This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/3bsIQIUMB3wEM7UpYsUhEhh9TDM.roa
File:                     3bsIQIUMB3wEM7UpYsUhEhh9TDM.roa (raw, json)
Hash identifier:          JUK0LWzP12KIpgwQRI9/y3rNyJiup+Z+mcnNsCbamT4=
Subject key identifier:   DD:BB:08:40:85:0C:07:7C:04:33:B5:29:62:C5:21:12:18:7D:4C:33
Certificate issuer:       /CN=4f152900b0d323d36d94510ab0b01c93f4517c89
Certificate serial:       019B7D5B6D5BEEE4DA1989E7656C963A9DF6
Authority key identifier: 4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/3bsIQIUMB3wEM7UpYsUhEhh9TDM.roa
Signing time:             Fri 02 Jan 2026 06:18:22 +0000
ROA not before:           Fri 02 Jan 2026 06:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2119
IP address blocks:        185.102.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:6d:5b:ee:e4:da:19:89:e7:65:6c:96:3a:9d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f152900b0d323d36d94510ab0b01c93f4517c89
        Validity
            Not Before: Jan  2 06:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ddbb0840850c077c0433b52962c52112187d4c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:be:77:b1:e1:41:77:7e:2e:dc:85:1d:4f:c9:
                    50:80:e7:84:dd:72:18:fa:cf:83:1d:d3:4e:5e:4b:
                    f1:b7:1b:99:2f:6c:08:78:13:96:73:d0:73:87:59:
                    f3:3e:e6:44:3f:bb:74:f9:bb:03:61:da:89:9d:7b:
                    05:6b:1e:11:bb:34:33:d5:b8:8a:f4:2e:bd:fe:23:
                    7a:8a:5e:55:e5:20:3a:56:ef:3f:ca:a8:bf:a5:cc:
                    e2:45:20:15:a9:70:4b:46:b7:c4:c1:b6:7f:84:10:
                    71:7a:35:12:4d:7e:98:eb:1b:d5:6b:f7:3a:33:f1:
                    44:ac:87:3d:e4:e7:3c:d9:b6:e9:70:15:8a:c3:08:
                    61:8b:91:d4:32:1b:1f:f7:5c:ca:82:1b:5f:21:66:
                    fe:15:eb:30:c5:a3:c5:8a:f7:1f:09:a1:a1:04:b4:
                    1e:2e:f3:f3:e2:20:a4:a3:72:f4:2c:10:6c:89:83:
                    c4:d1:69:5d:52:97:96:f2:96:de:48:96:b6:d1:b7:
                    21:b2:94:38:b2:c9:62:2b:02:05:4d:b9:03:31:41:
                    a4:ad:1e:f3:bd:4c:28:b7:43:90:b5:e3:32:32:1e:
                    7e:2c:e5:49:8a:23:1e:d8:59:a4:b0:62:f1:bf:e6:
                    37:d3:56:2b:b9:9a:bc:91:15:59:01:61:e9:69:2f:
                    15:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:BB:08:40:85:0C:07:7C:04:33:B5:29:62:C5:21:12:18:7D:4C:33
            X509v3 Authority Key Identifier:
                keyid:4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/3bsIQIUMB3wEM7UpYsUhEhh9TDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:c5:6a:3f:23:10:31:44:51:32:fb:ed:94:cb:48:6d:5b:34:
         0f:4a:91:ed:58:c8:5b:cd:d2:8f:cf:0e:06:ae:69:e1:a6:ac:
         1b:1b:51:bd:79:7c:fb:98:11:1d:39:06:3e:2f:b0:f3:8d:60:
         dd:f0:10:2a:fa:34:53:f7:99:ba:2e:85:47:e1:62:25:22:fa:
         c4:b3:1a:74:73:3b:2c:98:4f:6a:12:8b:a7:bd:51:0d:f4:bb:
         fb:a8:ac:85:43:ee:93:4f:d8:b3:56:69:75:9f:f5:6a:83:32:
         fe:82:e1:3d:0d:6a:0f:34:45:d1:ba:22:5f:9d:d8:20:e2:59:
         bd:e1:e0:4e:2d:bf:bb:e1:b0:26:85:1a:9e:4b:f5:ad:34:57:
         51:1a:40:84:bb:b1:6f:f5:df:8b:12:ac:0a:56:b6:3e:11:31:
         f9:8a:4a:6b:f2:b2:e9:68:80:49:aa:c5:af:90:c1:f9:7f:f1:
         dc:2d:3c:88:af:b3:d1:97:21:72:5e:c3:71:43:8b:86:5b:af:
         87:20:0f:c0:ef:62:d7:bb:3b:66:17:a8:1b:87:25:17:cb:6a:
         04:1a:ef:50:28:7f:ea:e0:6f:ec:eb:95:4a:e7:94:1b:2e:09:
         e4:65:ff:bd:d1:be:d2:f7:71:6a:24:c5:ab:12:47:68:5e:25:
         3e:f9:bd:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W21b7uTaGYnnZWyWOp32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTUyOTAwYjBkMzIzZDM2ZDk0NTEwYWIwYjAxYzkzZjQ1
MTdjODkwHhcNMjYwMTAyMDYxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJiMDg0MDg1MGMwNzdjMDQzM2I1Mjk2MmM1MjExMjE4N2Q0YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn753seFBd34u3IUdT8lQgOeE3XIY
+s+DHdNOXkvxtxuZL2wIeBOWc9Bzh1nzPuZEP7t0+bsDYdqJnXsFax4RuzQz1biK
9C69/iN6il5V5SA6Vu8/yqi/pcziRSAVqXBLRrfEwbZ/hBBxejUSTX6Y6xvVa/c6
M/FErIc95Oc82bbpcBWKwwhhi5HUMhsf91zKghtfIWb+FeswxaPFivcfCaGhBLQe
LvPz4iCko3L0LBBsiYPE0WldUpeW8pbeSJa20bchspQ4ssliKwIFTbkDMUGkrR7z
vUwot0OQteMyMh5+LOVJiiMe2FmksGLxv+Y301YruZq8kRVZAWHpaS8VTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN27CECFDAd8BDO1KWLFIRIYfUwzMB8GA1UdIwQY
MBaAFE8VKQCw0yPTbZRRCrCwHJP0UXyJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQt
MjNkZjhkZGRmOTc4LzEvM2JzSVFJVU1CM3dFTTdVcFlzVWhFaGg5VERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQtMjNkZjhkZGRmOTc4
LzEvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWYgMA0G
CSqGSIb3DQEBCwUAA4IBAQBCxWo/IxAxRFEy++2Uy0htWzQPSpHtWMhbzdKPzw4G
rmnhpqwbG1G9eXz7mBEdOQY+L7DzjWDd8BAq+jRT95m6LoVH4WIlIvrEsxp0czss
mE9qEounvVEN9Lv7qKyFQ+6TT9izVml1n/VqgzL+guE9DWoPNEXRuiJfndgg4lm9
4eBOLb+74bAmhRqeS/WtNFdRGkCEu7Fv9d+LEqwKVrY+ETH5ikpr8rLpaIBJqsWv
kMH5f/HcLTyIr7PRlyFyXsNxQ4uGW6+HIA/A72LXuztmF6gbhyUXy2oEGu9QKH/q
4G/s65VK55QbLgnkZf+90b7S93FqJMWrEkdoXiU++b0k
-----END CERTIFICATE-----