This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/3_W7wx2-fypI1zi7oF8Q3NS1T7k.roa
File:                     3_W7wx2-fypI1zi7oF8Q3NS1T7k.roa (raw, json)
Hash identifier:          R18F2OZx+pMzaBIwLtZY9ZTcDCGHNNWTIHQDPwa2kWg=
Subject key identifier:   DF:F5:BB:C3:1D:BE:7F:2A:48:D7:38:BB:A0:5F:10:DC:D4:B5:4F:B9
Certificate issuer:       /CN=d48b291b16f6d96c80ad7d31292f560d4faaebf0
Certificate serial:       019B7E37BB41DBFAAAD826B849D2362AA412
Authority key identifier: D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/3_W7wx2-fypI1zi7oF8Q3NS1T7k.roa
Signing time:             Fri 02 Jan 2026 10:19:00 +0000
ROA not before:           Fri 02 Jan 2026 10:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51327
IP address blocks:        193.104.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:bb:41:db:fa:aa:d8:26:b8:49:d2:36:2a:a4:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48b291b16f6d96c80ad7d31292f560d4faaebf0
        Validity
            Not Before: Jan  2 10:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dff5bbc31dbe7f2a48d738bba05f10dcd4b54fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:dd:e3:6c:e4:6b:8b:49:b5:84:9e:a1:b5:24:
                    78:93:f5:9e:c9:41:af:78:4f:38:9a:9a:68:da:18:
                    bc:2b:1d:35:48:b8:cd:99:2e:61:80:57:4c:fa:5a:
                    7f:ee:af:4c:56:32:f4:44:fc:af:17:73:b4:88:75:
                    50:89:a7:16:3c:d9:a5:33:d6:58:22:71:21:b8:47:
                    53:d6:4c:61:2f:b1:ed:5a:58:65:7d:6d:8d:e6:bd:
                    8c:36:b5:d3:39:3d:a8:74:1d:e1:4b:5b:52:a9:01:
                    64:d9:8d:1d:98:04:37:bf:5e:90:94:8d:c7:01:8f:
                    df:38:af:4c:f7:e8:0f:1f:ec:ba:37:81:dd:a1:74:
                    ba:f8:eb:3e:52:1b:9d:ed:b6:73:db:f6:62:58:f3:
                    18:20:58:c3:9a:63:e4:8c:b5:de:00:66:fe:b9:00:
                    c6:ba:09:1a:37:b4:eb:96:8a:06:e0:a2:87:e5:3a:
                    8e:7c:e7:f5:95:1e:06:a2:3d:f3:c7:4a:c8:9a:6c:
                    c0:c1:e0:bf:7d:3f:a7:bb:c8:1e:2f:6a:e9:b3:95:
                    c7:32:0f:38:56:25:cf:92:37:fa:53:50:01:32:6e:
                    c9:6a:a1:9e:cd:2d:a1:fa:af:8e:c2:1b:43:9d:91:
                    f6:f7:4d:ce:d8:cf:8a:9f:36:80:92:89:28:c3:4a:
                    04:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F5:BB:C3:1D:BE:7F:2A:48:D7:38:BB:A0:5F:10:DC:D4:B5:4F:B9
            X509v3 Authority Key Identifier:
                keyid:D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/3_W7wx2-fypI1zi7oF8Q3NS1T7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:5f:5b:c3:da:28:ee:ed:80:41:84:1c:e9:cb:4c:2b:75:2a:
         f9:79:1b:da:67:95:be:56:90:35:a7:5d:65:d4:8c:30:c3:ba:
         6d:b0:dd:11:98:17:46:fa:9d:df:c4:f1:44:83:6d:2e:71:80:
         e3:40:ba:0e:be:1e:ef:84:32:a2:77:cb:bb:73:a6:42:32:08:
         c2:7f:25:a7:b1:af:4a:88:97:49:b2:27:90:ce:8f:5b:59:24:
         5b:f8:56:e3:d3:fa:70:50:ad:2f:45:c1:6d:15:0d:54:69:1d:
         d3:35:b2:e0:ed:ba:70:5a:1f:96:71:3d:07:5f:4e:69:29:bd:
         cf:52:a0:e1:b0:80:8f:91:ba:a1:21:30:c5:07:a8:03:58:8e:
         42:b0:5d:e3:67:45:59:f8:51:05:5d:59:87:01:fb:46:ea:ba:
         87:2f:ff:f9:c7:28:df:d6:fa:7e:8d:df:7e:b4:73:c1:04:df:
         6c:a4:d5:3c:2e:3c:7b:53:86:6d:81:cc:83:21:7c:63:fc:4c:
         9b:d5:ac:25:a8:b0:fc:87:85:95:84:8b:c7:ae:52:43:11:ae:
         a6:69:ef:48:97:fa:88:31:bf:35:d5:66:83:cc:1a:98:57:ec:
         6d:bf:40:8c:1b:af:26:08:73:64:7d:32:0c:0e:47:73:2e:d2:
         1f:87:2c:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N7tB2/qq2Ca4SdI2KqQSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGIyOTFiMTZmNmQ5NmM4MGFkN2QzMTI5MmY1NjBkNGZh
YWViZjAwHhcNMjYwMTAyMTAxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmY1YmJjMzFkYmU3ZjJhNDhkNzM4YmJhMDVmMTBkY2Q0YjU0ZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzN3jbORri0m1hJ6htSR4k/WeyUGv
eE84mppo2hi8Kx01SLjNmS5hgFdM+lp/7q9MVjL0RPyvF3O0iHVQiacWPNmlM9ZY
InEhuEdT1kxhL7HtWlhlfW2N5r2MNrXTOT2odB3hS1tSqQFk2Y0dmAQ3v16QlI3H
AY/fOK9M9+gPH+y6N4HdoXS6+Os+Uhud7bZz2/ZiWPMYIFjDmmPkjLXeAGb+uQDG
ugkaN7TrlooG4KKH5TqOfOf1lR4Goj3zx0rImmzAweC/fT+nu8geL2rps5XHMg84
ViXPkjf6U1ABMm7JaqGezS2h+q+OwhtDnZH2903O2M+KnzaAkokow0oEQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/1u8Mdvn8qSNc4u6BfENzUtU+5MB8GA1UdIwQY
MBaAFNSLKRsW9tlsgK19MSkvVg1PquvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlzcEd4YjIyV3lBclgweEtTOVdEVS1xNl9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xMDgzZTktYjlkZC00YzgyLTk4Nzgt
N2Y4YmZhYzczOTc3LzEvM19XN3d4Mi1meXBJMXppN29GOFEzTlMxVDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xMDgzZTktYjlkZC00YzgyLTk4NzgtN2Y4YmZhYzczOTc3
LzEvMUlzcEd4YjIyV3lBclgweEtTOVdEVS1xNl9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWg4MA0G
CSqGSIb3DQEBCwUAA4IBAQAuX1vD2iju7YBBhBzpy0wrdSr5eRvaZ5W+VpA1p11l
1Iwww7ptsN0RmBdG+p3fxPFEg20ucYDjQLoOvh7vhDKid8u7c6ZCMgjCfyWnsa9K
iJdJsieQzo9bWSRb+Fbj0/pwUK0vRcFtFQ1UaR3TNbLg7bpwWh+WcT0HX05pKb3P
UqDhsICPkbqhITDFB6gDWI5CsF3jZ0VZ+FEFXVmHAftG6rqHL//5xyjf1vp+jd9+
tHPBBN9spNU8Ljx7U4ZtgcyDIXxj/Eyb1awlqLD8h4WVhIvHrlJDEa6mae9Il/qI
Mb811WaDzBqYV+xtv0CMG68mCHNkfTIMDkdzLtIfhyz3
-----END CERTIFICATE-----