This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/mz3LKflSaCjzbLbt50UYZRI14QU.roa
File:                     mz3LKflSaCjzbLbt50UYZRI14QU.roa (raw, json)
Hash identifier:          R+3MLAMskLr07qEIftdxyai6y/lFHGIWJS1jtU8VQFw=
Subject key identifier:   9B:3D:CB:29:F9:52:68:28:F3:6C:B6:ED:E7:45:18:65:12:35:E1:05
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019B7DCB3C976277905405797FE1095CFF01
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/mz3LKflSaCjzbLbt50UYZRI14QU.roa
Signing time:             Fri 02 Jan 2026 08:20:29 +0000
ROA not before:           Fri 02 Jan 2026 08:20:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34901
IP address blocks:        212.22.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 01:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:3c:97:62:77:90:54:05:79:7f:e1:09:5c:ff:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  2 08:20:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b3dcb29f9526828f36cb6ede74518651235e105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3d:94:61:a8:da:28:76:a8:28:84:b7:0b:14:
                    13:32:ab:ae:cf:fe:9d:89:09:f9:62:80:fc:d0:61:
                    e4:13:e9:47:70:e9:28:f4:e5:5c:4e:3f:68:b3:d3:
                    0b:92:6f:98:3c:df:3c:30:5f:98:c0:af:b0:1d:d3:
                    cc:9e:d4:d0:7a:29:f6:91:d5:56:60:57:16:47:e8:
                    30:ed:84:69:9d:6f:a0:e8:8c:d9:df:b0:fb:2b:a9:
                    ef:40:52:8d:c7:46:b0:0e:c1:74:37:62:d1:04:02:
                    9f:ef:79:d2:36:85:0f:a8:07:c4:f0:e8:44:a5:13:
                    d6:f6:fc:f7:f8:93:01:52:48:f5:ba:17:cf:40:4c:
                    a2:53:56:91:91:1b:78:4c:21:e2:8a:1a:77:5d:81:
                    ce:a0:9a:f7:8b:81:b2:2a:f5:73:68:a5:01:c0:dc:
                    95:6b:e1:ae:8e:03:3f:d5:e5:b4:99:79:1a:92:7c:
                    3a:7c:1f:bc:76:fa:12:c6:61:3b:65:d3:2b:79:c3:
                    2e:a7:78:b7:9c:16:71:f1:f5:ac:83:78:1e:39:38:
                    9a:50:ce:c1:d1:3c:ba:b8:4f:10:6d:a2:b8:b5:b6:
                    3d:60:3f:b2:6b:dd:d1:d0:34:46:39:d4:13:27:64:
                    06:4a:0c:6e:57:ee:59:3b:28:91:61:00:16:5b:12:
                    9a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:3D:CB:29:F9:52:68:28:F3:6C:B6:ED:E7:45:18:65:12:35:E1:05
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/mz3LKflSaCjzbLbt50UYZRI14QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:17:f1:8b:e4:f8:1e:e1:c4:5b:62:c8:53:d1:e3:a9:96:78:
         94:12:9e:7e:a9:17:04:58:7f:55:70:bd:19:f7:0a:af:88:cb:
         15:c3:45:9e:ce:22:3c:87:f8:5a:99:cc:96:2e:8b:bd:eb:8b:
         c0:87:a7:2d:ca:be:8d:14:fc:62:b7:39:b2:60:91:97:e1:a6:
         5c:3b:27:5a:36:1d:da:d8:98:e6:9b:03:2e:c6:06:6d:30:5f:
         4f:4a:8a:a0:71:83:7b:16:09:6c:cb:3f:c7:1a:0b:3d:6c:4a:
         1f:e9:d4:dd:d2:23:50:15:c9:28:d6:09:5e:6c:97:4a:ac:d9:
         75:41:5c:96:76:d1:fb:74:40:d0:40:d0:52:4d:a4:6f:e2:73:
         1d:73:58:62:a9:ed:10:24:06:b4:1f:ca:9c:df:b8:c7:51:60:
         34:87:72:44:47:e9:d1:64:ea:1a:3b:68:44:d9:d9:d8:24:10:
         c6:2a:98:a9:55:d3:73:9f:b8:3a:a0:ab:b7:85:5d:d6:65:86:
         d7:2f:ac:72:1a:2d:45:d0:24:04:43:a7:b5:ee:4a:7a:3f:60:
         8d:5a:e7:df:bc:24:a0:6f:1c:ec:d9:9b:3f:05:d2:69:cf:d2:
         79:c8:19:45:a6:0a:1f:35:a9:4a:e6:e5:fb:4a:6b:39:7e:f6:
         6a:81:26:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yzyXYneQVAV5f+EJXP8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjYwMTAyMDgyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjNkY2IyOWY5NTI2ODI4ZjM2Y2I2ZWRlNzQ1MTg2NTEyMzVlMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz2UYajaKHaoKIS3CxQTMquuz/6d
iQn5YoD80GHkE+lHcOko9OVcTj9os9MLkm+YPN88MF+YwK+wHdPMntTQein2kdVW
YFcWR+gw7YRpnW+g6IzZ37D7K6nvQFKNx0awDsF0N2LRBAKf73nSNoUPqAfE8OhE
pRPW9vz3+JMBUkj1uhfPQEyiU1aRkRt4TCHiihp3XYHOoJr3i4GyKvVzaKUBwNyV
a+GujgM/1eW0mXkaknw6fB+8dvoSxmE7ZdMrecMup3i3nBZx8fWsg3geOTiaUM7B
0Ty6uE8QbaK4tbY9YD+ya93R0DRGOdQTJ2QGSgxuV+5ZOyiRYQAWWxKa5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs9yyn5Umgo82y27edFGGUSNeEFMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvbXozTEtmbFNhQ2p6YkxidDUwVVlaUkkxNFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZBMA0G
CSqGSIb3DQEBCwUAA4IBAQBMF/GL5Pge4cRbYshT0eOplniUEp5+qRcEWH9VcL0Z
9wqviMsVw0WeziI8h/hamcyWLou964vAh6ctyr6NFPxitzmyYJGX4aZcOydaNh3a
2JjmmwMuxgZtMF9PSoqgcYN7Fglsyz/HGgs9bEof6dTd0iNQFcko1glebJdKrNl1
QVyWdtH7dEDQQNBSTaRv4nMdc1hiqe0QJAa0H8qc37jHUWA0h3JER+nRZOoaO2hE
2dnYJBDGKpipVdNzn7g6oKu3hV3WZYbXL6xyGi1F0CQEQ6e17kp6P2CNWuffvCSg
bxzs2Zs/BdJpz9J5yBlFpgofNalK5uX7Sms5fvZqgSb2
-----END CERTIFICATE-----