This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/3ZiFvY-Cgcsn1T3DHXJhNHlrMbM.roa
File:                     3ZiFvY-Cgcsn1T3DHXJhNHlrMbM.roa (raw, json)
Hash identifier:          QMUQaheEQkA0MuEkm4MPIvv4qbnyv2b8MIRuQ/sS3qA=
Subject key identifier:   DD:98:85:BD:8F:82:81:CB:27:D5:3D:C3:1D:72:61:34:79:6B:31:B3
Certificate issuer:       /CN=4142d3f9b31126e0850265715c9fc32174b557a4
Certificate serial:       019B775901787364186EB7E0522EE27B4763
Authority key identifier: 41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/3ZiFvY-Cgcsn1T3DHXJhNHlrMbM.roa
Signing time:             Thu 01 Jan 2026 02:18:00 +0000
ROA not before:           Thu 01 Jan 2026 02:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212584
IP address blocks:        213.142.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:01:78:73:64:18:6e:b7:e0:52:2e:e2:7b:47:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4142d3f9b31126e0850265715c9fc32174b557a4
        Validity
            Not Before: Jan  1 02:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd9885bd8f8281cb27d53dc31d726134796b31b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b0:be:ec:6a:77:09:f6:5b:fc:9d:c1:5c:69:
                    ba:25:78:19:d8:17:c4:86:ba:ee:b5:fd:3f:98:13:
                    36:c8:ec:ea:8d:95:31:9a:8d:14:eb:20:ae:dc:a1:
                    f2:a0:92:41:c2:bb:32:b9:54:ff:cb:a7:95:b7:18:
                    46:e3:4c:4d:02:b5:0f:5b:55:cf:46:44:fd:4e:1f:
                    1b:1d:13:69:69:64:e7:4a:5c:6b:89:da:0e:93:2b:
                    e9:17:bc:0e:30:96:be:71:fd:45:b4:38:18:44:e0:
                    4f:48:49:46:cb:2a:65:be:f2:57:e2:09:8f:66:41:
                    91:ec:dc:3e:02:53:b3:6f:d3:e4:fa:e9:7f:b2:fb:
                    ce:d4:23:f4:b6:6d:c4:0b:8b:1e:1c:1a:91:8b:72:
                    06:fe:d5:19:ef:66:cc:3f:a7:d8:9c:ff:88:bf:0e:
                    75:62:a6:7d:75:06:ff:12:92:c8:5f:50:d0:1d:b9:
                    5a:80:36:8c:5e:3f:c3:e5:f0:a9:5d:a3:d2:29:7e:
                    a1:f9:ee:aa:4d:0c:46:35:75:9b:a0:00:98:31:f9:
                    55:8d:5a:79:54:00:88:00:bc:d5:19:1f:22:86:b4:
                    5c:66:65:89:bf:91:12:90:0b:37:a4:d0:65:18:f1:
                    39:ef:87:6f:83:27:f9:ea:17:d7:44:23:71:ab:7a:
                    b3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:98:85:BD:8F:82:81:CB:27:D5:3D:C3:1D:72:61:34:79:6B:31:B3
            X509v3 Authority Key Identifier:
                keyid:41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/3ZiFvY-Cgcsn1T3DHXJhNHlrMbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.142.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:98:d7:9a:d7:35:94:26:32:d1:a1:9c:aa:b1:7a:12:e2:0f:
         b8:fa:7d:3a:20:a4:87:0f:0d:b0:20:92:30:c1:06:54:08:2c:
         a9:3a:08:14:f9:16:b3:6f:9f:bd:a7:26:a6:66:7d:66:1a:fb:
         f4:70:b9:99:2b:5b:a3:2c:27:76:d6:0e:63:1b:6b:ef:0d:75:
         5d:34:17:a6:8a:46:65:65:4f:c6:f1:d2:eb:39:9b:b7:22:b6:
         bd:ba:d7:7c:b6:b9:8d:e6:de:82:f5:0f:87:fd:a6:0b:4c:bb:
         6d:9f:52:c7:5f:ba:d3:fd:e9:8e:6c:27:c6:06:8a:ed:33:f3:
         74:63:ff:42:2a:98:16:1c:48:3c:05:d0:a1:36:5f:1a:dc:9b:
         f7:c1:69:c4:27:7f:39:85:3c:44:81:83:e7:e8:fe:53:8c:57:
         da:35:44:89:2a:d0:bf:51:fb:dd:d3:9f:bd:d7:94:e5:6e:7d:
         ee:25:2b:d1:ac:5a:86:bb:8e:bd:73:ff:20:37:25:b7:41:71:
         f3:75:fe:25:5d:14:2c:15:b6:e5:75:b7:9a:58:20:33:0c:d3:
         16:fc:97:69:6a:81:46:54:1c:df:68:a7:43:5e:47:ef:60:9c:
         29:72:b8:e6:01:04:b4:ab:6e:54:3e:c1:e5:83:2e:c2:41:cc:
         22:9f:b2:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQF4c2QYbrfgUi7ie0djMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDJkM2Y5YjMxMTI2ZTA4NTAyNjU3MTVjOWZjMzIxNzRi
NTU3YTQwHhcNMjYwMTAxMDIxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDk4ODViZDhmODI4MWNiMjdkNTNkYzMxZDcyNjEzNDc5NmIzMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrC+7Gp3CfZb/J3BXGm6JXgZ2BfE
hrrutf0/mBM2yOzqjZUxmo0U6yCu3KHyoJJBwrsyuVT/y6eVtxhG40xNArUPW1XP
RkT9Th8bHRNpaWTnSlxridoOkyvpF7wOMJa+cf1FtDgYROBPSElGyyplvvJX4gmP
ZkGR7Nw+AlOzb9Pk+ul/svvO1CP0tm3EC4seHBqRi3IG/tUZ72bMP6fYnP+Ivw51
YqZ9dQb/EpLIX1DQHblagDaMXj/D5fCpXaPSKX6h+e6qTQxGNXWboACYMflVjVp5
VACIALzVGR8ihrRcZmWJv5ESkAs3pNBlGPE574dvgyf56hfXRCNxq3qzmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2Yhb2PgoHLJ9U9wx1yYTR5azGzMB8GA1UdIwQY
MBaAFEFC0/mzESbghQJlcVyfwyF0tVekMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGIt
OWM5OGQxMTE5N2I3LzEvM1ppRnZZLUNnY3NuMVQzREhYSmhOSGxyTWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGItOWM5OGQxMTE5N2I3
LzEvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y6dMA0G
CSqGSIb3DQEBCwUAA4IBAQCNmNea1zWUJjLRoZyqsXoS4g+4+n06IKSHDw2wIJIw
wQZUCCypOggU+Razb5+9pyamZn1mGvv0cLmZK1ujLCd21g5jG2vvDXVdNBemikZl
ZU/G8dLrOZu3Ira9utd8trmN5t6C9Q+H/aYLTLttn1LHX7rT/emObCfGBortM/N0
Y/9CKpgWHEg8BdChNl8a3Jv3wWnEJ385hTxEgYPn6P5TjFfaNUSJKtC/Ufvd05+9
15Tlbn3uJSvRrFqGu469c/8gNyW3QXHzdf4lXRQsFbbldbeaWCAzDNMW/JdpaoFG
VBzfaKdDXkfvYJwpcrjmAQS0q25UPsHlgy7CQcwin7Ja
-----END CERTIFICATE-----