This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/3rjMBVFe8uKBxeuV296UIWDteN0.roa
File:                     3rjMBVFe8uKBxeuV296UIWDteN0.roa (raw, json)
Hash identifier:          BWIf1Yq2kYJ+acS7y1zpLt/FLnKlwt4+VzDbiu9Tn9U=
Subject key identifier:   DE:B8:CC:05:51:5E:F2:E2:81:C5:EB:95:DB:DE:94:21:60:ED:78:DD
Certificate issuer:       /CN=952093150f4a46101acd7ea3a26bb438513123b5
Certificate serial:       019B7FF1CEEF466144C89840835B9B47824B
Authority key identifier: 95:20:93:15:0F:4A:46:10:1A:CD:7E:A3:A2:6B:B4:38:51:31:23:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSCTFQ9KRhAazX6jomu0OFExI7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/3rjMBVFe8uKBxeuV296UIWDteN0.roa
Signing time:             Fri 02 Jan 2026 18:21:52 +0000
ROA not before:           Fri 02 Jan 2026 18:21:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        194.113.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/lSCTFQ9KRhAazX6jomu0OFExI7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/lSCTFQ9KRhAazX6jomu0OFExI7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSCTFQ9KRhAazX6jomu0OFExI7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:ce:ef:46:61:44:c8:98:40:83:5b:9b:47:82:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=952093150f4a46101acd7ea3a26bb438513123b5
        Validity
            Not Before: Jan  2 18:21:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=deb8cc05515ef2e281c5eb95dbde942160ed78dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:53:6c:23:af:b5:9c:2c:65:29:aa:bf:c2:be:
                    db:de:29:2d:ed:22:29:55:0d:99:5d:6d:65:55:a2:
                    c2:3d:33:37:bf:f1:b2:0c:a2:d0:96:1e:1c:35:5e:
                    dc:ac:15:a1:16:82:e3:48:ee:6f:35:03:93:a9:79:
                    c5:60:61:e1:b8:76:5e:00:f2:85:1c:10:71:cf:bf:
                    a6:95:28:f9:b8:08:7f:92:32:f3:e5:f6:0b:7d:0c:
                    f4:81:f8:74:25:25:bb:e5:1d:90:4b:50:c8:5c:7e:
                    bf:a3:e4:4c:82:6c:20:f3:55:ed:66:48:7f:bf:2c:
                    03:f4:22:e4:92:f6:35:86:ce:e6:d5:23:c9:58:86:
                    e3:b4:f8:f4:ef:3f:41:20:ac:a9:14:70:38:73:f4:
                    88:a9:e6:3a:dc:2c:13:62:8b:69:74:72:f1:f1:13:
                    7c:4e:dd:11:0c:fa:bf:e9:bf:50:82:ef:e9:95:a2:
                    03:9e:12:71:2c:09:31:e5:af:e3:25:b7:4b:5b:6d:
                    20:05:c6:1e:38:df:39:3b:4d:db:41:d4:0d:4a:7a:
                    15:f2:b9:55:49:8a:bf:5c:09:87:53:76:57:0c:ec:
                    8c:b5:22:86:9e:c1:12:98:58:c9:39:13:c6:91:c0:
                    17:c7:d2:cb:67:04:1b:09:c8:11:15:85:66:90:9a:
                    f8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:B8:CC:05:51:5E:F2:E2:81:C5:EB:95:DB:DE:94:21:60:ED:78:DD
            X509v3 Authority Key Identifier:
                keyid:95:20:93:15:0F:4A:46:10:1A:CD:7E:A3:A2:6B:B4:38:51:31:23:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSCTFQ9KRhAazX6jomu0OFExI7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/3rjMBVFe8uKBxeuV296UIWDteN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/958cbc-c2f4-48f7-addd-e804dcbdd762/1/lSCTFQ9KRhAazX6jomu0OFExI7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:9d:56:d3:a3:01:c1:b3:aa:5f:fb:00:5e:87:77:16:03:b3:
         98:87:cb:25:d6:1c:43:7d:28:bb:92:2b:84:9c:dd:99:08:33:
         f7:76:2b:84:35:43:8f:49:7e:f5:02:be:d3:47:61:dc:21:e4:
         8a:c9:b2:cc:8b:03:1e:76:c8:42:d1:f8:c5:67:c4:8b:76:ee:
         51:4e:a2:1d:76:8a:39:60:af:1d:53:74:a3:d2:f1:92:21:5d:
         d4:39:6f:22:e5:48:39:c7:00:93:20:2a:1d:24:28:e7:75:e3:
         56:c4:96:47:74:f4:4e:4c:5c:cc:4c:d7:c3:fc:54:5d:ae:4e:
         97:e6:25:cc:72:30:26:fb:43:ac:db:60:b5:69:ec:35:52:78:
         fb:c9:8a:90:bb:14:4d:73:64:7d:dd:45:fb:7d:2a:2c:15:fc:
         b4:5a:2b:ee:cc:a9:8b:b1:67:0d:85:98:58:d6:3e:7a:76:b5:
         86:d0:4a:cb:22:6c:c1:b6:c1:6e:73:5a:7c:fd:29:d4:ef:a1:
         96:2f:cf:c0:51:a2:a6:a5:90:07:88:e3:02:57:1f:7a:96:75:
         d1:17:95:89:fc:d5:59:2c:04:1e:69:67:99:d9:67:3e:20:cb:
         02:73:d8:59:14:6f:76:07:48:30:8c:be:47:39:8e:5d:3e:52:
         b0:3d:bb:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8c7vRmFEyJhAg1ubR4JLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjA5MzE1MGY0YTQ2MTAxYWNkN2VhM2EyNmJiNDM4NTEz
MTIzYjUwHhcNMjYwMTAyMTgyMTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWI4Y2MwNTUxNWVmMmUyODFjNWViOTVkYmRlOTQyMTYwZWQ3OGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFNsI6+1nCxlKaq/wr7b3ikt7SIp
VQ2ZXW1lVaLCPTM3v/GyDKLQlh4cNV7crBWhFoLjSO5vNQOTqXnFYGHhuHZeAPKF
HBBxz7+mlSj5uAh/kjLz5fYLfQz0gfh0JSW75R2QS1DIXH6/o+RMgmwg81XtZkh/
vywD9CLkkvY1hs7m1SPJWIbjtPj07z9BIKypFHA4c/SIqeY63CwTYotpdHLx8RN8
Tt0RDPq/6b9Qgu/plaIDnhJxLAkx5a/jJbdLW20gBcYeON85O03bQdQNSnoV8rlV
SYq/XAmHU3ZXDOyMtSKGnsESmFjJORPGkcAXx9LLZwQbCcgRFYVmkJr4NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN64zAVRXvLigcXrldvelCFg7XjdMB8GA1UdIwQY
MBaAFJUgkxUPSkYQGs1+o6JrtDhRMSO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNDVEZROUtSaEFhelg2am9tdTBPRkV4STdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi85NThjYmMtYzJmNC00OGY3LWFkZGQt
ZTgwNGRjYmRkNzYyLzEvM3JqTUJWRmU4dUtCeGV1VjI5NlVJV0R0ZU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi85NThjYmMtYzJmNC00OGY3LWFkZGQtZTgwNGRjYmRkNzYy
LzEvbFNDVEZROUtSaEFhelg2am9tdTBPRkV4STdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnHQMA0G
CSqGSIb3DQEBCwUAA4IBAQCunVbTowHBs6pf+wBeh3cWA7OYh8sl1hxDfSi7kiuE
nN2ZCDP3diuENUOPSX71Ar7TR2HcIeSKybLMiwMedshC0fjFZ8SLdu5RTqIddoo5
YK8dU3Sj0vGSIV3UOW8i5Ug5xwCTICodJCjndeNWxJZHdPROTFzMTNfD/FRdrk6X
5iXMcjAm+0Os22C1aew1Unj7yYqQuxRNc2R93UX7fSosFfy0WivuzKmLsWcNhZhY
1j56drWG0ErLImzBtsFuc1p8/SnU76GWL8/AUaKmpZAHiOMCVx96lnXRF5WJ/NVZ
LAQeaWeZ2Wc+IMsCc9hZFG92B0gwjL5HOY5dPlKwPbvp
-----END CERTIFICATE-----