This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/3l3JwyRn9LUMsz8MYG14zOnBHdc.roa
File:                     3l3JwyRn9LUMsz8MYG14zOnBHdc.roa (raw, json)
Hash identifier:          2A1HY2h9Phgu+RFmc7588XfC02kPw7N3ZbQ8wc/kW84=
Subject key identifier:   DE:5D:C9:C3:24:67:F4:B5:0C:B3:3F:0C:60:6D:78:CC:E9:C1:1D:D7
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       019B7CEE513B294E115CCD7C9EF84EF8FF9D
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/3l3JwyRn9LUMsz8MYG14zOnBHdc.roa
Signing time:             Fri 02 Jan 2026 04:19:11 +0000
ROA not before:           Fri 02 Jan 2026 04:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34828
IP address blocks:        2a0f:6580:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:51:3b:29:4e:11:5c:cd:7c:9e:f8:4e:f8:ff:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  2 04:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de5dc9c32467f4b50cb33f0c606d78cce9c11dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e8:0d:05:17:8b:12:44:f2:92:6f:d6:d1:57:
                    11:30:69:b7:15:7a:00:0d:80:fd:41:fb:3e:80:04:
                    e7:fc:e3:15:1a:8b:9d:8c:a5:f1:6e:c4:9a:0c:dc:
                    90:09:36:20:75:08:93:da:f2:49:1b:e6:f4:50:1b:
                    66:fb:7e:36:88:ba:4c:06:dd:fe:30:43:e2:f0:61:
                    3e:e7:73:a0:2e:8e:60:dc:42:98:4c:c5:71:95:b6:
                    6a:04:d4:f1:5c:33:ae:60:d4:c7:b6:17:d0:08:84:
                    b0:5c:9a:8d:39:e0:73:a5:f0:ba:99:fe:7b:9a:98:
                    8b:46:34:a6:75:40:02:ee:88:01:cd:c0:79:a7:ab:
                    23:a7:07:6d:11:a6:bb:79:a0:7f:43:89:54:ab:23:
                    f4:a2:7c:0b:15:2b:ae:cd:b7:72:40:99:96:a9:ec:
                    a9:3f:61:2d:99:8b:bb:96:bd:69:04:0f:4b:4f:9b:
                    ae:d8:83:5d:ce:97:64:5e:dc:34:bc:fb:4b:4e:0b:
                    12:20:bb:1c:9b:1f:2a:4b:2d:fa:4c:3b:86:60:55:
                    9d:26:c6:b2:99:a9:21:a9:a2:3f:cc:1a:e5:c7:3f:
                    19:c4:71:1d:bb:14:63:46:4f:bf:d1:f6:67:ba:20:
                    f6:65:1d:c2:9c:61:69:dd:e1:7e:6e:14:77:07:d1:
                    d4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:5D:C9:C3:24:67:F4:B5:0C:B3:3F:0C:60:6D:78:CC:E9:C1:1D:D7
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/3l3JwyRn9LUMsz8MYG14zOnBHdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:ed:89:00:b9:39:b2:05:41:b7:17:a1:3d:f9:ba:f2:cb:a7:
         6c:15:0f:6b:b9:c4:19:e8:f4:3e:c6:b0:0e:93:ba:1f:e9:76:
         ef:b8:49:b3:4e:87:1f:ca:9e:d7:1b:1f:d6:7c:cf:3e:03:ca:
         04:24:98:8c:77:f8:fc:28:e9:44:72:12:48:8f:3f:47:96:23:
         e7:2e:90:da:37:f8:80:64:57:91:f3:94:35:fd:82:6f:46:59:
         59:0d:d9:9d:fd:a2:68:a8:0a:67:95:6d:a1:86:de:9a:d2:e9:
         63:fd:f2:75:c8:3e:78:87:30:52:7a:56:42:6a:ee:c8:f2:94:
         a8:92:52:4e:3f:da:7a:62:58:bf:ca:85:61:6b:9f:b8:6f:d8:
         60:3e:28:56:00:48:4e:cf:a9:44:0c:ea:28:29:9e:47:1c:1c:
         fd:2c:fa:4f:82:65:0e:26:61:b7:96:72:ae:ea:49:bc:54:20:
         40:23:80:37:94:9c:d8:2a:a4:2c:69:17:2b:e3:95:22:cf:95:
         c3:8b:e8:a5:35:77:51:66:68:cb:d1:5b:5c:e2:ed:7e:1e:5c:
         00:58:db:ed:fd:93:a9:4d:a2:68:69:7d:07:8e:a7:e4:98:08:
         9d:f2:da:42:d9:5f:9e:bc:1a:55:65:17:63:69:92:24:64:23:
         d9:e2:9e:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87lE7KU4RXM18nvhO+P+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjYwMTAyMDQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTVkYzljMzI0NjdmNGI1MGNiMzNmMGM2MDZkNzhjY2U5YzExZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OgNBReLEkTykm/W0VcRMGm3FXoA
DYD9Qfs+gATn/OMVGoudjKXxbsSaDNyQCTYgdQiT2vJJG+b0UBtm+342iLpMBt3+
MEPi8GE+53OgLo5g3EKYTMVxlbZqBNTxXDOuYNTHthfQCISwXJqNOeBzpfC6mf57
mpiLRjSmdUAC7ogBzcB5p6sjpwdtEaa7eaB/Q4lUqyP0onwLFSuuzbdyQJmWqeyp
P2EtmYu7lr1pBA9LT5uu2INdzpdkXtw0vPtLTgsSILscmx8qSy36TDuGYFWdJsay
makhqaI/zBrlxz8ZxHEduxRjRk+/0fZnuiD2ZR3CnGFp3eF+bhR3B9HUuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN5dycMkZ/S1DLM/DGBteMzpwR3XMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvM2wzSnd5Um45TFVNc3o4TVlHMTR6T25CSGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBM7YkAuTmyBUG3F6E9+bryy6dsFQ9rucQZ6PQ+
xrAOk7of6XbvuEmzTocfyp7XGx/WfM8+A8oEJJiMd/j8KOlEchJIjz9HliPnLpDa
N/iAZFeR85Q1/YJvRllZDdmd/aJoqApnlW2hht6a0ulj/fJ1yD54hzBSelZCau7I
8pSoklJOP9p6Yli/yoVha5+4b9hgPihWAEhOz6lEDOooKZ5HHBz9LPpPgmUOJmG3
lnKu6km8VCBAI4A3lJzYKqQsaRcr45Uiz5XDi+ilNXdRZmjL0Vtc4u1+HlwAWNvt
/ZOpTaJoaX0HjqfkmAid8tpC2V+evBpVZRdjaZIkZCPZ4p6u
-----END CERTIFICATE-----