This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/3a84f201VVV4zHV1iyP0KTsgDGc.roa
File:                     3a84f201VVV4zHV1iyP0KTsgDGc.roa (raw, json)
Hash identifier:          Os2FOe6eOEdxwn4fXwRkDsov2wYvxoS0GMS6wsZRSdo=
Subject key identifier:   DD:AF:38:7F:6D:35:55:55:78:CC:75:75:8B:23:F4:29:3B:20:0C:67
Certificate issuer:       /CN=02807e0863103f0912e7e0247811d167797d8107
Certificate serial:       019B77C690D0A12391EA54B616744CA3E82C
Authority key identifier: 02:80:7E:08:63:10:3F:09:12:E7:E0:24:78:11:D1:67:79:7D:81:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/3a84f201VVV4zHV1iyP0KTsgDGc.roa
Signing time:             Thu 01 Jan 2026 04:17:40 +0000
ROA not before:           Thu 01 Jan 2026 04:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25447
IP address blocks:        193.169.168.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:90:d0:a1:23:91:ea:54:b6:16:74:4c:a3:e8:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02807e0863103f0912e7e0247811d167797d8107
        Validity
            Not Before: Jan  1 04:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ddaf387f6d35555578cc75758b23f4293b200c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f0:d1:fb:cf:28:07:d5:a0:47:fc:83:c6:fe:
                    e5:e4:f6:c4:a1:92:ad:0b:00:54:2f:43:5e:3a:ab:
                    8c:59:75:db:d8:39:48:dc:6c:c8:bc:cf:76:37:83:
                    2c:a5:a6:0d:74:fa:cb:c9:60:59:d3:66:e9:17:d4:
                    43:ee:b3:6e:ce:e6:9a:0d:6c:21:3f:55:57:0c:c9:
                    1e:f6:4a:1d:55:2a:99:b6:c2:4a:c2:ad:d8:82:ae:
                    9e:9f:57:e5:a5:89:15:e1:ef:3e:9c:f1:ec:37:40:
                    08:2d:ae:29:1e:0d:35:3c:f9:75:38:eb:f3:89:a7:
                    ac:6d:2f:ab:65:6b:12:93:ad:03:5f:fe:ad:92:e1:
                    62:70:e7:e0:cf:2f:a9:5c:e4:5f:c8:b3:af:79:91:
                    4f:b5:6b:0e:76:2d:ee:48:ff:56:62:50:62:e3:71:
                    1a:00:af:e1:6a:ca:a3:48:bd:ae:08:1c:31:fe:56:
                    40:83:23:1f:06:79:3b:b8:4d:03:62:ef:58:c9:63:
                    26:59:61:97:09:c4:81:79:0f:bb:8a:e7:45:d3:68:
                    96:9e:8d:4b:2a:53:59:be:9c:a0:b5:d4:b6:2a:ca:
                    84:c6:24:65:56:d0:9a:5f:e1:f6:d8:9c:d5:ed:71:
                    81:0d:05:bc:e7:85:d8:3f:9f:65:fb:26:20:f1:12:
                    e6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:AF:38:7F:6D:35:55:55:78:CC:75:75:8B:23:F4:29:3B:20:0C:67
            X509v3 Authority Key Identifier:
                keyid:02:80:7E:08:63:10:3F:09:12:E7:E0:24:78:11:D1:67:79:7D:81:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/3a84f201VVV4zHV1iyP0KTsgDGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:59:f7:b2:31:5a:de:d7:70:13:6d:cd:f9:83:61:1a:fd:47:
         d9:90:cb:dc:34:85:c1:1a:13:3b:14:30:34:c2:f9:82:ac:9f:
         ee:10:bb:22:67:90:f5:f7:fc:1f:27:81:01:55:b6:42:2d:04:
         ed:6b:f2:bb:ab:c1:08:17:c9:d5:5e:ba:8b:77:d9:05:95:f0:
         f2:13:e9:27:5b:e5:83:71:d3:62:ab:2e:7f:ee:86:f5:93:2f:
         f7:27:a9:91:5f:2b:15:4d:0c:de:6c:8a:5c:f7:6c:dc:a6:3f:
         ad:8c:01:b8:55:16:04:00:a8:c1:ef:cf:01:bb:38:e4:d5:61:
         96:a3:72:91:16:d1:71:01:a1:99:ca:33:d0:a3:41:cb:b5:b9:
         ac:5d:e0:bb:79:78:85:2e:83:3f:0e:05:ac:13:64:44:c8:72:
         08:3e:c9:f5:a0:c3:52:7a:78:20:2f:82:70:6e:97:ef:57:a7:
         4d:ff:05:fa:c7:3b:86:2e:04:fe:f8:81:08:a8:4b:28:9c:c9:
         d6:62:19:74:27:45:a1:cf:1d:75:5a:ea:49:79:9d:38:81:63:
         9b:ef:fe:9e:82:78:9b:21:e2:46:16:b5:70:7d:b4:e2:1a:c1:
         5a:b7:77:31:20:79:bf:da:f2:77:6a:1a:c5:8b:bd:fc:02:ab:
         76:cc:b2:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xpDQoSOR6lS2FnRMo+gsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyODA3ZTA4NjMxMDNmMDkxMmU3ZTAyNDc4MTFkMTY3Nzk3
ZDgxMDcwHhcNMjYwMTAxMDQxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGFmMzg3ZjZkMzU1NTU1NzhjYzc1NzU4YjIzZjQyOTNiMjAwYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPDR+88oB9WgR/yDxv7l5PbEoZKt
CwBUL0NeOquMWXXb2DlI3GzIvM92N4MspaYNdPrLyWBZ02bpF9RD7rNuzuaaDWwh
P1VXDMke9kodVSqZtsJKwq3Ygq6en1flpYkV4e8+nPHsN0AILa4pHg01PPl1OOvz
iaesbS+rZWsSk60DX/6tkuFicOfgzy+pXORfyLOveZFPtWsOdi3uSP9WYlBi43Ea
AK/hasqjSL2uCBwx/lZAgyMfBnk7uE0DYu9YyWMmWWGXCcSBeQ+7iudF02iWno1L
KlNZvpygtdS2KsqExiRlVtCaX+H22JzV7XGBDQW854XYP59l+yYg8RLmCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2vOH9tNVVVeMx1dYsj9Ck7IAxnMB8GA1UdIwQY
MBaAFAKAfghjED8JEufgJHgR0Wd5fYEHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9CLUNHTVFQd2tTNS1Ba2VCSFJaM2w5Z1FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9iZjYwNDktOGQxZC00YmU4LTlmNTct
OGJhYjc4ZGUzMmM5LzEvM2E4NGYyMDFWVlY0ekhWMWl5UDBLVHNnREdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9iZjYwNDktOGQxZC00YmU4LTlmNTctOGJhYjc4ZGUzMmM5
LzEvQW9CLUNHTVFQd2tTNS1Ba2VCSFJaM2w5Z1FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwamoMA0G
CSqGSIb3DQEBCwUAA4IBAQAyWfeyMVre13ATbc35g2Ea/UfZkMvcNIXBGhM7FDA0
wvmCrJ/uELsiZ5D19/wfJ4EBVbZCLQTta/K7q8EIF8nVXrqLd9kFlfDyE+knW+WD
cdNiqy5/7ob1ky/3J6mRXysVTQzebIpc92zcpj+tjAG4VRYEAKjB788Buzjk1WGW
o3KRFtFxAaGZyjPQo0HLtbmsXeC7eXiFLoM/DgWsE2REyHIIPsn1oMNSenggL4Jw
bpfvV6dN/wX6xzuGLgT++IEIqEsonMnWYhl0J0Whzx11WupJeZ04gWOb7/6egnib
IeJGFrVwfbTiGsFat3cxIHm/2vJ3ahrFi738Aqt2zLJR
-----END CERTIFICATE-----