This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/b3EhJU_Xk0OxhBbisianHJzBkig.roa
File:                     b3EhJU_Xk0OxhBbisianHJzBkig.roa (raw, json)
Hash identifier:          1AGC7Pa0MRd3a7eWTAiC8FixJDwwTaNnLp4pbWbvZ2M=
Subject key identifier:   6F:71:21:25:4F:D7:93:43:B1:84:16:E2:B2:26:A7:1C:9C:C1:92:28
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       019B7A5B0A630635863696979C2E0D2E0E49
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/b3EhJU_Xk0OxhBbisianHJzBkig.roa
Signing time:             Thu 01 Jan 2026 16:19:05 +0000
ROA not before:           Thu 01 Jan 2026 16:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42688
IP address blocks:        37.157.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:0a:63:06:35:86:36:96:97:9c:2e:0d:2e:0e:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  1 16:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f7121254fd79343b18416e2b226a71c9cc19228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a4:b2:a8:41:be:1d:66:c8:11:82:88:53:ec:
                    da:2a:2d:75:be:d4:8f:a7:1c:bf:e9:43:ef:ea:2a:
                    dc:25:12:ae:a2:54:bf:30:ee:14:4c:03:ea:c0:5f:
                    86:14:65:5b:4b:c6:42:a8:60:d7:b3:10:f1:db:3e:
                    e9:db:7b:09:b5:5e:d2:0b:ec:a9:f8:23:3d:00:bd:
                    c0:86:01:ec:b6:b0:eb:42:24:74:5f:52:8a:83:75:
                    b0:fa:e2:34:34:54:63:9e:64:d0:08:4d:a6:0f:72:
                    08:98:79:a7:a0:57:8d:49:c9:91:41:76:9f:3f:95:
                    9d:25:fc:a1:2d:dc:df:03:9d:67:ce:5e:1f:83:92:
                    d0:7d:db:ac:59:37:da:6d:a2:b7:39:dc:f1:12:31:
                    b0:5d:2b:28:2b:ad:3c:3f:00:fa:ea:bd:9e:1f:98:
                    8d:43:71:65:ef:b9:97:9e:ac:b4:ed:7a:6b:f1:dd:
                    f2:ce:cd:6e:74:d9:8b:7d:6a:42:85:e8:81:af:25:
                    14:ad:bc:0c:bf:da:62:6d:c8:ae:c2:53:7d:94:a5:
                    68:8d:ab:5c:cc:19:e1:0f:17:65:b8:27:28:c0:ab:
                    f2:ce:2b:a9:08:38:df:2b:97:4b:fb:13:ad:53:88:
                    e7:67:17:72:57:bb:64:6a:7f:49:1b:2f:af:fa:51:
                    87:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:71:21:25:4F:D7:93:43:B1:84:16:E2:B2:26:A7:1C:9C:C1:92:28
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/b3EhJU_Xk0OxhBbisianHJzBkig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:6b:2f:62:0c:ce:b7:a7:1f:d5:70:c3:72:df:1d:94:7b:0e:
         03:38:3c:68:1c:db:0c:98:b5:29:59:15:ae:2e:94:11:08:17:
         fe:50:6f:b9:53:a7:a8:72:2e:0b:34:48:92:bf:81:bc:74:6f:
         7d:0d:d4:a3:59:53:57:4f:b6:87:b6:68:d1:ea:ae:e9:7e:36:
         d4:05:cf:bf:47:f9:fb:95:61:9a:66:79:8b:cd:45:a9:e5:fd:
         7e:a4:c0:b0:ec:5c:2e:ba:ed:e5:ba:d0:cd:d2:f7:76:87:e2:
         cd:f0:50:4e:fd:e6:ef:04:d9:2e:d7:fb:ef:3c:79:cf:a6:55:
         39:d6:3e:ef:ff:84:f3:62:9a:f3:c5:ac:63:27:06:28:e6:2d:
         0c:6f:a9:6a:17:77:d8:90:01:a1:05:d6:d5:e0:51:aa:1e:11:
         1c:51:8f:ae:4f:33:41:01:c5:c8:77:85:57:d3:0b:fe:a1:44:
         f4:53:df:f6:44:ba:f6:32:bf:e7:e3:3c:48:99:dd:0e:c8:ef:
         5b:60:d7:65:b0:74:39:69:eb:a4:1d:f0:66:53:d1:6e:28:ad:
         74:cc:78:e3:50:f6:ea:05:34:b8:e1:fc:97:cc:5a:f8:d0:62:
         9f:6c:4a:ac:99:eb:c8:88:2b:80:11:d8:4d:2e:e8:02:27:e3:
         19:62:a6:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwpjBjWGNpaXnC4NLg5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjYwMTAxMTYxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjcxMjEyNTRmZDc5MzQzYjE4NDE2ZTJiMjI2YTcxYzljYzE5MjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6SyqEG+HWbIEYKIU+zaKi11vtSP
pxy/6UPv6ircJRKuolS/MO4UTAPqwF+GFGVbS8ZCqGDXsxDx2z7p23sJtV7SC+yp
+CM9AL3AhgHstrDrQiR0X1KKg3Ww+uI0NFRjnmTQCE2mD3IImHmnoFeNScmRQXaf
P5WdJfyhLdzfA51nzl4fg5LQfdusWTfabaK3OdzxEjGwXSsoK608PwD66r2eH5iN
Q3Fl77mXnqy07Xpr8d3yzs1udNmLfWpCheiBryUUrbwMv9pibciuwlN9lKVojatc
zBnhDxdluCcowKvyziupCDjfK5dL+xOtU4jnZxdyV7tkan9JGy+v+lGHKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9xISVP15NDsYQW4rImpxycwZIoMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvYjNFaEpVX1hrME94aEJiaXNpYW5ISnpCa2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZ3QMA0G
CSqGSIb3DQEBCwUAA4IBAQBTay9iDM63px/VcMNy3x2Uew4DODxoHNsMmLUpWRWu
LpQRCBf+UG+5U6eoci4LNEiSv4G8dG99DdSjWVNXT7aHtmjR6q7pfjbUBc+/R/n7
lWGaZnmLzUWp5f1+pMCw7Fwuuu3lutDN0vd2h+LN8FBO/ebvBNku1/vvPHnPplU5
1j7v/4TzYprzxaxjJwYo5i0Mb6lqF3fYkAGhBdbV4FGqHhEcUY+uTzNBAcXId4VX
0wv+oUT0U9/2RLr2Mr/n4zxImd0OyO9bYNdlsHQ5aeukHfBmU9FuKK10zHjjUPbq
BTS44fyXzFr40GKfbEqsmevIiCuAEdhNLugCJ+MZYqY2
-----END CERTIFICATE-----