a1:f2:
         72:ba:af:99:24:2d:38:ff:78:68:68:30:7a:a0:df:7d:e2:bc:
         84:34:0b:0f:ce:38:63:71:e0:3f:8e:0f:1c:71:9c:c5:c4:ab:
         71:13:86:75:21:06:e4:0c:a1:ca:94:20:f1:d5:f9:d7:6a:e8:
         58:0d:be:84:8c:72:d3:42:9b:78:07:fe:9c:00:c3:22:34:43:
         fb:55:fa:04:65:5a:0f:9f:8d:d9:61:78:f4:31:37:4e:a8:55:
         7b:ae:66:9f:63:5e:0f:58:97:49:5e:59:77:c9:1c:8a:15:9b:
         67:24:7e:4d:99:5a:f8:a4:2b:6d:ab:d0:ca:5f:37:d0:a1:a8:
         8a:db:19:42:67:67:83:f5:f8:d4:67:17:76:2b:16:a0:07:aa:
         06:e4:02:f6:e4:ce:54:96:6b:48:55:e1:4e:da:c3:2e:2f:db:
         51:a8:ca:6e:76:a3:40:c0:73:67:e2:19:33:3e:76:d9:5d:4b:
         bd:e6:4b:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xyWlCZ6dsv1ktDEzB6aHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjYwMTAxMDQxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzdhZmQzNjRhMjExZTlmYjQ3NTA4N2E3OWJjYjVhYzM0ZDNiZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5co1kMPZXtV0B0oduwA104LZlQgY
3gSam1Y6muSwG31J2L4VVQBHalYWHrhxGStUN31N9W/UEVny2Q1UcTaafno8TVyc
M27VQ1tTm0mlq0ty9xKmDMZF3ZFLXf1cHIO3Ri0UTw4ObZC6Phj4FyYTTetI7hWk
FMHfnaw0Iym5lE2UCttVwv0fdqdPOUvUvZ/URUsVStiDs9vWN5OccG0UPSRDLGrE
QILJ268MaOFc95zFtVDxRqxTsc96MpBB1NH6wKOENOFyWsVfXU9N4kSOmkHVy1+8
13mhJEfQ9Sse7pPlyRj8Ta8GubltP3iohZCsHqIeJTPmvJs1zEatk2DQHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNx6/TZKIR6ftHUIenm8taw0077YMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvM0hyOU5rb2hIcC0wZFFoNmVieTFyRFRUdnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EDBMA0G
CSqGSIb3DQEBCwUAA4IBAQBuqEVdzLTDWURdHi9LGwGs8ATjlNpJsMxyhrsu+z6d
tF9jvG8R5oQn5IygdFu+4Pe6aUOjOUECUXTGMSlhkSItJTk8Ms73ofJyuq+ZJC04
/3hoaDB6oN994ryENAsPzjhjceA/jg8ccZzFxKtxE4Z1IQbkDKHKlCDx1fnXauhY
Db6EjHLTQpt4B/6cAMMiNEP7VfoEZVoPn43ZYXj0MTdOqFV7rmafY14PWJdJXll3
yRyKFZtnJH5NmVr4pCttq9DKXzfQoaiK2xlCZ2eD9fjUZxd2KxagB6oG5AL25M5U
lmtIVeFO2sMuL9tRqMpudqNAwHNn4hkzPnbZXUu95kvw
-----END CERTIFICATE-----