This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/S3R-qErkzc-IjOFmeTi4xHy4LpE.roa
File:                     S3R-qErkzc-IjOFmeTi4xHy4LpE.roa (raw, json)
Hash identifier:          SNvSagqffcHVObamPtGGn26yO20xNO70CwB/KL8UDeA=
Subject key identifier:   4B:74:7E:A8:4A:E4:CD:CF:88:8C:E1:66:79:38:B8:C4:7C:B8:2E:91
Certificate issuer:       /CN=9da140e8028e6d537600e0888a9af5a971c5db46
Certificate serial:       019B791097258356B15A93384249CC85EDEE
Authority key identifier: 9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/S3R-qErkzc-IjOFmeTi4xHy4LpE.roa
Signing time:             Thu 01 Jan 2026 10:18:08 +0000
ROA not before:           Thu 01 Jan 2026 10:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29286
IP address blocks:        192.58.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:97:25:83:56:b1:5a:93:38:42:49:cc:85:ed:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da140e8028e6d537600e0888a9af5a971c5db46
        Validity
            Not Before: Jan  1 10:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b747ea84ae4cdcf888ce1667938b8c47cb82e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:f1:55:72:0b:19:34:dd:e9:dd:33:8d:a7:79:
                    69:10:b8:63:1b:37:83:86:c7:ae:6c:98:3e:6c:59:
                    00:0e:3e:aa:a2:37:53:b8:a3:8d:e6:87:ce:8a:ce:
                    84:96:98:c8:0f:0c:41:48:86:41:c5:8b:0a:0c:23:
                    51:50:6e:75:d2:1a:e8:f2:19:89:21:bc:63:35:e4:
                    33:34:48:78:71:85:e9:d1:a6:95:ea:a2:3b:5f:9b:
                    73:66:50:36:c3:c4:9f:1d:e3:62:71:e7:02:9f:8c:
                    40:98:57:5a:eb:78:d1:6e:4a:ce:e1:4e:04:71:51:
                    a8:df:41:1d:3d:d8:bc:dd:d0:93:b8:64:30:a8:03:
                    71:42:cc:8d:66:3d:25:90:79:1a:4b:4c:62:a7:67:
                    22:5c:d3:b9:ea:34:43:91:3b:ab:3f:c7:20:e6:bb:
                    aa:a3:9b:b8:13:4d:4e:b8:04:61:12:fa:e7:fb:e9:
                    9b:85:62:2b:19:08:20:86:e6:a2:61:6d:d4:71:8a:
                    88:4d:7f:77:11:f8:dd:e6:82:45:97:70:e5:fb:c1:
                    a4:68:93:40:36:31:a9:5e:23:af:85:f2:a0:53:a2:
                    ef:5c:37:d5:cc:f1:4e:66:36:cf:30:80:16:af:ec:
                    60:63:a1:ad:05:e3:c1:dd:94:c9:c0:1d:04:7c:87:
                    d1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:74:7E:A8:4A:E4:CD:CF:88:8C:E1:66:79:38:B8:C4:7C:B8:2E:91
            X509v3 Authority Key Identifier:
                keyid:9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/S3R-qErkzc-IjOFmeTi4xHy4LpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.58.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:db:83:5f:ea:e1:13:4c:1e:42:42:84:09:9c:97:36:db:5c:
         73:df:66:57:45:12:2a:3e:fd:8a:98:e7:c3:12:86:da:c2:0c:
         ac:07:a2:90:54:36:75:26:c1:fa:d0:d5:28:97:e4:90:82:ca:
         3c:9f:9d:89:68:bd:00:db:21:bf:20:3a:08:6a:6d:ef:01:d6:
         f3:6b:20:61:46:61:53:10:b9:e1:3b:82:34:76:58:4f:e0:10:
         95:df:dd:d3:3b:51:29:c6:e4:e1:11:18:e4:00:f4:99:fd:e0:
         a5:a2:23:31:7a:28:02:f3:76:90:da:2d:78:3f:1a:71:b9:be:
         eb:9f:73:82:9a:cf:f6:9c:8f:8a:6c:7c:83:d8:fd:3b:fc:a4:
         cf:e2:92:59:1b:92:89:a1:a9:b0:68:64:c5:c2:a7:e4:6e:96:
         be:2c:32:43:35:b3:93:29:75:74:d1:ec:ac:e5:24:b3:80:87:
         10:15:42:53:8b:e5:b1:60:de:79:91:b8:44:6b:d2:21:5a:e1:
         1c:c2:e1:a2:02:6b:1a:c3:c4:f4:b2:30:bb:de:68:2a:c9:9b:
         c4:21:a8:f3:0e:46:15:52:32:c0:35:05:3d:8c:65:7a:01:55:
         b6:2e:9e:f4:a5:f1:3d:27:7e:93:47:8e:04:41:84:f3:fa:c1:
         e8:78:05:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EJclg1axWpM4QknMhe3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTE0MGU4MDI4ZTZkNTM3NjAwZTA4ODhhOWFmNWE5NzFj
NWRiNDYwHhcNMjYwMTAxMTAxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjc0N2VhODRhZTRjZGNmODg4Y2UxNjY3OTM4YjhjNDdjYjgyZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PFVcgsZNN3p3TONp3lpELhjGzeD
hseubJg+bFkADj6qojdTuKON5ofOis6ElpjIDwxBSIZBxYsKDCNRUG510hro8hmJ
IbxjNeQzNEh4cYXp0aaV6qI7X5tzZlA2w8SfHeNicecCn4xAmFda63jRbkrO4U4E
cVGo30EdPdi83dCTuGQwqANxQsyNZj0lkHkaS0xip2ciXNO56jRDkTurP8cg5ruq
o5u4E01OuARhEvrn++mbhWIrGQgghuaiYW3UcYqITX93Efjd5oJFl3Dl+8GkaJNA
NjGpXiOvhfKgU6LvXDfVzPFOZjbPMIAWr+xgY6GtBePB3ZTJwB0EfIfR3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEt0fqhK5M3PiIzhZnk4uMR8uC6RMB8GA1UdIwQY
MBaAFJ2hQOgCjm1TdgDgiIqa9alxxdtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgt
YTRjYThiOWMyMDViLzEvUzNSLXFFcmt6Yy1Jak9GbWVUaTR4SHk0THBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgtYTRjYThiOWMyMDVi
LzEvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwDo4MA0G
CSqGSIb3DQEBCwUAA4IBAQAS24Nf6uETTB5CQoQJnJc221xz32ZXRRIqPv2KmOfD
EobawgysB6KQVDZ1JsH60NUol+SQgso8n52JaL0A2yG/IDoIam3vAdbzayBhRmFT
ELnhO4I0dlhP4BCV393TO1EpxuThERjkAPSZ/eCloiMxeigC83aQ2i14Pxpxub7r
n3OCms/2nI+KbHyD2P07/KTP4pJZG5KJoamwaGTFwqfkbpa+LDJDNbOTKXV00eys
5SSzgIcQFUJTi+WxYN55kbhEa9IhWuEcwuGiAmsaw8T0sjC73mgqyZvEIajzDkYV
UjLANQU9jGV6AVW2Lp70pfE9J36TR44EQYTz+sHoeAVQ
-----END CERTIFICATE-----