This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/3ehZu4iMUfcPfFG_lH5I5KE8DpU.roa
File:                     3ehZu4iMUfcPfFG_lH5I5KE8DpU.roa (raw, json)
Hash identifier:          s49ndrQJ40YayQJgFBDJ5AW3+BdIOwIQqaaClazI6fw=
Subject key identifier:   DD:E8:59:BB:88:8C:51:F7:0F:7C:51:BF:94:7E:48:E4:A1:3C:0E:95
Certificate issuer:       /CN=9c3cfcde13b660b5c831dafbe1bfbf68df9fbe39
Certificate serial:       019B7C80C39EC8936E94AA3221E19F92DD16
Authority key identifier: 9C:3C:FC:DE:13:B6:60:B5:C8:31:DA:FB:E1:BF:BF:68:DF:9F:BE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nDz83hO2YLXIMdr74b-_aN-fvjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/3ehZu4iMUfcPfFG_lH5I5KE8DpU.roa
Signing time:             Fri 02 Jan 2026 02:19:32 +0000
ROA not before:           Fri 02 Jan 2026 02:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203436
IP address blocks:        176.97.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/nDz83hO2YLXIMdr74b-_aN-fvjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/nDz83hO2YLXIMdr74b-_aN-fvjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nDz83hO2YLXIMdr74b-_aN-fvjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:c3:9e:c8:93:6e:94:aa:32:21:e1:9f:92:dd:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c3cfcde13b660b5c831dafbe1bfbf68df9fbe39
        Validity
            Not Before: Jan  2 02:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dde859bb888c51f70f7c51bf947e48e4a13c0e95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:56:3f:3d:5b:e7:df:93:cd:db:de:a2:c6:cf:
                    6b:dd:95:19:34:1f:66:fe:fc:a9:cc:19:52:74:14:
                    67:3a:2b:11:7d:88:1b:d1:ec:d7:a7:f3:70:5a:cb:
                    e7:d9:09:7f:67:0c:7a:27:be:7d:aa:fb:11:5c:f7:
                    bf:3e:a8:4c:64:59:f5:2a:89:10:7e:f4:fe:11:0e:
                    18:51:7a:b0:13:3d:e5:f9:ad:6b:28:13:fb:2e:d3:
                    8f:44:a9:e5:2b:48:13:a1:ed:14:dc:57:35:3d:c9:
                    da:05:5f:43:53:60:98:a0:a0:b8:45:d8:f8:3e:89:
                    0f:49:ea:28:39:a9:ec:2c:aa:0f:a2:f5:e0:d8:44:
                    1f:56:2d:a0:64:e8:a8:8b:aa:72:b7:e0:e0:c0:51:
                    3f:0d:b6:03:7c:07:ec:b1:91:11:13:37:36:a8:fb:
                    08:7b:c5:56:40:b3:b9:53:9b:d0:89:33:64:a5:07:
                    b4:c3:b2:82:74:0b:8e:46:38:31:e7:aa:30:df:5e:
                    b0:6c:15:72:bb:7a:bd:f3:73:bd:a9:51:57:76:22:
                    d7:48:9d:52:1e:1b:be:24:8c:fe:d1:ad:c7:66:cc:
                    76:05:c1:fa:3d:53:b1:9a:45:2d:7a:a9:8d:a4:af:
                    8d:fc:86:8d:08:b3:3a:39:c1:d9:f8:30:92:b2:ec:
                    62:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:E8:59:BB:88:8C:51:F7:0F:7C:51:BF:94:7E:48:E4:A1:3C:0E:95
            X509v3 Authority Key Identifier:
                keyid:9C:3C:FC:DE:13:B6:60:B5:C8:31:DA:FB:E1:BF:BF:68:DF:9F:BE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nDz83hO2YLXIMdr74b-_aN-fvjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/3ehZu4iMUfcPfFG_lH5I5KE8DpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/nDz83hO2YLXIMdr74b-_aN-fvjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:eb:75:78:54:c0:53:3d:26:ad:c2:6d:0d:5c:35:77:48:aa:
         c3:70:70:44:ff:b6:8a:ab:57:58:9c:8d:b4:36:a3:58:6c:86:
         91:ce:31:2c:dd:6b:ec:bf:3a:1a:aa:d4:05:a0:6c:54:ae:41:
         35:4c:2f:ce:4e:e9:35:03:b0:1c:e7:f3:e9:6b:42:b7:b3:67:
         25:d9:35:02:b7:ff:be:44:1c:3f:69:5b:b6:da:72:f4:b5:a4:
         80:be:92:7b:a9:8d:16:b3:ef:cb:8e:84:d0:08:b5:6e:9e:88:
         cf:e1:89:2e:42:26:26:fe:9a:5e:a3:99:19:0a:ee:9f:f0:2a:
         3d:86:26:f3:15:c0:10:0f:7f:01:70:c7:6c:08:3c:9b:44:af:
         f5:83:64:ca:96:81:6d:c0:f2:23:09:de:30:8a:bc:e7:7b:8b:
         81:d0:15:20:38:fc:c0:a6:43:0a:ee:3a:2e:d6:a2:bd:2f:b1:
         cc:54:75:a7:94:2b:82:8c:a3:88:e9:f5:d9:97:44:6d:43:d1:
         5d:ed:1d:15:4b:a2:af:b4:2f:0e:0e:32:3a:1f:30:9d:db:6c:
         39:13:c0:d0:48:0a:a0:7c:0e:05:e6:5e:70:8d:a2:04:6f:c8:
         ea:07:a2:e3:b6:6e:ee:7b:d5:a1:52:b1:44:42:5a:cd:75:30:
         76:64:b5:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gMOeyJNulKoyIeGfkt0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljM2NmY2RlMTNiNjYwYjVjODMxZGFmYmUxYmZiZjY4ZGY5
ZmJlMzkwHhcNMjYwMTAyMDIxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGU4NTliYjg4OGM1MWY3MGY3YzUxYmY5NDdlNDhlNGExM2MwZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVY/PVvn35PN296ixs9r3ZUZNB9m
/vypzBlSdBRnOisRfYgb0ezXp/NwWsvn2Ql/Zwx6J759qvsRXPe/PqhMZFn1KokQ
fvT+EQ4YUXqwEz3l+a1rKBP7LtOPRKnlK0gToe0U3Fc1PcnaBV9DU2CYoKC4Rdj4
PokPSeooOansLKoPovXg2EQfVi2gZOioi6pyt+DgwFE/DbYDfAfssZEREzc2qPsI
e8VWQLO5U5vQiTNkpQe0w7KCdAuORjgx56ow316wbBVyu3q983O9qVFXdiLXSJ1S
Hhu+JIz+0a3HZsx2BcH6PVOxmkUteqmNpK+N/IaNCLM6OcHZ+DCSsuxixQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3oWbuIjFH3D3xRv5R+SOShPA6VMB8GA1UdIwQY
MBaAFJw8/N4TtmC1yDHa++G/v2jfn745MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkR6ODNoTzJZTFhJTWRyNzRiLV9hTi1mdmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8zYzAzNGYtYzI0My00YTg4LTkwNzAt
Njg3OWNjMjZkN2I2LzEvM2VoWnU0aU1VZmNQZkZHX2xINUk1S0U4RHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8zYzAzNGYtYzI0My00YTg4LTkwNzAtNjg3OWNjMjZkN2I2
LzEvbkR6ODNoTzJZTFhJTWRyNzRiLV9hTi1mdmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGHUMA0G
CSqGSIb3DQEBCwUAA4IBAQAV63V4VMBTPSatwm0NXDV3SKrDcHBE/7aKq1dYnI20
NqNYbIaRzjEs3WvsvzoaqtQFoGxUrkE1TC/OTuk1A7Ac5/Ppa0K3s2cl2TUCt/++
RBw/aVu22nL0taSAvpJ7qY0Ws+/LjoTQCLVunojP4YkuQiYm/ppeo5kZCu6f8Co9
hibzFcAQD38BcMdsCDybRK/1g2TKloFtwPIjCd4wirzne4uB0BUgOPzApkMK7jou
1qK9L7HMVHWnlCuCjKOI6fXZl0RtQ9Fd7R0VS6KvtC8ODjI6HzCd22w5E8DQSAqg
fA4F5l5wjaIEb8jqB6Ljtm7ue9WhUrFEQlrNdTB2ZLXo
-----END CERTIFICATE-----