This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/b3BYq2GWfMwJHoWmAuIkoqzVBVA.roa
File:                     b3BYq2GWfMwJHoWmAuIkoqzVBVA.roa (raw, json)
Hash identifier:          XNgIXKY6d3KMvTnZqnzkIrqeWkBBwAFD3F11zTkNoG4=
Subject key identifier:   6F:70:58:AB:61:96:7C:CC:09:1E:85:A6:02:E2:24:A2:AC:D5:05:50
Certificate issuer:       /CN=0f21521a7127157f7daf0ad091394ad5a1cce779
Certificate serial:       019B7C12529A1173D9D80AC0C7405B7F53B3
Authority key identifier: 0F:21:52:1A:71:27:15:7F:7D:AF:0A:D0:91:39:4A:D5:A1:CC:E7:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/b3BYq2GWfMwJHoWmAuIkoqzVBVA.roa
Signing time:             Fri 02 Jan 2026 00:18:54 +0000
ROA not before:           Fri 02 Jan 2026 00:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9033
IP address blocks:        194.59.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:52:9a:11:73:d9:d8:0a:c0:c7:40:5b:7f:53:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f21521a7127157f7daf0ad091394ad5a1cce779
        Validity
            Not Before: Jan  2 00:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f7058ab61967ccc091e85a602e224a2acd50550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:28:b8:59:b7:aa:d3:35:d3:7f:68:da:fa:fc:
                    aa:79:33:b6:f3:cf:ae:83:dc:0e:39:e2:09:e6:5d:
                    2d:0c:28:e6:c3:50:7b:3d:78:c6:1f:e0:fd:2e:f0:
                    9e:e3:55:8c:61:82:44:0d:6c:9e:19:06:4b:b5:e7:
                    41:e8:3a:c3:ab:4f:5a:7d:65:05:84:8c:7b:2f:b4:
                    d4:15:30:77:ac:76:8d:53:fc:73:d5:dd:5d:a4:88:
                    09:86:93:0e:a5:b3:6c:a0:0b:23:03:a5:19:6c:82:
                    b2:45:ac:48:80:b1:e4:3a:9a:fd:08:06:0b:49:b3:
                    b4:cf:bd:16:15:6c:be:62:bc:6f:71:0c:6d:17:77:
                    dd:67:61:14:91:b6:22:f3:92:fd:0e:79:48:28:b7:
                    fe:2b:96:72:84:9f:f1:c1:6c:08:73:ff:41:6f:c0:
                    4d:49:3c:76:07:66:eb:d1:1a:6c:8d:f9:1b:90:76:
                    8e:61:39:f3:94:12:20:1d:e3:ca:2f:1a:35:f9:c4:
                    81:98:47:91:6e:24:6d:85:0a:64:70:3b:c9:05:0d:
                    88:e0:37:2c:49:97:05:9c:d1:65:17:25:f7:59:cb:
                    e8:ea:08:4f:85:a6:f4:0a:85:e4:93:8f:ff:87:ae:
                    87:3e:ac:c8:a2:a8:57:a9:ff:7c:44:b4:8c:27:f3:
                    37:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:70:58:AB:61:96:7C:CC:09:1E:85:A6:02:E2:24:A2:AC:D5:05:50
            X509v3 Authority Key Identifier:
                keyid:0F:21:52:1A:71:27:15:7F:7D:AF:0A:D0:91:39:4A:D5:A1:CC:E7:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/b3BYq2GWfMwJHoWmAuIkoqzVBVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d8:29:d8:3c:56:21:27:71:a4:85:b8:eb:5d:73:9c:82:eb:
         78:4e:a8:d5:45:6f:81:f7:74:ac:b8:c9:d7:95:22:ff:1a:87:
         26:55:4a:1c:34:a6:8e:64:ce:c5:5e:2c:18:ce:2f:e6:4f:9b:
         d2:8e:6f:e8:29:57:97:7b:29:7f:51:84:bf:1f:f4:e4:be:60:
         99:85:26:bb:00:bf:af:7b:83:ff:90:a4:b1:36:b8:5f:d7:1b:
         c5:83:b4:1c:16:1a:1b:82:cc:3b:45:e2:85:22:ab:22:77:f0:
         b3:c1:09:7f:51:4d:17:34:2a:98:89:70:b9:a3:0c:0c:41:fe:
         bb:50:dd:af:c2:bd:8e:7b:d6:19:2a:27:d7:e3:10:5d:07:dd:
         ec:24:91:72:fc:c5:ab:8a:4d:73:1b:6a:68:92:aa:ae:14:72:
         2b:1a:cd:34:ea:ad:a7:e3:72:8e:b0:09:4a:e8:e6:1c:90:16:
         40:ee:2d:ba:59:0d:1b:ce:8b:4e:f4:e4:0c:e6:82:10:31:df:
         b1:dc:2c:21:ec:56:50:33:51:c2:b8:ed:e4:ef:31:57:81:a3:
         a7:20:92:13:c8:12:df:82:de:13:37:99:32:b1:ff:cd:7c:ac:
         07:f5:cb:36:d3:d3:a5:ec:0e:07:6c:ac:0c:0d:28:34:62:81:
         ad:72:ad:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ElKaEXPZ2ArAx0Bbf1OzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjE1MjFhNzEyNzE1N2Y3ZGFmMGFkMDkxMzk0YWQ1YTFj
Y2U3NzkwHhcNMjYwMTAyMDAxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjcwNThhYjYxOTY3Y2NjMDkxZTg1YTYwMmUyMjRhMmFjZDUwNTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyi4Wbeq0zXTf2ja+vyqeTO288+u
g9wOOeIJ5l0tDCjmw1B7PXjGH+D9LvCe41WMYYJEDWyeGQZLtedB6DrDq09afWUF
hIx7L7TUFTB3rHaNU/xz1d1dpIgJhpMOpbNsoAsjA6UZbIKyRaxIgLHkOpr9CAYL
SbO0z70WFWy+YrxvcQxtF3fdZ2EUkbYi85L9DnlIKLf+K5ZyhJ/xwWwIc/9Bb8BN
STx2B2br0RpsjfkbkHaOYTnzlBIgHePKLxo1+cSBmEeRbiRthQpkcDvJBQ2I4Dcs
SZcFnNFlFyX3Wcvo6ghPhab0CoXkk4//h66HPqzIoqhXqf98RLSMJ/M3uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9wWKthlnzMCR6FpgLiJKKs1QVQMB8GA1UdIwQY
MBaAFA8hUhpxJxV/fa8K0JE5StWhzOd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlGU0duRW5GWDk5cndyUWtUbEsxYUhNNTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lODMxYjEtOWVjMC00NmYyLTg2MGQt
ZmFkNWZkNzk3MGJhLzEvYjNCWXEyR1dmTXdKSG9XbUF1SWtvcXpWQlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lODMxYjEtOWVjMC00NmYyLTg2MGQtZmFkNWZkNzk3MGJh
LzEvRHlGU0duRW5GWDk5cndyUWtUbEsxYUhNNTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwju/MA0G
CSqGSIb3DQEBCwUAA4IBAQA82CnYPFYhJ3GkhbjrXXOcgut4TqjVRW+B93SsuMnX
lSL/GocmVUocNKaOZM7FXiwYzi/mT5vSjm/oKVeXeyl/UYS/H/TkvmCZhSa7AL+v
e4P/kKSxNrhf1xvFg7QcFhobgsw7ReKFIqsid/CzwQl/UU0XNCqYiXC5owwMQf67
UN2vwr2Oe9YZKifX4xBdB93sJJFy/MWrik1zG2pokqquFHIrGs006q2n43KOsAlK
6OYckBZA7i26WQ0bzotO9OQM5oIQMd+x3Cwh7FZQM1HCuO3k7zFXgaOnIJITyBLf
gt4TN5kysf/NfKwH9cs209Ol7A4HbKwMDSg0YoGtcq2U
-----END CERTIFICATE-----