This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/cf4aa6-28ca-4e71-8aaa-3cc592898789/1/Ay8bkrrQ4W8en6WQA0oZqxfliDY.roa
File:                     Ay8bkrrQ4W8en6WQA0oZqxfliDY.roa (raw, json)
Hash identifier:          eQ24k3su4taaH0Z4GfAAZBwUKUzpQjLgnBxCtBNBzyI=
Subject key identifier:   03:2F:1B:92:BA:D0:E1:6F:1E:9F:A5:90:03:4A:19:AB:17:E5:88:36
Certificate issuer:       /CN=3a7cb592d7e4ec71b67855d1dfc55d9d06705471
Certificate serial:       019B7E377F1605CA695C4181169DA118FA36
Authority key identifier: 3A:7C:B5:92:D7:E4:EC:71:B6:78:55:D1:DF:C5:5D:9D:06:70:54:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ony1ktfk7HG2eFXR38VdnQZwVHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/cf4aa6-28ca-4e71-8aaa-3cc592898789/1/Ay8bkrrQ4W8en6WQA0oZqxfliDY.roa
Signing time:             Fri 02 Jan 2026 10:18:44 +0000
ROA not before:           Fri 02 Jan 2026 10:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        193.247.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/cf4aa6-28ca-4e71-8aaa-3cc592898789/1/Ony1ktfk7HG2eFXR38VdnQZwVHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/cf4aa6-28ca-4e71-8aaa-3cc592898789/1/Ony1ktfk7HG2eFXR38VdnQZwVHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ony1ktfk7HG2eFXR38VdnQZwVHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:7f:16:05:ca:69:5c:41:81:16:9d:a1:18:fa:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a7cb592d7e4ec71b67855d1dfc55d9d06705471
        Validity
            Not Before: Jan  2 10:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=032f1b92bad0e16f1e9fa590034a19ab17e58836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:54:ec:f8:92:9c:b6:a7:7c:bc:b2:5c:d4:bc:
                    f4:63:95:47:0f:8f:ca:49:52:75:0c:3c:6e:15:df:
                    76:57:7f:1a:02:a0:e8:19:b7:0d:95:e9:9e:95:35:
                    0f:82:ba:a4:0c:fb:c6:4d:6c:3b:02:84:cf:c0:78:
                    ea:88:ba:ce:e5:0f:ff:20:86:0d:ad:02:35:49:95:
                    51:24:db:69:fa:bc:9b:35:a6:40:6c:d7:dc:55:6f:
                    9c:70:de:73:ba:50:fe:87:3a:f8:07:be:ac:19:f7:
                    57:59:c4:91:06:60:bf:18:c6:53:a4:78:d1:1e:a5:
                    24:38:b1:dc:55:96:40:0c:b9:27:e3:e0:26:c6:e2:
                    9b:be:4c:fa:b5:52:7c:0f:f9:f4:f1:77:c6:01:76:
                    2f:2b:de:ba:23:36:d3:36:93:b6:57:0e:13:79:99:
                    9a:e5:06:c0:c4:e2:91:2d:7e:f1:1d:31:35:a3:2b:
                    72:d9:2d:9e:7b:76:41:8b:a6:fd:21:23:3a:5e:53:
                    52:2c:cb:65:7e:45:50:33:97:f0:e8:af:76:6d:df:
                    71:67:d5:c6:51:16:4e:7b:5a:ab:d5:ba:ef:a4:eb:
                    fb:f1:18:5e:de:41:2d:a0:3c:cd:af:b2:73:0a:9c:
                    df:42:f1:cb:a7:19:af:17:67:32:3d:d4:3e:c5:c5:
                    31:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:2F:1B:92:BA:D0:E1:6F:1E:9F:A5:90:03:4A:19:AB:17:E5:88:36
            X509v3 Authority Key Identifier:
                keyid:3A:7C:B5:92:D7:E4:EC:71:B6:78:55:D1:DF:C5:5D:9D:06:70:54:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ony1ktfk7HG2eFXR38VdnQZwVHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/cf4aa6-28ca-4e71-8aaa-3cc592898789/1/Ay8bkrrQ4W8en6WQA0oZqxfliDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/cf4aa6-28ca-4e71-8aaa-3cc592898789/1/Ony1ktfk7HG2eFXR38VdnQZwVHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:bf:62:d8:30:97:ed:d4:2b:cd:fa:90:09:b2:fa:61:20:0c:
         d6:2e:17:66:5a:b3:cb:7f:e2:c5:e6:8f:07:15:8b:23:c5:b8:
         a4:c8:07:09:40:9f:0f:21:90:f4:a7:ba:91:dc:a6:51:3f:6b:
         e4:61:7a:f4:3b:54:d7:e6:d7:2f:45:02:16:36:ce:b9:c0:08:
         f4:df:ab:dd:fe:be:d7:42:c8:0a:4d:e7:c5:cc:96:a0:cd:ed:
         ab:d5:ce:69:45:39:df:f9:c4:77:c3:76:20:a7:9c:97:eb:20:
         68:c0:cf:cb:f0:ee:34:00:08:bf:55:3d:a5:e4:9d:39:0a:3d:
         32:fc:17:3e:cb:ff:92:0b:41:fd:41:1b:59:ad:99:59:03:15:
         22:31:00:3d:28:40:cd:95:b7:8a:1a:e9:c2:f0:10:99:76:5f:
         ed:94:98:36:b7:cc:54:a5:18:77:13:bb:3f:5e:41:cc:c6:fa:
         6d:1d:e8:f4:a7:04:00:e0:74:6b:90:40:8c:42:54:2f:46:b9:
         7d:3c:d3:c3:c9:98:e3:82:38:53:e4:b8:42:6d:c5:07:73:33:
         5e:5b:95:ef:09:b7:d0:53:33:6e:a5:60:01:43:bb:5b:fe:3f:
         72:57:cd:ad:d7:22:ee:6f:da:c3:6c:02:3b:59:f3:5b:b4:a8:
         f6:9b:40:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N38WBcppXEGBFp2hGPo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhN2NiNTkyZDdlNGVjNzFiNjc4NTVkMWRmYzU1ZDlkMDY3
MDU0NzEwHhcNMjYwMTAyMTAxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzJmMWI5MmJhZDBlMTZmMWU5ZmE1OTAwMzRhMTlhYjE3ZTU4ODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFTs+JKctqd8vLJc1Lz0Y5VHD4/K
SVJ1DDxuFd92V38aAqDoGbcNlemelTUPgrqkDPvGTWw7AoTPwHjqiLrO5Q//IIYN
rQI1SZVRJNtp+rybNaZAbNfcVW+ccN5zulD+hzr4B76sGfdXWcSRBmC/GMZTpHjR
HqUkOLHcVZZADLkn4+AmxuKbvkz6tVJ8D/n08XfGAXYvK966IzbTNpO2Vw4TeZma
5QbAxOKRLX7xHTE1oyty2S2ee3ZBi6b9ISM6XlNSLMtlfkVQM5fw6K92bd9xZ9XG
URZOe1qr1brvpOv78Rhe3kEtoDzNr7JzCpzfQvHLpxmvF2cyPdQ+xcUx9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMvG5K60OFvHp+lkANKGasX5Yg2MB8GA1UdIwQY
MBaAFDp8tZLX5OxxtnhV0d/FXZ0GcFRxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT255MWt0Zms3SEcyZUZYUjM4VmRuUVp3VkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9jZjRhYTYtMjhjYS00ZTcxLThhYWEt
M2NjNTkyODk4Nzg5LzEvQXk4YmtyclE0VzhlbjZXUUEwb1pxeGZsaURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9jZjRhYTYtMjhjYS00ZTcxLThhYWEtM2NjNTkyODk4Nzg5
LzEvT255MWt0Zms3SEcyZUZYUjM4VmRuUVp3VkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwfeAMA0G
CSqGSIb3DQEBCwUAA4IBAQBdv2LYMJft1CvN+pAJsvphIAzWLhdmWrPLf+LF5o8H
FYsjxbikyAcJQJ8PIZD0p7qR3KZRP2vkYXr0O1TX5tcvRQIWNs65wAj036vd/r7X
QsgKTefFzJagze2r1c5pRTnf+cR3w3Ygp5yX6yBowM/L8O40AAi/VT2l5J05Cj0y
/Bc+y/+SC0H9QRtZrZlZAxUiMQA9KEDNlbeKGunC8BCZdl/tlJg2t8xUpRh3E7s/
XkHMxvptHej0pwQA4HRrkECMQlQvRrl9PNPDyZjjgjhT5LhCbcUHczNeW5XvCbfQ
UzNupWABQ7tb/j9yV82t1yLub9rDbAI7WfNbtKj2m0A/
-----END CERTIFICATE-----