This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/d885bb-a3dc-4390-bf24-103b17d3eb45/1/DR-3C6YEtKMcL_5es4EXU7AZkNI.roa
File:                     DR-3C6YEtKMcL_5es4EXU7AZkNI.roa (raw, json)
Hash identifier:          OUT6KMW2KBguWe74r4/N3KwEXWVjz7ZfPOq1uxqbzVY=
Subject key identifier:   0D:1F:B7:0B:A6:04:B4:A3:1C:2F:FE:5E:B3:81:17:53:B0:19:90:D2
Certificate issuer:       /CN=4d3687742becf3d08082ed12e9f3470b82da7cff
Certificate serial:       019B7F15B1BA5E6DDA3826607AB4E8DA13B8
Authority key identifier: 4D:36:87:74:2B:EC:F3:D0:80:82:ED:12:E9:F3:47:0B:82:DA:7C:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TTaHdCvs89CAgu0S6fNHC4LafP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/d885bb-a3dc-4390-bf24-103b17d3eb45/1/DR-3C6YEtKMcL_5es4EXU7AZkNI.roa
Signing time:             Fri 02 Jan 2026 14:21:26 +0000
ROA not before:           Fri 02 Jan 2026 14:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8930
IP address blocks:        193.47.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/d885bb-a3dc-4390-bf24-103b17d3eb45/1/TTaHdCvs89CAgu0S6fNHC4LafP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/d885bb-a3dc-4390-bf24-103b17d3eb45/1/TTaHdCvs89CAgu0S6fNHC4LafP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TTaHdCvs89CAgu0S6fNHC4LafP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:b1:ba:5e:6d:da:38:26:60:7a:b4:e8:da:13:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d3687742becf3d08082ed12e9f3470b82da7cff
        Validity
            Not Before: Jan  2 14:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d1fb70ba604b4a31c2ffe5eb3811753b01990d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b6:e3:f2:4e:09:7e:69:79:62:a9:23:b3:22:
                    de:66:e9:38:b4:9a:3b:62:67:a1:43:ca:33:52:dd:
                    09:5b:9e:00:63:f8:85:d9:75:7a:1e:47:0e:f7:f9:
                    7b:a6:9c:58:d9:69:ff:c3:86:4c:be:2f:31:86:6a:
                    55:78:4b:c2:67:ef:3d:34:99:e1:2f:67:96:42:95:
                    32:19:b7:f4:6e:62:d1:3c:82:e5:71:5f:41:98:f4:
                    68:8d:20:12:24:1d:a1:53:a9:e3:84:a8:d0:6f:6f:
                    02:5f:ee:d4:52:07:6c:92:7d:e2:d1:16:e2:8b:a7:
                    27:36:4f:70:49:8e:e7:20:1c:a9:46:b1:a4:09:71:
                    3e:06:26:ca:e0:2e:ac:da:32:e3:b4:94:0d:67:9d:
                    8f:4f:f3:8b:bc:b7:07:c8:13:f4:29:78:aa:28:07:
                    b6:58:8c:e2:83:cc:69:66:42:6f:2a:f9:85:7b:a7:
                    86:2e:18:be:81:1f:be:e4:47:cf:2c:6c:b1:07:6e:
                    16:09:bd:8a:8c:4d:95:48:d6:9c:52:06:9b:b3:90:
                    52:d6:6e:f0:6f:b5:d9:fa:b1:f8:ee:23:c0:2d:05:
                    70:4b:1d:71:41:0f:94:47:d6:ed:1d:bb:7c:c1:2a:
                    0e:f6:b8:da:35:84:ec:b2:60:95:e6:68:d6:9e:8a:
                    96:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1F:B7:0B:A6:04:B4:A3:1C:2F:FE:5E:B3:81:17:53:B0:19:90:D2
            X509v3 Authority Key Identifier:
                keyid:4D:36:87:74:2B:EC:F3:D0:80:82:ED:12:E9:F3:47:0B:82:DA:7C:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TTaHdCvs89CAgu0S6fNHC4LafP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d885bb-a3dc-4390-bf24-103b17d3eb45/1/DR-3C6YEtKMcL_5es4EXU7AZkNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d885bb-a3dc-4390-bf24-103b17d3eb45/1/TTaHdCvs89CAgu0S6fNHC4LafP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:3b:07:40:eb:ca:ec:6f:e0:51:de:0c:49:a4:3a:6a:0d:be:
         7f:7f:d1:ae:a3:77:38:42:83:64:3b:98:89:87:0f:ee:9a:c9:
         de:b8:af:34:e0:b6:34:18:8b:1a:fe:97:ed:1d:e6:5a:da:04:
         69:7c:e1:4d:ce:7b:96:a7:ae:15:d3:ef:41:c5:f2:63:4b:ba:
         40:8c:69:8c:3e:db:a0:1a:3f:ba:e4:73:71:b1:e5:8b:e0:bd:
         39:04:cb:a0:9b:f7:da:d5:f4:61:73:30:a1:02:71:49:66:53:
         0f:75:cc:aa:56:61:12:3b:b4:7f:a4:00:ad:e1:bc:27:0b:92:
         70:7d:6b:40:d5:24:96:6c:02:48:af:ab:fe:22:a3:15:54:b9:
         38:63:6c:dd:b8:e7:bf:98:fe:56:31:96:7b:44:16:3c:42:fa:
         7f:84:c6:33:e0:d0:5e:63:c4:3d:d9:12:1c:84:de:2f:80:de:
         e9:f4:80:01:ad:24:44:6c:7a:3c:5f:3e:91:2e:c6:bd:8f:04:
         a5:51:da:c5:21:71:0b:26:f7:d6:0a:9d:db:4f:37:31:27:1c:
         7e:32:f4:2d:b2:63:2d:12:3e:c2:8a:aa:ba:ce:da:a6:cf:99:
         f0:f3:74:56:89:17:30:73:3a:77:ac:9a:8f:dc:5a:5f:68:0a:
         bc:1c:4b:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FbG6Xm3aOCZgerTo2hO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMzY4Nzc0MmJlY2YzZDA4MDgyZWQxMmU5ZjM0NzBiODJk
YTdjZmYwHhcNMjYwMTAyMTQyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFmYjcwYmE2MDRiNGEzMWMyZmZlNWViMzgxMTc1M2IwMTk5MGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7bj8k4Jfml5YqkjsyLeZuk4tJo7
YmehQ8ozUt0JW54AY/iF2XV6HkcO9/l7ppxY2Wn/w4ZMvi8xhmpVeEvCZ+89NJnh
L2eWQpUyGbf0bmLRPILlcV9BmPRojSASJB2hU6njhKjQb28CX+7UUgdskn3i0Rbi
i6cnNk9wSY7nIBypRrGkCXE+BibK4C6s2jLjtJQNZ52PT/OLvLcHyBP0KXiqKAe2
WIzig8xpZkJvKvmFe6eGLhi+gR++5EfPLGyxB24WCb2KjE2VSNacUgabs5BS1m7w
b7XZ+rH47iPALQVwSx1xQQ+UR9btHbt8wSoO9rjaNYTssmCV5mjWnoqWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0ftwumBLSjHC/+XrOBF1OwGZDSMB8GA1UdIwQY
MBaAFE02h3Qr7PPQgILtEunzRwuC2nz/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFRhSGRDdnM4OUNBZ3UwUzZmTkhDNExhZlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kODg1YmItYTNkYy00MzkwLWJmMjQt
MTAzYjE3ZDNlYjQ1LzEvRFItM0M2WUV0S01jTF81ZXM0RVhVN0Faa05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kODg1YmItYTNkYy00MzkwLWJmMjQtMTAzYjE3ZDNlYjQ1
LzEvVFRhSGRDdnM4OUNBZ3UwUzZmTkhDNExhZlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS9lMA0G
CSqGSIb3DQEBCwUAA4IBAQBqOwdA68rsb+BR3gxJpDpqDb5/f9Guo3c4QoNkO5iJ
hw/umsneuK804LY0GIsa/pftHeZa2gRpfOFNznuWp64V0+9BxfJjS7pAjGmMPtug
Gj+65HNxseWL4L05BMugm/fa1fRhczChAnFJZlMPdcyqVmESO7R/pACt4bwnC5Jw
fWtA1SSWbAJIr6v+IqMVVLk4Y2zduOe/mP5WMZZ7RBY8Qvp/hMYz4NBeY8Q92RIc
hN4vgN7p9IABrSREbHo8Xz6RLsa9jwSlUdrFIXELJvfWCp3bTzcxJxx+MvQtsmMt
Ej7Ciqq6ztqmz5nw83RWiRcwczp3rJqP3FpfaAq8HEuV
-----END CERTIFICATE-----