This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/3wCNNSuWzSSwYQwg_CL9pzACFMM.roa
File:                     3wCNNSuWzSSwYQwg_CL9pzACFMM.roa (raw, json)
Hash identifier:          HF8Fm/z5VIt/9WuJvChaK+4H6Qn8FFsO9P/WD6aF2K0=
Subject key identifier:   DF:00:8D:35:2B:96:CD:24:B0:61:0C:20:FC:22:FD:A7:30:02:14:C3
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       019B79ED2A75BE998FB270B17ADB21C77C0F
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/3wCNNSuWzSSwYQwg_CL9pzACFMM.roa
Signing time:             Thu 01 Jan 2026 14:19:04 +0000
ROA not before:           Thu 01 Jan 2026 14:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212837
IP address blocks:        195.187.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:2a:75:be:99:8f:b2:70:b1:7a:db:21:c7:7c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  1 14:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df008d352b96cd24b0610c20fc22fda7300214c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:17:8f:ef:d4:83:4f:fa:9f:9d:03:25:a2:92:
                    52:a6:49:0d:9a:85:fe:fb:bd:42:a4:08:a8:f9:a0:
                    c1:3c:c4:87:79:02:8d:d6:a7:d7:d4:8c:ce:5c:90:
                    b1:29:60:05:85:81:fb:64:02:11:34:50:33:43:a6:
                    82:7c:b7:b0:27:45:33:8f:ae:2e:9a:e0:2e:7b:7d:
                    8e:97:5b:8e:94:d5:cc:78:76:2c:51:cd:73:d8:be:
                    d2:69:01:1e:8d:85:9d:1b:21:f4:dc:e3:cd:be:a3:
                    a5:67:4a:52:b4:70:ad:0c:b0:83:af:a9:cf:0a:85:
                    6f:d5:ad:51:cb:b9:d0:5b:1b:7b:8a:14:8e:9d:f0:
                    3b:ff:85:47:a9:82:50:57:1c:de:1c:6c:eb:20:72:
                    d8:c1:ef:f8:bc:73:98:21:5c:bd:39:11:06:67:87:
                    b0:27:7d:91:4e:d6:c4:3e:b7:71:b9:9a:72:03:78:
                    dc:4c:0d:d9:91:89:2f:51:d0:73:2c:3d:36:ac:75:
                    63:a7:8a:fd:bb:a9:69:dd:b7:f9:5e:33:2d:e4:db:
                    e6:78:3d:21:eb:94:97:62:64:5a:6f:4a:38:a1:a7:
                    17:f4:2d:da:60:8c:9d:c2:25:53:14:48:8b:c0:3d:
                    2f:d1:32:a3:67:f5:8d:8a:a0:d5:81:c6:38:75:6f:
                    04:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:00:8D:35:2B:96:CD:24:B0:61:0C:20:FC:22:FD:A7:30:02:14:C3
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/3wCNNSuWzSSwYQwg_CL9pzACFMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.187.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:90:4d:5f:1d:c7:a6:1e:ca:f1:f4:13:e5:45:a9:c8:06:fc:
         a0:59:0a:cc:f9:88:70:00:3b:84:6e:98:d4:0a:ac:79:07:53:
         4d:b5:62:04:83:91:26:84:2c:17:25:96:8e:8d:91:1f:91:d6:
         58:0d:49:7a:8a:8e:14:62:aa:56:a5:d6:41:8c:ee:5e:0b:14:
         cd:4f:7f:bf:25:10:21:40:3b:98:cc:ae:40:18:e0:17:c5:dc:
         70:ba:d3:7c:17:c5:4a:8a:f8:70:09:6f:1d:95:2d:3a:7c:8a:
         71:84:2e:29:75:54:7c:27:99:3a:5a:8e:9a:82:a8:02:c0:41:
         71:cc:89:f4:1f:ae:d4:eb:6b:a4:d8:fb:c4:97:fa:f5:8a:7f:
         00:ab:2f:84:c1:fa:1b:54:fa:19:5e:71:d2:f4:fa:92:a9:d6:
         b1:d0:78:38:81:ce:85:78:d2:4c:e6:42:36:c7:78:e7:29:fd:
         03:a2:d7:b3:6b:58:61:c3:9b:46:bc:f6:55:53:a5:4b:c9:9f:
         c4:9d:68:f8:2d:15:ce:4b:1e:98:c3:75:5c:bf:8f:51:40:d2:
         d2:19:22:9e:5e:65:4a:34:a8:46:76:72:1e:91:e6:bb:64:df:
         32:9b:21:c8:40:95:ba:1e:be:26:dd:ec:40:4d:af:6b:ca:88:
         9c:f7:10:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Sp1vpmPsnCxetshx3wPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjYwMTAxMTQxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAwOGQzNTJiOTZjZDI0YjA2MTBjMjBmYzIyZmRhNzMwMDIxNGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxeP79SDT/qfnQMlopJSpkkNmoX+
+71CpAio+aDBPMSHeQKN1qfX1IzOXJCxKWAFhYH7ZAIRNFAzQ6aCfLewJ0Uzj64u
muAue32Ol1uOlNXMeHYsUc1z2L7SaQEejYWdGyH03OPNvqOlZ0pStHCtDLCDr6nP
CoVv1a1Ry7nQWxt7ihSOnfA7/4VHqYJQVxzeHGzrIHLYwe/4vHOYIVy9OREGZ4ew
J32RTtbEPrdxuZpyA3jcTA3ZkYkvUdBzLD02rHVjp4r9u6lp3bf5XjMt5NvmeD0h
65SXYmRab0o4oacX9C3aYIydwiVTFEiLwD0v0TKjZ/WNiqDVgcY4dW8ErwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8AjTUrls0ksGEMIPwi/acwAhTDMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvM3dDTk5TdVd6U1N3WVF3Z19DTDlwekFDRk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7tsMA0G
CSqGSIb3DQEBCwUAA4IBAQB2kE1fHcemHsrx9BPlRanIBvygWQrM+YhwADuEbpjU
Cqx5B1NNtWIEg5EmhCwXJZaOjZEfkdZYDUl6io4UYqpWpdZBjO5eCxTNT3+/JRAh
QDuYzK5AGOAXxdxwutN8F8VKivhwCW8dlS06fIpxhC4pdVR8J5k6Wo6agqgCwEFx
zIn0H67U62uk2PvEl/r1in8Aqy+EwfobVPoZXnHS9PqSqdax0Hg4gc6FeNJM5kI2
x3jnKf0Doteza1hhw5tGvPZVU6VLyZ/EnWj4LRXOSx6Yw3Vcv49RQNLSGSKeXmVK
NKhGdnIekea7ZN8ymyHIQJW6Hr4m3exATa9ryoic9xAg
-----END CERTIFICATE-----