This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/syhNGgrCHQ0M3a6ZE-tC0iaeynU.roa
File:                     syhNGgrCHQ0M3a6ZE-tC0iaeynU.roa (raw, json)
Hash identifier:          Kim2MdULkR+MUTiOlFIiqF/aDEpF8HQgnknvl5b/G2k=
Subject key identifier:   B3:28:4D:1A:0A:C2:1D:0D:0C:DD:AE:99:13:EB:42:D2:26:9E:CA:75
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019B7C801652082844C81FD1F8E35FD9588A
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/syhNGgrCHQ0M3a6ZE-tC0iaeynU.roa
Signing time:             Fri 02 Jan 2026 02:18:47 +0000
ROA not before:           Fri 02 Jan 2026 02:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31180
IP address blocks:        195.6.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:16:52:08:28:44:c8:1f:d1:f8:e3:5f:d9:58:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  2 02:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3284d1a0ac21d0d0cddae9913eb42d2269eca75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e8:0b:45:63:eb:49:72:e9:0f:5f:7b:0a:e0:
                    34:27:bc:77:22:35:e7:8c:b6:d7:24:85:f7:0e:f3:
                    dd:59:00:5c:6a:a0:d0:52:11:a6:8f:bc:a1:d1:0c:
                    c6:87:b2:f0:10:f4:32:38:96:37:ed:32:31:2d:33:
                    f2:7d:1b:53:50:f2:d1:b2:b6:20:0a:94:81:fc:c0:
                    53:4d:58:8e:d3:90:d7:bd:d5:c8:b9:81:b4:07:8c:
                    53:28:bf:23:9a:ca:86:39:0e:26:77:27:2f:8a:80:
                    8f:a1:f9:c2:15:77:08:68:65:49:e4:50:d5:7f:6d:
                    d3:56:7b:79:2c:8f:d5:c9:3c:75:2a:39:30:64:aa:
                    60:2d:58:11:7d:d3:77:ea:ba:fc:a5:45:37:f7:f6:
                    ab:9b:11:ff:6e:4d:8b:60:f8:2f:d5:00:93:ba:a9:
                    43:48:08:a3:58:e3:3f:b1:10:34:06:81:fc:c8:ac:
                    4d:b8:71:cc:0a:f9:34:fb:d5:32:d9:0e:1c:11:d7:
                    f0:9b:77:ad:34:09:6c:e1:e4:52:d2:de:5d:29:91:
                    1c:84:b0:23:1e:90:50:f1:33:58:aa:db:94:79:a0:
                    97:34:73:75:1f:81:0d:2c:b8:62:64:e0:66:23:23:
                    fa:d0:39:87:ba:16:57:88:9d:63:31:fb:0e:eb:41:
                    fe:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:28:4D:1A:0A:C2:1D:0D:0C:DD:AE:99:13:EB:42:D2:26:9E:CA:75
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/syhNGgrCHQ0M3a6ZE-tC0iaeynU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.6.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:aa:d1:22:e8:5c:75:b6:67:e2:e7:58:19:21:d2:2b:9c:83:
         d6:24:12:bf:7b:9f:15:d4:95:39:d5:7c:78:9d:7f:2a:c4:c9:
         cd:c3:c9:9f:58:12:1b:0f:27:fc:99:2b:47:06:c6:76:d8:97:
         a4:9b:77:d6:98:67:13:84:a3:d3:31:d9:74:f9:71:ed:e2:b7:
         ff:ff:40:30:e6:be:6a:36:29:cd:ee:a3:e8:44:a2:43:6b:95:
         fb:ee:53:97:36:f8:bf:bb:0f:a0:0d:a4:82:e4:8e:ca:36:93:
         c3:87:5f:7b:7c:ff:64:11:b1:38:73:d0:da:57:46:80:49:28:
         0f:0b:54:d8:ed:ee:fe:29:92:74:01:25:b1:ab:93:59:72:9b:
         c5:ad:e2:9a:f9:d6:a8:44:c0:32:63:4b:71:48:12:4e:20:07:
         ba:05:f3:cf:76:6b:af:56:db:0a:e6:ab:93:77:23:e4:2a:45:
         fc:0b:a5:37:5c:38:5a:a3:89:76:5c:ad:e7:ec:e6:83:d1:ff:
         9f:d2:5e:e9:2d:4d:04:50:19:0f:d3:ef:8b:2e:80:83:c8:9f:
         0b:09:04:40:9b:1e:6c:1d:8a:53:bc:94:02:32:39:7e:78:43:
         08:01:08:6d:82:ab:98:cf:b9:32:36:69:dc:0d:b4:56:e9:a1:
         89:60:7a:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gBZSCChEyB/R+ONf2ViKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjYwMTAyMDIxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI4NGQxYTBhYzIxZDBkMGNkZGFlOTkxM2ViNDJkMjI2OWVjYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOgLRWPrSXLpD197CuA0J7x3IjXn
jLbXJIX3DvPdWQBcaqDQUhGmj7yh0QzGh7LwEPQyOJY37TIxLTPyfRtTUPLRsrYg
CpSB/MBTTViO05DXvdXIuYG0B4xTKL8jmsqGOQ4mdycvioCPofnCFXcIaGVJ5FDV
f23TVnt5LI/VyTx1KjkwZKpgLVgRfdN36rr8pUU39/armxH/bk2LYPgv1QCTuqlD
SAijWOM/sRA0BoH8yKxNuHHMCvk0+9Uy2Q4cEdfwm3etNAls4eRS0t5dKZEchLAj
HpBQ8TNYqtuUeaCXNHN1H4ENLLhiZOBmIyP60DmHuhZXiJ1jMfsO60H+8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMoTRoKwh0NDN2umRPrQtImnsp1MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvc3loTkdnckNIUTBNM2E2WkUtdEMwaWFleW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwYDMA0G
CSqGSIb3DQEBCwUAA4IBAQAAqtEi6Fx1tmfi51gZIdIrnIPWJBK/e58V1JU51Xx4
nX8qxMnNw8mfWBIbDyf8mStHBsZ22Jekm3fWmGcThKPTMdl0+XHt4rf//0Aw5r5q
NinN7qPoRKJDa5X77lOXNvi/uw+gDaSC5I7KNpPDh197fP9kEbE4c9DaV0aASSgP
C1TY7e7+KZJ0ASWxq5NZcpvFreKa+daoRMAyY0txSBJOIAe6BfPPdmuvVtsK5quT
dyPkKkX8C6U3XDhao4l2XK3n7OaD0f+f0l7pLU0EUBkP0++LLoCDyJ8LCQRAmx5s
HYpTvJQCMjl+eEMIAQhtgquYz7kyNmncDbRW6aGJYHpl
-----END CERTIFICATE-----