This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/2lfZ96EfoSxZidpJ-kV9Z-G436U.roa
File:                     2lfZ96EfoSxZidpJ-kV9Z-G436U.roa (raw, json)
Hash identifier:          F82HgUa3PdEQeyTXy6bMjHBnuElJ4e46eI58r2GDkK8=
Subject key identifier:   DA:57:D9:F7:A1:1F:A1:2C:59:89:DA:49:FA:45:7D:67:E1:B8:DF:A5
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019AB571AC4BB1940D2ED83270FF990EAC98
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/2lfZ96EfoSxZidpJ-kV9Z-G436U.roa
Signing time:             Mon 24 Nov 2025 10:38:36 +0000
ROA not before:           Mon 24 Nov 2025 10:38:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15596
IP address blocks:        62.3.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b5:71:ac:4b:b1:94:0d:2e:d8:32:70:ff:99:0e:ac:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Nov 24 10:38:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da57d9f7a11fa12c5989da49fa457d67e1b8dfa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:22:c4:db:39:4c:97:22:f3:9b:9e:db:e2:00:
                    42:43:47:fd:0f:55:fb:86:22:23:c8:79:bf:f0:41:
                    50:87:f3:d5:31:47:1a:3a:e0:37:31:0b:f0:e3:af:
                    96:7d:0b:3b:75:5b:6e:c0:7e:c4:9f:ae:a6:48:58:
                    22:2a:f4:90:13:fa:18:36:52:8d:ef:1b:e3:75:31:
                    96:8a:49:a3:bc:2c:e0:01:c1:6f:64:7c:fe:7e:41:
                    7e:c0:8f:83:d6:7e:0e:38:0e:95:68:c9:fd:50:12:
                    02:71:e0:26:46:8b:89:69:20:e9:80:51:7d:36:cc:
                    d1:9c:cc:6a:30:7f:35:74:f3:68:74:60:8a:6f:b6:
                    87:9c:25:dc:bd:66:84:83:c8:69:c3:61:40:f5:b3:
                    1e:58:68:4e:70:5e:a3:78:08:ff:d1:ef:36:a0:82:
                    a3:14:b9:17:b9:33:81:92:05:95:92:1c:26:ad:ae:
                    bc:cd:7b:f1:44:2c:f3:9b:cc:5a:2d:1b:e4:1b:90:
                    b1:5f:98:af:36:1e:ac:69:c8:cb:2f:38:8b:e2:5a:
                    f1:d9:9f:e1:bd:2b:bd:50:93:93:b3:52:d7:a2:3c:
                    54:8d:99:ad:0a:a0:19:00:2d:51:5e:4c:40:b9:d8:
                    78:79:45:94:2f:09:34:af:bc:1f:6c:c0:5c:7a:03:
                    1c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:57:D9:F7:A1:1F:A1:2C:59:89:DA:49:FA:45:7D:67:E1:B8:DF:A5
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/2lfZ96EfoSxZidpJ-kV9Z-G436U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:18:c8:5e:85:72:61:64:0a:55:b8:09:c5:14:36:1f:73:54:
         07:12:45:93:fa:dc:03:be:da:ed:72:b7:28:66:ef:9d:e3:ed:
         09:bd:51:68:fa:1d:c0:a1:b2:c3:56:cc:07:b7:a8:08:26:2f:
         bb:76:8b:8a:fb:d4:5f:b0:d4:d0:47:ea:c9:ab:f9:62:95:35:
         ec:02:9d:28:2a:70:3a:a3:54:ae:bd:bf:17:d3:e2:f4:81:54:
         2e:36:66:f1:b9:a2:60:ec:ef:cb:e1:99:74:39:7b:83:8b:35:
         ab:6e:2c:a6:4b:dc:81:3e:9b:8c:cb:6b:4f:81:11:80:f5:72:
         c9:a8:d8:8d:67:6d:81:ed:af:db:0d:46:dc:0e:f6:7c:6e:0e:
         85:b9:f1:72:a1:30:b4:62:db:3c:de:54:70:8c:e0:d4:3a:78:
         d6:89:2f:86:8a:dd:b0:83:6c:54:21:de:af:68:dc:40:7e:cf:
         dc:75:ee:5b:06:87:8b:dc:fd:88:83:8c:90:c3:14:60:78:62:
         c7:2b:b6:84:8f:75:1c:d6:ef:a7:5a:1e:45:dc:e6:d5:de:e0:
         38:95:b5:59:b4:d2:e6:3e:8e:6b:25:0a:f3:69:30:27:12:46:
         af:7c:15:d9:b0:7c:e3:98:b6:0d:f7:a7:8b:3d:df:38:f0:3f:
         87:87:a2:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq1caxLsZQNLtgycP+ZDqyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUxMTI0MTAzODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTU3ZDlmN2ExMWZhMTJjNTk4OWRhNDlmYTQ1N2Q2N2UxYjhkZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SLE2zlMlyLzm57b4gBCQ0f9D1X7
hiIjyHm/8EFQh/PVMUcaOuA3MQvw46+WfQs7dVtuwH7En66mSFgiKvSQE/oYNlKN
7xvjdTGWikmjvCzgAcFvZHz+fkF+wI+D1n4OOA6VaMn9UBICceAmRouJaSDpgFF9
NszRnMxqMH81dPNodGCKb7aHnCXcvWaEg8hpw2FA9bMeWGhOcF6jeAj/0e82oIKj
FLkXuTOBkgWVkhwmra68zXvxRCzzm8xaLRvkG5CxX5ivNh6sacjLLziL4lrx2Z/h
vSu9UJOTs1LXojxUjZmtCqAZAC1RXkxAudh4eUWULwk0r7wfbMBcegMcLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpX2fehH6EsWYnaSfpFfWfhuN+lMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvMmxmWjk2RWZvU3haaWRwSi1rVjlaLUc0MzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMaMA0G
CSqGSIb3DQEBCwUAA4IBAQAHGMhehXJhZApVuAnFFDYfc1QHEkWT+twDvtrtcrco
Zu+d4+0JvVFo+h3AobLDVswHt6gIJi+7douK+9RfsNTQR+rJq/lilTXsAp0oKnA6
o1Suvb8X0+L0gVQuNmbxuaJg7O/L4Zl0OXuDizWrbiymS9yBPpuMy2tPgRGA9XLJ
qNiNZ22B7a/bDUbcDvZ8bg6FufFyoTC0Yts83lRwjODUOnjWiS+Git2wg2xUId6v
aNxAfs/cde5bBoeL3P2Ig4yQwxRgeGLHK7aEj3Uc1u+nWh5F3ObV3uA4lbVZtNLm
Po5rJQrzaTAnEkavfBXZsHzjmLYN96eLPd848D+Hh6Lw
-----END CERTIFICATE-----