This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/3KMpSZgC9P2iv8slzltjKI1SHQo.roa
File:                     3KMpSZgC9P2iv8slzltjKI1SHQo.roa (raw, json)
Hash identifier:          27sk1XimqAHQtUJFxWb9XOylcvbAZAfo1Dr97ZsUV4A=
Subject key identifier:   DC:A3:29:49:98:02:F4:FD:A2:BF:CB:25:CE:5B:63:28:8D:52:1D:0A
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019B7F15BBD30CCB066BEE617D337D0255CF
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/3KMpSZgC9P2iv8slzltjKI1SHQo.roa
Signing time:             Fri 02 Jan 2026 14:21:29 +0000
ROA not before:           Fri 02 Jan 2026 14:21:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50816
IP address blocks:        195.76.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:bb:d3:0c:cb:06:6b:ee:61:7d:33:7d:02:55:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 14:21:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dca329499802f4fda2bfcb25ce5b63288d521d0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f9:dd:d6:17:99:79:a3:a0:fa:0c:33:63:f0:
                    8f:f7:f0:cc:d2:50:a4:ce:52:46:3b:73:51:0f:33:
                    9b:d5:d0:b6:c7:b7:e0:52:ae:54:56:9d:89:6c:1a:
                    d5:47:a5:94:0b:32:ee:ce:69:d3:9e:25:32:d0:5c:
                    d3:31:41:02:6b:99:91:b8:1d:c7:77:cf:19:de:d9:
                    d8:4c:f8:e0:39:da:9f:98:d5:74:5a:de:5e:85:94:
                    87:31:31:75:67:0f:1a:34:60:3a:94:e3:fc:5e:b4:
                    02:21:48:7c:31:b9:98:b0:91:49:7e:b9:63:b5:eb:
                    83:5f:9e:2c:ae:f2:b9:d2:6e:de:bd:7b:be:dd:a0:
                    17:fd:97:dc:11:40:a5:99:3d:1c:fb:8e:8a:5d:47:
                    ce:25:61:5f:a4:63:d6:57:5f:06:42:89:01:0a:46:
                    5d:a5:0e:b0:1e:07:2a:56:bb:2c:4b:7c:da:84:da:
                    47:1c:02:3e:dc:1e:56:ac:2d:8d:d0:dd:2b:f6:57:
                    48:8e:bb:91:52:fc:ae:d7:e3:c5:ea:f7:86:b2:b6:
                    ab:89:aa:cc:de:f7:eb:7c:f1:24:d6:c6:0f:bc:39:
                    e1:7b:f4:93:94:c6:c6:7e:76:dd:e6:17:81:3f:31:
                    97:d2:16:46:8d:68:09:a9:09:7f:a9:86:d3:c4:c4:
                    41:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A3:29:49:98:02:F4:FD:A2:BF:CB:25:CE:5B:63:28:8D:52:1D:0A
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/3KMpSZgC9P2iv8slzltjKI1SHQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.76.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:0d:bc:f8:01:ca:86:8d:f2:15:77:12:2c:35:2c:83:db:d5:
         04:23:b4:fc:d4:4e:34:88:50:1e:09:be:95:2f:62:bd:63:92:
         53:d0:a0:f3:d5:5b:d3:af:14:21:cb:0e:ff:a1:39:16:8a:2c:
         59:5d:64:9e:fe:9f:54:61:c9:22:a1:8d:13:5a:3b:36:08:ec:
         be:40:80:37:3a:b9:32:b0:ab:d1:c0:98:7c:c0:1e:10:ca:4e:
         aa:e6:a7:1b:f8:dc:39:b0:d0:6a:64:90:6d:50:87:49:72:8e:
         af:d9:48:7f:3d:a3:0f:c3:2b:9c:4b:0e:e8:ee:6c:e6:38:c9:
         b3:9d:ed:14:4e:60:f2:64:9a:f6:0a:a2:2e:1d:fc:bc:4e:f5:
         83:7a:7f:f5:f2:7a:02:de:b3:19:c3:2a:46:4d:91:24:9a:03:
         49:8d:a4:41:c5:1f:f7:e9:52:10:4c:77:52:6a:84:48:26:b0:
         66:18:b6:e6:18:6a:b5:39:6a:70:19:20:b3:4b:70:d0:25:69:
         af:f8:a7:44:85:a0:eb:0e:8d:aa:27:9c:dc:23:d1:99:ba:a2:
         40:15:8d:f3:3f:6b:40:ab:23:b9:f7:fd:40:48:bd:ea:db:db:
         b5:10:22:13:dc:43:34:d6:de:ef:f3:33:00:85:6a:81:0d:b8:
         f3:ce:7d:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FbvTDMsGa+5hfTN9AlXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjYwMTAyMTQyMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2EzMjk0OTk4MDJmNGZkYTJiZmNiMjVjZTViNjMyODhkNTIxZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvnd1heZeaOg+gwzY/CP9/DM0lCk
zlJGO3NRDzOb1dC2x7fgUq5UVp2JbBrVR6WUCzLuzmnTniUy0FzTMUECa5mRuB3H
d88Z3tnYTPjgOdqfmNV0Wt5ehZSHMTF1Zw8aNGA6lOP8XrQCIUh8MbmYsJFJfrlj
teuDX54srvK50m7evXu+3aAX/ZfcEUClmT0c+46KXUfOJWFfpGPWV18GQokBCkZd
pQ6wHgcqVrssS3zahNpHHAI+3B5WrC2N0N0r9ldIjruRUvyu1+PF6veGsrariarM
3vfrfPEk1sYPvDnhe/STlMbGfnbd5heBPzGX0hZGjWgJqQl/qYbTxMRBjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyjKUmYAvT9or/LJc5bYyiNUh0KMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvM0tNcFNaZ0M5UDJpdjhzbHpsdGpLSTFTSFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0wfMA0G
CSqGSIb3DQEBCwUAA4IBAQBzDbz4AcqGjfIVdxIsNSyD29UEI7T81E40iFAeCb6V
L2K9Y5JT0KDz1VvTrxQhyw7/oTkWiixZXWSe/p9UYckioY0TWjs2COy+QIA3Orky
sKvRwJh8wB4Qyk6q5qcb+Nw5sNBqZJBtUIdJco6v2Uh/PaMPwyucSw7o7mzmOMmz
ne0UTmDyZJr2CqIuHfy8TvWDen/18noC3rMZwypGTZEkmgNJjaRBxR/36VIQTHdS
aoRIJrBmGLbmGGq1OWpwGSCzS3DQJWmv+KdEhaDrDo2qJ5zcI9GZuqJAFY3zP2tA
qyO59/1ASL3q29u1ECIT3EM01t7v8zMAhWqBDbjzzn2r
-----END CERTIFICATE-----