This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/dMQH9tvJjEbqVjzYXBQOGg7m0JI.roa
File:                     dMQH9tvJjEbqVjzYXBQOGg7m0JI.roa (raw, json)
Hash identifier:          b3EctPcFSV5P1lxEbR98GtJiO/bszeXfi3k0g45+jzs=
Subject key identifier:   74:C4:07:F6:DB:C9:8C:46:EA:56:3C:D8:5C:14:0E:1A:0E:E6:D0:92
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019B7C8023183DF7CDDBAEE94CFD7E68E679
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/dMQH9tvJjEbqVjzYXBQOGg7m0JI.roa
Signing time:             Fri 02 Jan 2026 02:18:50 +0000
ROA not before:           Fri 02 Jan 2026 02:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206713
IP address blocks:        194.51.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:23:18:3d:f7:cd:db:ae:e9:4c:fd:7e:68:e6:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  2 02:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74c407f6dbc98c46ea563cd85c140e1a0ee6d092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f4:57:ad:bb:b2:f7:d1:53:92:4b:a7:de:34:
                    8d:4c:56:68:68:c1:52:d8:db:03:92:17:1f:f5:a7:
                    66:a3:77:b6:f7:2a:80:ef:02:96:c5:62:72:70:50:
                    75:d9:fa:16:80:b2:24:5f:61:78:97:76:a8:6d:1d:
                    eb:bb:a8:ff:00:47:a7:bc:80:64:d1:3a:a9:95:d5:
                    7d:3f:2b:cb:43:c4:1f:28:78:78:66:d5:f0:1d:ef:
                    e0:a3:06:5a:5a:7b:5f:46:ef:a9:cb:82:75:06:a5:
                    87:f4:8a:b6:98:bc:5c:70:59:9a:f2:b3:a0:30:ea:
                    90:d2:dc:6a:83:39:19:71:1e:64:d1:88:d3:c0:62:
                    eb:78:35:4e:15:69:2f:e0:33:15:ed:64:a9:81:47:
                    15:6a:fa:1f:40:3a:97:72:85:52:2f:b6:f8:d7:c5:
                    18:5e:fd:7e:5d:52:e2:3a:8e:f6:fb:7b:13:f4:db:
                    49:93:ca:e8:e1:b3:cc:1f:bf:dc:ae:27:49:8a:8f:
                    84:64:af:3b:e4:29:22:bd:6c:53:78:ee:14:e4:03:
                    f6:ad:4d:53:a6:76:64:70:bb:d6:0d:00:bf:e9:6e:
                    2e:bd:55:f9:66:5a:bc:49:73:b9:70:23:7f:3f:b6:
                    d4:1e:5c:35:21:a2:66:63:d5:3d:82:a3:c2:41:7b:
                    69:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C4:07:F6:DB:C9:8C:46:EA:56:3C:D8:5C:14:0E:1A:0E:E6:D0:92
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/dMQH9tvJjEbqVjzYXBQOGg7m0JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.51.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:4e:fc:47:6f:d5:5d:24:4e:cb:4b:cc:27:69:53:a4:da:62:
         62:36:e6:29:cc:64:1f:30:8f:cf:17:dd:06:ac:e3:fd:03:d8:
         86:d8:3d:24:44:5d:f0:8f:b9:34:39:66:1a:49:84:fe:27:a2:
         b9:9c:9a:7d:e7:89:c2:d5:92:7a:e0:53:9f:13:c2:d8:cb:d9:
         01:c4:c6:81:1e:ff:51:ed:dc:93:e3:ed:2a:78:14:3e:91:76:
         09:b4:aa:da:41:01:e8:a7:e3:ff:05:51:73:00:b0:9c:39:45:
         81:00:0c:55:0c:35:8d:77:c9:05:ec:c8:d8:05:d7:f3:1a:43:
         ab:7d:97:c8:33:8a:33:df:88:dc:34:15:f9:b5:04:a1:19:db:
         a8:35:f5:fb:5b:56:12:7a:c9:86:90:fd:f1:35:e7:ef:0c:c2:
         e2:9e:b1:15:76:7a:b3:da:f0:4e:64:d8:26:20:79:a9:13:c5:
         fc:b1:fb:01:e4:cb:cd:c7:f6:7b:86:0c:e0:48:34:77:32:e8:
         22:35:5d:0c:e6:18:81:3f:1a:37:6f:03:5b:f8:5d:b3:b3:5d:
         85:19:c5:77:c5:6f:e4:c4:1e:fb:d3:8e:9a:54:e5:e0:35:30:
         78:bc:58:a4:e5:89:b3:67:9d:aa:a2:ef:b3:8a:fc:91:db:ba:
         2e:1a:f1:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gCMYPffN267pTP1+aOZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjYwMTAyMDIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGM0MDdmNmRiYzk4YzQ2ZWE1NjNjZDg1YzE0MGUxYTBlZTZkMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/RXrbuy99FTkkun3jSNTFZoaMFS
2NsDkhcf9admo3e29yqA7wKWxWJycFB12foWgLIkX2F4l3aobR3ru6j/AEenvIBk
0TqpldV9PyvLQ8QfKHh4ZtXwHe/gowZaWntfRu+py4J1BqWH9Iq2mLxccFma8rOg
MOqQ0txqgzkZcR5k0YjTwGLreDVOFWkv4DMV7WSpgUcVavofQDqXcoVSL7b418UY
Xv1+XVLiOo72+3sT9NtJk8ro4bPMH7/cridJio+EZK875CkivWxTeO4U5AP2rU1T
pnZkcLvWDQC/6W4uvVX5Zlq8SXO5cCN/P7bUHlw1IaJmY9U9gqPCQXtpRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTEB/bbyYxG6lY82FwUDhoO5tCSMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvZE1RSDl0dkpqRWJxVmp6WVhCUU9HZzdtMEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjMjMA0G
CSqGSIb3DQEBCwUAA4IBAQCVTvxHb9VdJE7LS8wnaVOk2mJiNuYpzGQfMI/PF90G
rOP9A9iG2D0kRF3wj7k0OWYaSYT+J6K5nJp954nC1ZJ64FOfE8LYy9kBxMaBHv9R
7dyT4+0qeBQ+kXYJtKraQQHop+P/BVFzALCcOUWBAAxVDDWNd8kF7MjYBdfzGkOr
fZfIM4oz34jcNBX5tQShGduoNfX7W1YSesmGkP3xNefvDMLinrEVdnqz2vBOZNgm
IHmpE8X8sfsB5MvNx/Z7hgzgSDR3MugiNV0M5hiBPxo3bwNb+F2zs12FGcV3xW/k
xB77046aVOXgNTB4vFik5YmzZ52qou+zivyR27ouGvFG
-----END CERTIFICATE-----