This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/3h99B3B928ItdGjcKoHk10e2CY4.roa
File:                     3h99B3B928ItdGjcKoHk10e2CY4.roa (raw, json)
Hash identifier:          QICYNqcrZ0Xnzlwywop1Rva0m6JoHs3pi7Cn/R4enXk=
Subject key identifier:   DE:1F:7D:07:70:7D:DB:C2:2D:74:68:DC:2A:81:E4:D7:47:B6:09:8E
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       019A9D58DD5370022A9C36F2525C3C945147
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/3h99B3B928ItdGjcKoHk10e2CY4.roa
Signing time:             Wed 19 Nov 2025 18:20:37 +0000
ROA not before:           Wed 19 Nov 2025 18:20:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202943
IP address blocks:        195.216.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 21:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9d:58:dd:53:70:02:2a:9c:36:f2:52:5c:3c:94:51:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Nov 19 18:20:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de1f7d07707ddbc22d7468dc2a81e4d747b6098e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fd:07:bf:68:10:9a:ab:7a:16:fa:8c:8c:1d:
                    af:83:b5:55:b9:fa:c4:73:ec:6b:66:84:0d:f6:6d:
                    fa:83:7f:1c:f6:cc:0f:d1:33:e9:75:76:b2:66:3c:
                    e4:97:59:1c:5e:00:e5:df:c2:bb:c0:ff:2c:c2:d7:
                    87:5c:27:d5:eb:3e:59:b5:f5:ec:05:d7:a3:27:93:
                    dc:58:e0:46:19:40:79:44:7e:f9:25:ea:6e:10:45:
                    d2:9f:45:8e:fc:20:9b:0b:03:7c:e0:cc:7d:5d:1b:
                    1d:03:60:e3:f6:ac:4c:ae:38:c0:d1:40:0a:58:97:
                    2d:83:39:76:8d:8e:d3:1c:1f:79:01:ca:0c:6d:8e:
                    1d:a0:59:81:93:84:3a:de:a6:f3:10:51:35:f1:fe:
                    7c:aa:2b:87:62:95:c1:94:86:e4:0e:64:c9:a3:82:
                    d9:2e:5b:af:8b:26:32:dd:fe:fa:2a:0b:6d:e8:5b:
                    d2:9c:af:61:f2:46:0b:fa:78:fa:71:4b:f8:32:da:
                    f1:1d:73:48:ea:83:e2:26:11:57:da:1f:65:b5:6b:
                    eb:79:b3:54:b7:b7:d6:89:99:ee:fe:a9:07:97:53:
                    66:31:d3:97:74:c1:2b:2a:28:c8:84:51:d6:06:09:
                    4b:2d:a9:4f:ac:31:75:04:20:d0:97:f6:5f:a7:1f:
                    4a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:1F:7D:07:70:7D:DB:C2:2D:74:68:DC:2A:81:E4:D7:47:B6:09:8E
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/3h99B3B928ItdGjcKoHk10e2CY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:fc:e6:2e:a7:75:e3:24:49:71:e4:4a:d1:e8:63:55:aa:33:
         6d:5b:82:c7:79:04:ff:2f:40:41:3f:02:ba:d8:56:29:6f:aa:
         9a:3b:42:ba:b0:50:0a:20:e3:9d:ce:9a:f1:fd:36:d0:57:53:
         5e:b2:47:61:1f:04:26:45:b7:5d:d2:be:5b:49:39:fa:81:88:
         03:7a:16:bf:08:cd:1a:b2:ec:3d:16:4a:4c:59:c4:44:b2:37:
         6c:57:91:d4:93:81:9d:47:28:e4:4b:ad:dd:e0:16:fc:fa:09:
         c4:bb:94:7f:19:43:da:47:69:67:19:47:df:bf:11:6e:c5:5f:
         c7:e6:78:bc:4b:88:da:a1:4a:8d:98:c9:95:c1:97:a1:db:93:
         1f:e0:29:80:36:1d:5f:de:df:f4:df:3c:91:91:04:44:95:12:
         dc:df:de:37:ef:b5:06:3c:15:1c:11:94:8e:35:19:63:13:06:
         77:46:b1:cb:53:bd:ca:72:44:45:89:eb:5a:59:b8:03:0a:45:
         68:52:d2:b5:20:4d:47:4a:26:38:a4:69:9f:f3:12:1b:01:d2:
         e6:89:3e:79:f3:c0:9d:b7:38:3d:47:1d:ff:eb:18:cb:0c:62:
         e9:45:e0:a5:a6:84:5d:12:b2:cb:9a:05:a4:1d:e7:4c:6d:8f:
         13:e1:1b:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqdWN1TcAIqnDbyUlw8lFFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjUxMTE5MTgyMDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTFmN2QwNzcwN2RkYmMyMmQ3NDY4ZGMyYTgxZTRkNzQ3YjYwOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxv0Hv2gQmqt6FvqMjB2vg7VVufrE
c+xrZoQN9m36g38c9swP0TPpdXayZjzkl1kcXgDl38K7wP8swteHXCfV6z5ZtfXs
BdejJ5PcWOBGGUB5RH75JepuEEXSn0WO/CCbCwN84Mx9XRsdA2Dj9qxMrjjA0UAK
WJctgzl2jY7THB95AcoMbY4doFmBk4Q63qbzEFE18f58qiuHYpXBlIbkDmTJo4LZ
LluviyYy3f76Kgtt6FvSnK9h8kYL+nj6cUv4MtrxHXNI6oPiJhFX2h9ltWvrebNU
t7fWiZnu/qkHl1NmMdOXdMErKijIhFHWBglLLalPrDF1BCDQl/Zfpx9KUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4ffQdwfdvCLXRo3CqB5NdHtgmOMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvM2g5OUIzQjkyOEl0ZEdqY0tvSGsxMGUyQ1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9j4MA0G
CSqGSIb3DQEBCwUAA4IBAQAu/OYup3XjJElx5ErR6GNVqjNtW4LHeQT/L0BBPwK6
2FYpb6qaO0K6sFAKIOOdzprx/TbQV1NeskdhHwQmRbdd0r5bSTn6gYgDeha/CM0a
suw9FkpMWcREsjdsV5HUk4GdRyjkS63d4Bb8+gnEu5R/GUPaR2lnGUffvxFuxV/H
5ni8S4jaoUqNmMmVwZeh25Mf4CmANh1f3t/03zyRkQRElRLc394377UGPBUcEZSO
NRljEwZ3RrHLU73KckRFietaWbgDCkVoUtK1IE1HSiY4pGmf8xIbAdLmiT5588Cd
tzg9Rx3/6xjLDGLpReClpoRdErLLmgWkHedMbY8T4Rvo
-----END CERTIFICATE-----