This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/T3EGh-bdCIIZhG5HJojpnlqKL2c.roa
File:                     T3EGh-bdCIIZhG5HJojpnlqKL2c.roa (raw, json)
Hash identifier:          bufDKb7bJ5Yg3D29mO4Y90yES19oPGAgCv9pA/tjktA=
Subject key identifier:   4F:71:06:87:E6:DD:08:82:19:84:6E:47:26:88:E9:9E:5A:8A:2F:67
Certificate issuer:       /CN=2829eb664506b86bfa1f702f6b1ffb484cc2cb12
Certificate serial:       019B7E3870D539B614BD56DB6CB0492DAEAE
Authority key identifier: 28:29:EB:66:45:06:B8:6B:FA:1F:70:2F:6B:1F:FB:48:4C:C2:CB:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KCnrZkUGuGv6H3Avax_7SEzCyxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/T3EGh-bdCIIZhG5HJojpnlqKL2c.roa
Signing time:             Fri 02 Jan 2026 10:19:46 +0000
ROA not before:           Fri 02 Jan 2026 10:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31500
IP address blocks:        194.110.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/KCnrZkUGuGv6H3Avax_7SEzCyxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/KCnrZkUGuGv6H3Avax_7SEzCyxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KCnrZkUGuGv6H3Avax_7SEzCyxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:70:d5:39:b6:14:bd:56:db:6c:b0:49:2d:ae:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2829eb664506b86bfa1f702f6b1ffb484cc2cb12
        Validity
            Not Before: Jan  2 10:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f710687e6dd088219846e472688e99e5a8a2f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:29:81:e3:01:3f:2c:3e:7a:6e:af:1c:26:56:
                    89:d7:73:83:d2:7f:f0:8f:5b:04:43:56:42:c5:e9:
                    5a:17:9a:1e:db:e8:1a:ae:91:06:bc:58:b0:54:8b:
                    88:42:c9:3a:2f:1a:c4:8e:fd:51:35:e5:d0:f4:3a:
                    ee:1b:aa:4e:54:2c:b0:fb:e9:13:6d:5f:6b:44:5f:
                    5a:2f:1f:cf:de:cd:5a:a7:a5:38:ea:36:6b:bb:2f:
                    d9:67:2a:e5:ff:f1:a7:67:38:42:45:60:ab:c7:7e:
                    54:da:df:36:db:b2:2a:99:ae:3b:74:e0:2a:b8:a9:
                    07:98:e3:96:c0:1e:33:56:a9:ca:a6:fe:56:25:b6:
                    1b:20:f8:4a:89:10:38:56:94:13:2d:1e:4f:89:9d:
                    99:9e:e4:f7:b6:4a:ae:dc:45:24:d8:99:0e:85:ef:
                    8a:48:bd:3d:92:ea:24:74:44:2c:3e:5d:7b:d0:ac:
                    17:45:3b:b2:13:78:a4:cd:1b:8a:75:80:c1:4f:f1:
                    35:78:1d:a6:b4:d7:a4:47:c9:0d:f5:c7:69:bf:bf:
                    67:53:44:4a:a6:e8:57:52:05:5a:52:4c:fd:87:16:
                    71:8a:dc:b9:66:af:0a:b0:7d:15:62:6c:7e:3f:aa:
                    0b:ed:64:47:87:50:1b:fa:6d:03:10:41:d9:07:1a:
                    dd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:71:06:87:E6:DD:08:82:19:84:6E:47:26:88:E9:9E:5A:8A:2F:67
            X509v3 Authority Key Identifier:
                keyid:28:29:EB:66:45:06:B8:6B:FA:1F:70:2F:6B:1F:FB:48:4C:C2:CB:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KCnrZkUGuGv6H3Avax_7SEzCyxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/T3EGh-bdCIIZhG5HJojpnlqKL2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/KCnrZkUGuGv6H3Avax_7SEzCyxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:b9:c8:a2:52:a6:cb:4f:bf:af:0f:96:f5:85:13:ee:2d:a8:
         e7:dc:eb:43:27:5a:a8:4a:64:fb:24:f3:7f:a6:20:15:b6:33:
         7a:17:1b:a2:02:99:b4:2f:bb:15:a3:cd:d3:59:81:36:73:5c:
         e3:fe:43:52:4b:79:7f:a2:1d:53:0c:b0:d1:16:f3:dd:3e:f8:
         6a:83:18:d4:41:ea:5c:d7:4d:42:58:5a:88:fb:0a:a0:2b:4b:
         05:3f:40:04:99:8d:17:a1:53:36:93:37:d5:0a:61:92:49:b7:
         cf:d6:64:9a:96:7c:12:5c:ba:2a:3c:e8:97:41:67:cf:a6:d4:
         4e:cf:aa:27:4b:76:b8:bb:0b:41:55:24:cc:fc:7a:23:83:59:
         5b:4e:96:d6:9f:9e:d8:da:09:94:b7:f7:fb:74:9c:94:b7:d8:
         a5:ca:df:8c:14:c2:a6:80:71:92:f2:d3:da:5d:e4:19:46:59:
         bd:a0:a2:02:5d:02:53:c2:d2:c8:77:dd:1a:05:06:5f:aa:4d:
         11:ca:34:f3:59:6b:eb:dc:2b:64:70:b3:4a:63:5c:81:7e:33:
         56:6e:7f:2c:c2:0f:5d:23:68:c4:3d:4c:6f:67:ea:c2:34:de:
         ca:eb:3c:1a:22:af:d9:e6:c2:c4:c1:cd:a9:97:cf:18:02:b8:
         a5:ac:9f:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OHDVObYUvVbbbLBJLa6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MjllYjY2NDUwNmI4NmJmYTFmNzAyZjZiMWZmYjQ4NGNj
MmNiMTIwHhcNMjYwMTAyMTAxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjcxMDY4N2U2ZGQwODgyMTk4NDZlNDcyNjg4ZTk5ZTVhOGEyZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SmB4wE/LD56bq8cJlaJ13OD0n/w
j1sEQ1ZCxelaF5oe2+garpEGvFiwVIuIQsk6LxrEjv1RNeXQ9DruG6pOVCyw++kT
bV9rRF9aLx/P3s1ap6U46jZruy/ZZyrl//GnZzhCRWCrx35U2t8227Iqma47dOAq
uKkHmOOWwB4zVqnKpv5WJbYbIPhKiRA4VpQTLR5PiZ2ZnuT3tkqu3EUk2JkOhe+K
SL09kuokdEQsPl170KwXRTuyE3ikzRuKdYDBT/E1eB2mtNekR8kN9cdpv79nU0RK
puhXUgVaUkz9hxZxity5Zq8KsH0VYmx+P6oL7WRHh1Ab+m0DEEHZBxrdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9xBofm3QiCGYRuRyaI6Z5aii9nMB8GA1UdIwQY
MBaAFCgp62ZFBrhr+h9wL2sf+0hMwssSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0NuclprVUd1R3Y2SDNBdmF4XzdTRXpDeXhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lMDliMjQtOGFhOC00MGU2LTg0MmMt
MmY5ZWM1MzhjYzFkLzEvVDNFR2gtYmRDSUlaaEc1SEpvanBubHFLTDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lMDliMjQtOGFhOC00MGU2LTg0MmMtMmY5ZWM1MzhjYzFk
LzEvS0NuclprVUd1R3Y2SDNBdmF4XzdTRXpDeXhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm5CMA0G
CSqGSIb3DQEBCwUAA4IBAQABuciiUqbLT7+vD5b1hRPuLajn3OtDJ1qoSmT7JPN/
piAVtjN6FxuiApm0L7sVo83TWYE2c1zj/kNSS3l/oh1TDLDRFvPdPvhqgxjUQepc
101CWFqI+wqgK0sFP0AEmY0XoVM2kzfVCmGSSbfP1mSalnwSXLoqPOiXQWfPptRO
z6onS3a4uwtBVSTM/Hojg1lbTpbWn57Y2gmUt/f7dJyUt9ilyt+MFMKmgHGS8tPa
XeQZRlm9oKICXQJTwtLId90aBQZfqk0RyjTzWWvr3CtkcLNKY1yBfjNWbn8swg9d
I2jEPUxvZ+rCNN7K6zwaIq/Z5sLEwc2pl88YArilrJ8G
-----END CERTIFICATE-----