This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/3HmTEpC4VIL74bvtHgwwr4J0_bA.roa
File:                     3HmTEpC4VIL74bvtHgwwr4J0_bA.roa (raw, json)
Hash identifier:          0DTR/kx+aEJlJfsijVCjICf0fvERpyfE2z6J9TqKYQs=
Subject key identifier:   DC:79:93:12:90:B8:54:82:FB:E1:BB:ED:1E:0C:30:AF:82:74:FD:B0
Certificate issuer:       /CN=195a12a0e73482d993260598a25c8f5a5c49d201
Certificate serial:       019B7EA515FFCD5FB2FC5494DC713AF7DEAA
Authority key identifier: 19:5A:12:A0:E7:34:82:D9:93:26:05:98:A2:5C:8F:5A:5C:49:D2:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GVoSoOc0gtmTJgWYolyPWlxJ0gE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/3HmTEpC4VIL74bvtHgwwr4J0_bA.roa
Signing time:             Fri 02 Jan 2026 12:18:26 +0000
ROA not before:           Fri 02 Jan 2026 12:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41107
IP address blocks:        2a03:bc40::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/GVoSoOc0gtmTJgWYolyPWlxJ0gE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/GVoSoOc0gtmTJgWYolyPWlxJ0gE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GVoSoOc0gtmTJgWYolyPWlxJ0gE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:15:ff:cd:5f:b2:fc:54:94:dc:71:3a:f7:de:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=195a12a0e73482d993260598a25c8f5a5c49d201
        Validity
            Not Before: Jan  2 12:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc79931290b85482fbe1bbed1e0c30af8274fdb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:14:42:75:cf:ab:29:35:23:1c:88:cf:66:d5:
                    23:0f:26:d8:2f:5c:aa:ff:78:e1:8c:c3:27:48:58:
                    6f:d8:fb:1b:6a:21:fd:de:a1:99:d7:53:87:23:99:
                    b5:7e:13:62:81:c3:7e:da:34:12:8f:a5:e2:9e:1a:
                    1c:7c:68:32:45:cb:a0:21:4f:ac:6f:96:73:c2:c9:
                    b6:ae:9d:0f:67:3f:c9:b1:dd:83:b6:f0:ef:25:d9:
                    d8:34:f5:ad:25:bd:85:ef:84:96:55:a1:5a:f5:27:
                    8c:45:51:20:49:ec:bf:4a:10:43:56:47:99:bd:76:
                    aa:1c:2b:df:96:0f:4f:84:5b:dc:20:e9:75:b7:85:
                    6b:7b:49:fc:ce:e1:f2:a8:9f:94:47:98:7e:e2:d4:
                    43:da:42:03:08:2c:8d:ee:7e:d9:de:06:a4:97:19:
                    02:41:89:93:17:c3:ec:23:5e:11:6d:51:91:3b:41:
                    b1:db:73:6a:c4:94:bd:f9:8a:26:cf:ef:d4:3d:19:
                    d4:f5:04:8f:b1:d1:d3:1e:9b:50:d0:d7:62:a7:e9:
                    36:7b:57:a8:44:98:b4:80:d1:cf:f5:0e:45:e9:53:
                    23:76:17:c8:00:03:29:84:7c:fc:70:05:9a:dc:40:
                    db:98:81:ad:07:04:9b:05:ae:71:a4:56:cb:9c:83:
                    47:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:79:93:12:90:B8:54:82:FB:E1:BB:ED:1E:0C:30:AF:82:74:FD:B0
            X509v3 Authority Key Identifier:
                keyid:19:5A:12:A0:E7:34:82:D9:93:26:05:98:A2:5C:8F:5A:5C:49:D2:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GVoSoOc0gtmTJgWYolyPWlxJ0gE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/3HmTEpC4VIL74bvtHgwwr4J0_bA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/GVoSoOc0gtmTJgWYolyPWlxJ0gE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:bc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:9a:d6:d5:40:ed:ab:8e:c7:07:a8:7e:77:0f:31:97:f7:03:
         82:be:4c:8a:7b:74:44:00:4f:20:ef:1b:a6:d7:ac:8d:27:a9:
         88:2b:22:0a:e5:cf:e3:b8:27:75:f3:be:00:5f:e6:ae:e0:9f:
         61:86:c9:2d:dc:6a:01:72:37:be:ac:86:3f:72:1d:9b:13:78:
         95:8b:fe:a5:37:72:0a:a9:d7:91:37:df:d4:c0:cf:8b:71:f6:
         8d:83:66:1a:d4:c6:ae:51:0f:ce:c3:7d:91:c6:5b:23:d9:68:
         ef:3b:52:97:1e:7d:7c:25:c0:dc:38:93:93:57:0a:a3:fe:1d:
         a7:84:56:06:08:0f:04:17:87:10:8a:04:ff:4d:4d:aa:b4:87:
         79:65:a1:31:e7:da:a0:6b:62:ec:30:af:99:2a:cd:3b:f5:38:
         7e:74:e1:6b:66:0a:c2:9c:42:fc:f9:84:66:e8:bd:10:22:45:
         ee:39:64:d2:18:39:e9:9c:03:bf:22:67:a3:37:b8:c7:f3:f6:
         bd:1e:69:05:bd:64:8d:b1:13:30:a7:2d:87:44:00:96:f7:9a:
         ac:2b:a9:3e:11:bc:93:4e:ef:4e:17:1f:1d:7f:6c:77:49:e4:
         2a:7d:d2:e8:d2:9d:b6:be:e1:c0:4d:25:e2:7c:af:a1:b8:78:
         5e:82:78:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pRX/zV+y/FSU3HE6996qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NWExMmEwZTczNDgyZDk5MzI2MDU5OGEyNWM4ZjVhNWM0
OWQyMDEwHhcNMjYwMTAyMTIxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc5OTMxMjkwYjg1NDgyZmJlMWJiZWQxZTBjMzBhZjgyNzRmZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hRCdc+rKTUjHIjPZtUjDybYL1yq
/3jhjMMnSFhv2PsbaiH93qGZ11OHI5m1fhNigcN+2jQSj6XinhocfGgyRcugIU+s
b5Zzwsm2rp0PZz/Jsd2DtvDvJdnYNPWtJb2F74SWVaFa9SeMRVEgSey/ShBDVkeZ
vXaqHCvflg9PhFvcIOl1t4Vre0n8zuHyqJ+UR5h+4tRD2kIDCCyN7n7Z3gaklxkC
QYmTF8PsI14RbVGRO0Gx23NqxJS9+Yomz+/UPRnU9QSPsdHTHptQ0Ndip+k2e1eo
RJi0gNHP9Q5F6VMjdhfIAAMphHz8cAWa3EDbmIGtBwSbBa5xpFbLnINHZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNx5kxKQuFSC++G77R4MMK+CdP2wMB8GA1UdIwQY
MBaAFBlaEqDnNILZkyYFmKJcj1pcSdIBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1ZvU29PYzBndG1USmdXWW9seVBXbHhKMGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8wYzE0ZjQtOWE0Ny00YTVhLWEzN2Qt
ZjM1NTVkZGYyODBhLzEvM0htVEVwQzRWSUw3NGJ2dEhnd3dyNEowX2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8wYzE0ZjQtOWE0Ny00YTVhLWEzN2QtZjM1NTVkZGYyODBh
LzEvR1ZvU29PYzBndG1USmdXWW9seVBXbHhKMGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgO8QDAN
BgkqhkiG9w0BAQsFAAOCAQEAJ5rW1UDtq47HB6h+dw8xl/cDgr5Mint0RABPIO8b
ptesjSepiCsiCuXP47gndfO+AF/mruCfYYbJLdxqAXI3vqyGP3IdmxN4lYv+pTdy
CqnXkTff1MDPi3H2jYNmGtTGrlEPzsN9kcZbI9lo7ztSlx59fCXA3DiTk1cKo/4d
p4RWBggPBBeHEIoE/01NqrSHeWWhMefaoGti7DCvmSrNO/U4fnTha2YKwpxC/PmE
Zui9ECJF7jlk0hg56ZwDvyJnoze4x/P2vR5pBb1kjbETMKcth0QAlvearCupPhG8
k07vThcfHX9sd0nkKn3S6NKdtr7hwE0l4nyvobh4XoJ4rQ==
-----END CERTIFICATE-----