This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/3R5oD25q8ASU9J1x-IPhjpfW5lU.roa
File:                     3R5oD25q8ASU9J1x-IPhjpfW5lU.roa (raw, json)
Hash identifier:          sFq24exEIQ3gwJ1y1cbivjeqJul4IsZanZzpZo/9X2k=
Subject key identifier:   DD:1E:68:0F:6E:6A:F0:04:94:F4:9D:71:F8:83:E1:8E:97:D6:E6:55
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       019B7B3609C92050B631559027AC9B9C3FAE
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/3R5oD25q8ASU9J1x-IPhjpfW5lU.roa
Signing time:             Thu 01 Jan 2026 20:18:17 +0000
ROA not before:           Thu 01 Jan 2026 20:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44220
IP address blocks:        89.45.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:09:c9:20:50:b6:31:55:90:27:ac:9b:9c:3f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  1 20:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd1e680f6e6af00494f49d71f883e18e97d6e655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e7:d9:ed:ce:3b:a7:55:eb:96:06:b0:7e:5c:
                    58:34:41:31:c4:8f:e2:ce:d2:a2:66:13:62:db:66:
                    b2:ff:b7:d1:ac:c4:0c:ba:45:2e:09:cc:8c:25:17:
                    bf:27:18:31:7f:9e:29:e8:35:c6:4b:7b:ff:86:7a:
                    d2:d6:95:eb:34:56:6d:64:19:cc:ac:15:d3:fb:22:
                    44:bf:45:79:c1:f6:47:9c:e6:79:e0:dc:d6:79:15:
                    97:5b:c7:77:42:39:a4:9c:52:85:b5:e5:68:b9:9a:
                    22:e2:52:8b:b3:04:29:33:49:f7:92:b7:7b:f4:3a:
                    a1:5a:fe:bd:05:c2:c2:7a:c3:f9:5b:f7:82:2e:29:
                    c0:e3:97:3b:61:d7:16:68:e3:67:cf:b7:2f:4d:97:
                    df:8f:0e:6e:c4:d0:05:96:ad:c7:3a:ea:41:7c:06:
                    38:53:25:46:65:2c:7f:1e:59:c1:40:87:b6:61:60:
                    f4:d9:36:0e:20:52:a1:cd:d5:7a:8f:3f:01:b8:90:
                    f2:7e:04:55:da:2b:95:50:67:22:38:60:40:e7:48:
                    23:f0:b1:30:d8:bc:57:21:06:02:b4:40:9d:f7:80:
                    be:d5:d3:50:e8:c0:1f:4a:9e:e1:d1:5c:f6:5e:81:
                    02:05:33:b0:5d:06:3d:ad:93:4e:af:d8:8d:49:9e:
                    4b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:1E:68:0F:6E:6A:F0:04:94:F4:9D:71:F8:83:E1:8E:97:D6:E6:55
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/3R5oD25q8ASU9J1x-IPhjpfW5lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:86:fd:ed:a0:03:a0:d5:6d:d1:93:2a:62:85:ae:5c:de:53:
         9c:9b:91:3e:aa:47:cf:7d:b9:47:be:30:d0:e5:0d:46:74:06:
         5e:0d:3e:58:e0:0f:b6:cf:54:55:40:b9:3b:70:84:5a:8f:ce:
         ce:a4:25:23:04:04:2a:7c:da:e6:16:59:79:21:e3:35:62:c4:
         4c:1c:9e:e4:1f:cb:c5:b3:bf:dd:9e:90:bb:7e:fb:7c:ac:35:
         67:fa:55:77:0c:42:02:dd:20:1e:9f:a8:9f:82:4f:c3:8e:b1:
         4b:66:5f:75:ba:27:2c:71:48:b0:59:92:b7:f4:e1:30:de:54:
         29:67:2d:ca:af:20:45:e9:1f:84:47:ff:3a:30:8a:01:b9:46:
         ab:eb:e3:3b:24:be:62:a5:b1:01:05:41:46:95:3f:ca:88:36:
         83:cc:07:b6:c6:98:fb:75:a7:36:8d:05:d1:a9:fe:df:47:12:
         cf:10:68:f5:26:0c:f1:76:c4:9d:df:e8:e4:27:97:68:c8:d0:
         99:90:a6:f0:b3:63:bd:57:f6:e9:79:58:ee:61:30:68:37:da:
         7c:cc:3b:9d:48:7d:a2:f9:23:ff:4b:7f:ca:87:a5:13:11:14:
         e4:13:0f:d9:2d:e7:58:49:65:90:0e:8b:07:f3:00:32:e6:7d:
         65:fd:8a:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NgnJIFC2MVWQJ6ybnD+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjYwMTAxMjAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDFlNjgwZjZlNmFmMDA0OTRmNDlkNzFmODgzZTE4ZTk3ZDZlNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArefZ7c47p1XrlgawflxYNEExxI/i
ztKiZhNi22ay/7fRrMQMukUuCcyMJRe/Jxgxf54p6DXGS3v/hnrS1pXrNFZtZBnM
rBXT+yJEv0V5wfZHnOZ54NzWeRWXW8d3QjmknFKFteVouZoi4lKLswQpM0n3krd7
9DqhWv69BcLCesP5W/eCLinA45c7YdcWaONnz7cvTZffjw5uxNAFlq3HOupBfAY4
UyVGZSx/HlnBQIe2YWD02TYOIFKhzdV6jz8BuJDyfgRV2iuVUGciOGBA50gj8LEw
2LxXIQYCtECd94C+1dNQ6MAfSp7h0Vz2XoECBTOwXQY9rZNOr9iNSZ5L3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0eaA9uavAElPSdcfiD4Y6X1uZVMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvM1I1b0QyNXE4QVNVOUoxeC1JUGhqcGZXNWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS0uMA0G
CSqGSIb3DQEBCwUAA4IBAQBChv3toAOg1W3Rkypiha5c3lOcm5E+qkfPfblHvjDQ
5Q1GdAZeDT5Y4A+2z1RVQLk7cIRaj87OpCUjBAQqfNrmFll5IeM1YsRMHJ7kH8vF
s7/dnpC7fvt8rDVn+lV3DEIC3SAen6ifgk/DjrFLZl91uicscUiwWZK39OEw3lQp
Zy3KryBF6R+ER/86MIoBuUar6+M7JL5ipbEBBUFGlT/KiDaDzAe2xpj7dac2jQXR
qf7fRxLPEGj1JgzxdsSd3+jkJ5doyNCZkKbws2O9V/bpeVjuYTBoN9p8zDudSH2i
+SP/S3/Kh6UTERTkEw/ZLedYSWWQDosH8wAy5n1l/YrI
-----END CERTIFICATE-----