This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3T7aCj-zVvo6CnmWc2Q53sS9nS8.roa
File:                     3T7aCj-zVvo6CnmWc2Q53sS9nS8.roa (raw, json)
Hash identifier:          wQzPa43SKFIJlsG85QM0AMvkJPqWr1opurkbOwlp92k=
Subject key identifier:   DD:3E:DA:0A:3F:B3:56:FA:3A:0A:79:96:73:64:39:DE:C4:BD:9D:2F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC7B86E1E9D489AF6766046AB3AA29
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3T7aCj-zVvo6CnmWc2Q53sS9nS8.roa
Signing time:             Thu 01 Jan 2026 14:18:19 +0000
ROA not before:           Thu 01 Jan 2026 14:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214794
IP address blocks:        185.176.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:7b:86:e1:e9:d4:89:af:67:66:04:6a:b3:aa:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd3eda0a3fb356fa3a0a7996736439dec4bd9d2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:97:93:b6:9e:b3:5c:ea:b9:e5:d7:31:bc:51:
                    6f:58:56:07:4e:ac:41:5a:5c:77:c5:22:85:32:39:
                    12:48:26:8f:a5:bb:b6:94:94:57:ca:d0:3e:8c:47:
                    dd:f6:7d:cf:18:c2:68:5c:13:9f:f7:5f:d5:24:7e:
                    49:53:d0:5b:77:bd:43:18:ce:8f:80:37:c4:02:1b:
                    b3:13:8b:4e:c9:b1:3c:df:73:36:7a:07:3f:44:af:
                    0e:22:b7:8a:7c:1d:3c:10:76:10:eb:e0:b6:e9:df:
                    49:aa:9d:d1:11:2b:3b:1d:68:e9:d7:69:68:4b:6c:
                    76:f0:44:58:ee:7a:9b:2c:78:15:b1:b7:b8:7c:55:
                    3f:61:0d:51:99:78:0c:38:95:1f:e3:5d:a3:d5:85:
                    d1:86:5d:ef:bf:2d:ca:d3:27:98:61:4d:36:8f:dc:
                    52:db:2a:aa:e3:45:a2:84:78:e0:e0:02:02:75:9f:
                    67:e6:e9:4d:b0:71:7e:7c:c6:1d:a1:ba:b4:81:29:
                    fd:5f:94:56:87:5e:ec:c9:ad:72:c7:66:7e:d2:45:
                    ef:6f:f8:6d:0b:ce:90:54:95:77:71:b1:b4:2f:e4:
                    e7:a7:1d:ea:a3:a9:32:a3:1c:56:f9:3f:22:95:b3:
                    70:78:a5:5f:c9:cb:c4:5c:58:66:9e:77:9a:5d:16:
                    c4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:3E:DA:0A:3F:B3:56:FA:3A:0A:79:96:73:64:39:DE:C4:BD:9D:2F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3T7aCj-zVvo6CnmWc2Q53sS9nS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:66:fa:fc:9b:b0:78:4b:29:0a:7e:0c:4a:3f:96:a2:48:a0:
         b0:09:16:21:a9:ae:3a:fa:4f:ab:b2:c4:b0:0f:e0:19:b4:5b:
         a2:8a:cf:e2:2c:0d:14:40:52:2c:db:7c:55:5a:0e:c1:2e:2e:
         57:75:f3:36:a4:1a:a7:76:3b:bf:7a:c9:72:38:37:2b:3d:6d:
         ca:d5:73:30:c2:62:e6:dc:66:a3:48:e3:32:4d:d8:7d:66:e1:
         49:42:52:53:2b:23:ae:e0:9d:ee:a1:07:e9:11:9f:2d:0b:bd:
         6c:9f:38:32:b2:b2:15:ae:50:aa:c2:5a:21:ec:54:96:29:57:
         55:dd:31:5b:55:3b:0b:84:ed:42:af:23:86:ba:12:27:8d:5c:
         a5:83:64:3d:2d:8e:a6:99:1f:14:e9:9e:76:3a:bb:fb:e3:2e:
         a4:96:0e:1b:ff:4b:82:81:21:2c:fd:f1:6a:9f:8f:35:e2:73:
         30:81:f3:c1:a7:2c:bb:65:9f:05:0f:b7:a0:93:ae:d2:14:bc:
         df:03:aa:94:c2:88:aa:d1:21:53:1a:a7:aa:7f:c1:b4:82:d7:
         ed:77:18:a3:75:c7:1a:2e:b5:f2:62:8e:67:7d:e1:d7:9c:36:
         13:fb:36:39:77:91:cc:76:a7:64:01:3e:fc:ad:c1:30:8b:39:
         f5:df:75:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57HuG4enUia9nZgRqs6opMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDNlZGEwYTNmYjM1NmZhM2EwYTc5OTY3MzY0MzlkZWM0YmQ5ZDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35eTtp6zXOq55dcxvFFvWFYHTqxB
Wlx3xSKFMjkSSCaPpbu2lJRXytA+jEfd9n3PGMJoXBOf91/VJH5JU9Bbd71DGM6P
gDfEAhuzE4tOybE833M2egc/RK8OIreKfB08EHYQ6+C26d9Jqp3RESs7HWjp12lo
S2x28ERY7nqbLHgVsbe4fFU/YQ1RmXgMOJUf412j1YXRhl3vvy3K0yeYYU02j9xS
2yqq40WihHjg4AICdZ9n5ulNsHF+fMYdobq0gSn9X5RWh17sya1yx2Z+0kXvb/ht
C86QVJV3cbG0L+Tnpx3qo6kyoxxW+T8ilbNweKVfycvEXFhmnneaXRbEiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0+2go/s1b6Ogp5lnNkOd7EvZ0vMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvM1Q3YUNqLXpWdm82Q25tV2MyUTUzc1M5blM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBcMA0G
CSqGSIb3DQEBCwUAA4IBAQCOZvr8m7B4SykKfgxKP5aiSKCwCRYhqa46+k+rssSw
D+AZtFuiis/iLA0UQFIs23xVWg7BLi5XdfM2pBqndju/eslyODcrPW3K1XMwwmLm
3GajSOMyTdh9ZuFJQlJTKyOu4J3uoQfpEZ8tC71snzgysrIVrlCqwloh7FSWKVdV
3TFbVTsLhO1CryOGuhInjVylg2Q9LY6mmR8U6Z52Orv74y6klg4b/0uCgSEs/fFq
n4814nMwgfPBpyy7ZZ8FD7egk67SFLzfA6qUwoiq0SFTGqeqf8G0gtftdxijdcca
LrXyYo5nfeHXnDYT+zY5d5HMdqdkAT78rcEwizn133X7
-----END CERTIFICATE-----