This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/3Ego7qA5ogxcgXSX7Iy2Jk2QvKA.roa
File:                     3Ego7qA5ogxcgXSX7Iy2Jk2QvKA.roa (raw, json)
Hash identifier:          AcX2UY2fKx9ShP8jKiTUZk0gum0BmvVpyfodQGjOdcQ=
Subject key identifier:   DC:48:28:EE:A0:39:A2:0C:5C:81:74:97:EC:8C:B6:26:4D:90:BC:A0
Certificate issuer:       /CN=36fe3a91263e2e8319c2a678e629851d09e77f0d
Certificate serial:       019B79EBAB9F31BE96FBF22A2675743DF31F
Authority key identifier: 36:FE:3A:91:26:3E:2E:83:19:C2:A6:78:E6:29:85:1D:09:E7:7F:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nv46kSY-LoMZwqZ45imFHQnnfw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/3Ego7qA5ogxcgXSX7Iy2Jk2QvKA.roa
Signing time:             Thu 01 Jan 2026 14:17:26 +0000
ROA not before:           Thu 01 Jan 2026 14:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215966
IP address blocks:        212.7.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/Nv46kSY-LoMZwqZ45imFHQnnfw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/Nv46kSY-LoMZwqZ45imFHQnnfw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nv46kSY-LoMZwqZ45imFHQnnfw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:ab:9f:31:be:96:fb:f2:2a:26:75:74:3d:f3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36fe3a91263e2e8319c2a678e629851d09e77f0d
        Validity
            Not Before: Jan  1 14:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc4828eea039a20c5c817497ec8cb6264d90bca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:04:bf:3e:a6:9d:61:b7:91:36:6c:c9:0f:c3:
                    89:1b:9a:86:cf:71:2e:86:f8:6b:be:65:91:fc:ce:
                    ca:ab:84:46:f9:cc:9d:31:42:dd:21:b1:e4:a4:df:
                    67:bd:e1:9d:46:ed:1d:9c:0f:29:ab:9c:dc:cc:56:
                    81:27:81:d7:e4:35:06:ac:ea:e4:2b:84:e8:38:e5:
                    fc:7e:dc:e1:6f:c2:f5:3c:2f:3a:d2:3d:01:b9:40:
                    88:a0:f8:8d:0a:5a:53:6c:5b:1a:38:6b:7b:0f:36:
                    a2:1a:cc:27:77:02:16:fe:27:0b:51:f4:e8:11:79:
                    eb:9e:ad:a4:22:4e:59:d4:cc:a5:c1:dc:fb:86:d1:
                    7e:f7:e7:cf:33:42:ba:1a:ef:02:59:95:de:39:1f:
                    10:69:8b:69:15:fd:58:6b:c7:03:25:3d:29:9b:d3:
                    9a:33:af:c8:d8:7c:39:04:51:53:5c:5f:6b:fb:56:
                    6f:ab:fe:6a:19:eb:d3:39:0e:c5:ac:6f:c7:0f:4c:
                    29:fd:7b:21:cb:c3:04:cd:cb:b9:dc:3e:70:47:d8:
                    14:8e:b8:6d:ca:84:37:c4:a1:f7:f8:80:24:c5:fb:
                    19:97:10:ba:1f:4c:8f:e2:a5:2f:64:ba:3d:39:ff:
                    49:ba:91:81:70:fa:94:95:d2:55:b3:1b:a4:44:17:
                    ea:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:48:28:EE:A0:39:A2:0C:5C:81:74:97:EC:8C:B6:26:4D:90:BC:A0
            X509v3 Authority Key Identifier:
                keyid:36:FE:3A:91:26:3E:2E:83:19:C2:A6:78:E6:29:85:1D:09:E7:7F:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nv46kSY-LoMZwqZ45imFHQnnfw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/3Ego7qA5ogxcgXSX7Iy2Jk2QvKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/Nv46kSY-LoMZwqZ45imFHQnnfw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.7.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:df:d7:94:da:a0:e6:02:5a:6e:6e:9f:19:29:9b:d4:5f:69:
         bd:86:b8:35:e9:04:b9:87:16:bb:e1:74:f9:c4:c1:3d:06:15:
         2a:42:10:a0:de:e7:cc:6b:44:99:f6:50:9a:e4:49:34:2e:27:
         41:17:e0:24:87:8c:a0:e0:c9:af:80:2f:18:16:37:24:19:7e:
         87:52:28:74:b2:1e:00:f4:bd:44:82:6b:ba:61:8e:a6:ff:60:
         10:31:7d:6e:5e:9e:98:96:f5:dd:5b:50:4d:8b:06:86:67:5a:
         62:13:ef:0b:57:ca:38:16:b2:84:90:09:dd:1c:91:a2:37:c1:
         42:d8:08:ed:94:a6:14:10:87:e9:cd:c4:5d:67:30:7a:09:de:
         66:47:2e:91:79:dd:e5:54:8a:e5:66:0e:ae:49:53:f4:cb:82:
         ae:1e:64:b2:54:c6:a8:93:d5:6a:70:b6:11:48:42:92:79:0f:
         29:54:54:55:0c:11:a7:a0:2d:3f:44:38:b5:fb:d4:d6:75:d9:
         05:2e:96:ee:7f:bf:f7:f4:fc:93:d6:2b:9e:e0:ad:de:cb:aa:
         cf:3a:d3:98:ad:65:bf:8a:94:7d:fa:50:d0:4a:0c:d1:e2:f0:
         78:3a:c7:f8:4f:3c:e2:ed:cc:21:2d:5b:fa:f8:85:bf:5a:99:
         46:c0:fc:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt566ufMb6W+/IqJnV0PfMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZmUzYTkxMjYzZTJlODMxOWMyYTY3OGU2Mjk4NTFkMDll
NzdmMGQwHhcNMjYwMTAxMTQxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQ4MjhlZWEwMzlhMjBjNWM4MTc0OTdlYzhjYjYyNjRkOTBiY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwS/PqadYbeRNmzJD8OJG5qGz3Eu
hvhrvmWR/M7Kq4RG+cydMULdIbHkpN9nveGdRu0dnA8pq5zczFaBJ4HX5DUGrOrk
K4ToOOX8ftzhb8L1PC860j0BuUCIoPiNClpTbFsaOGt7DzaiGswndwIW/icLUfTo
EXnrnq2kIk5Z1Mylwdz7htF+9+fPM0K6Gu8CWZXeOR8QaYtpFf1Ya8cDJT0pm9Oa
M6/I2Hw5BFFTXF9r+1Zvq/5qGevTOQ7FrG/HD0wp/Xshy8MEzcu53D5wR9gUjrht
yoQ3xKH3+IAkxfsZlxC6H0yP4qUvZLo9Of9JupGBcPqUldJVsxukRBfq8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxIKO6gOaIMXIF0l+yMtiZNkLygMB8GA1UdIwQY
MBaAFDb+OpEmPi6DGcKmeOYphR0J538NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnY0NmtTWS1Mb01ad3FaNDVpbUZIUW5uZncwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lOTZlZjQtNGY0NS00N2MwLWJlYmYt
ZmEzZTA5MDFmMjQwLzEvM0VnbzdxQTVvZ3hjZ1hTWDdJeTJKazJRdktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lOTZlZjQtNGY0NS00N2MwLWJlYmYtZmEzZTA5MDFmMjQw
LzEvTnY0NmtTWS1Mb01ad3FaNDVpbUZIUW5uZncwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AffMA0G
CSqGSIb3DQEBCwUAA4IBAQBu39eU2qDmAlpubp8ZKZvUX2m9hrg16QS5hxa74XT5
xME9BhUqQhCg3ufMa0SZ9lCa5Ek0LidBF+Akh4yg4MmvgC8YFjckGX6HUih0sh4A
9L1Egmu6YY6m/2AQMX1uXp6YlvXdW1BNiwaGZ1piE+8LV8o4FrKEkAndHJGiN8FC
2AjtlKYUEIfpzcRdZzB6Cd5mRy6Red3lVIrlZg6uSVP0y4KuHmSyVMaok9VqcLYR
SEKSeQ8pVFRVDBGnoC0/RDi1+9TWddkFLpbuf7/39PyT1iue4K3ey6rPOtOYrWW/
ipR9+lDQSgzR4vB4Osf4Tzzi7cwhLVv6+IW/WplGwPyC
-----END CERTIFICATE-----