This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/n3D-Zk4G38G2tBgyUy3hXStCuWg.roa
File:                     n3D-Zk4G38G2tBgyUy3hXStCuWg.roa (raw, json)
Hash identifier:          xWuIVNN480cZZue76BwJppWLzoJjQqcpD9fuq0+OWZ0=
Subject key identifier:   9F:70:FE:66:4E:06:DF:C1:B6:B4:18:32:53:2D:E1:5D:2B:42:B9:68
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       019B7FF276F9FE55FFC129C2DE3D9AF0CCBB
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/n3D-Zk4G38G2tBgyUy3hXStCuWg.roa
Signing time:             Fri 02 Jan 2026 18:22:35 +0000
ROA not before:           Fri 02 Jan 2026 18:22:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197741
IP address blocks:        82.119.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:76:f9:fe:55:ff:c1:29:c2:de:3d:9a:f0:cc:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  2 18:22:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f70fe664e06dfc1b6b41832532de15d2b42b968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bd:8c:58:55:ba:dd:b0:97:d3:2d:4f:68:50:
                    03:e3:05:2f:ce:47:59:c3:d4:58:45:42:eb:32:fe:
                    c2:f1:36:85:e3:4d:13:14:b0:04:0c:75:bd:34:a7:
                    64:22:f2:f6:98:10:fa:9f:55:1e:da:c6:2b:5b:bf:
                    5f:a8:5f:f4:6f:f9:96:24:42:8f:d0:3e:7f:45:13:
                    92:e3:c4:5f:cb:58:e3:3c:09:22:b1:14:7a:11:99:
                    d6:be:7a:74:df:78:4e:b0:90:d6:d6:34:1d:f7:70:
                    6e:3e:ed:f2:ba:5f:47:8e:42:74:32:7f:e8:7a:41:
                    22:33:17:73:a9:af:c3:19:2f:ba:ea:dc:d4:48:d5:
                    cd:ea:93:a7:6a:62:ed:8d:3e:86:ff:7a:fd:cb:f9:
                    07:a0:49:4a:fc:13:1d:c6:d3:10:3d:78:d9:18:5d:
                    8a:4c:78:6e:9e:f6:7b:eb:7f:d7:7d:37:4b:b7:8d:
                    a2:98:1d:de:9b:23:25:f5:af:d8:55:b2:21:01:6c:
                    ff:17:01:b2:bd:3d:11:f5:04:9d:c6:9e:f5:27:d5:
                    25:d9:f7:bc:11:85:83:35:c4:c6:e1:87:e3:5d:28:
                    64:7a:f8:e8:03:d2:25:05:ff:be:91:86:83:b3:75:
                    24:5c:fd:2a:9a:60:07:87:f2:19:a8:24:df:a6:00:
                    ca:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:70:FE:66:4E:06:DF:C1:B6:B4:18:32:53:2D:E1:5D:2B:42:B9:68
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/n3D-Zk4G38G2tBgyUy3hXStCuWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:d8:9d:02:2b:93:c7:27:c5:93:d0:cb:18:7f:f0:86:78:15:
         39:a2:75:ec:58:5d:91:0c:79:b6:27:b4:5b:3c:11:ad:8d:b2:
         f3:b4:ae:bc:20:3b:fe:f1:70:8f:de:c2:46:ea:9c:b6:4e:11:
         f8:66:52:88:90:4d:9a:51:da:96:10:65:48:39:a5:6c:8e:b7:
         48:9d:86:c2:16:43:55:57:b4:31:af:fa:ce:f0:75:09:e6:1d:
         58:45:74:6e:0d:f5:12:b4:6f:7b:e8:25:c8:78:9d:62:05:1d:
         04:b9:33:86:e0:dc:17:cc:30:ce:11:e6:6b:82:e1:ee:83:0a:
         74:48:a8:02:ea:28:57:9c:96:d5:cb:30:35:87:ff:7a:96:2e:
         f5:35:91:8d:b5:94:9b:d5:e4:01:de:79:7e:5c:9c:fe:20:f5:
         e9:11:0d:e0:1b:83:9b:ba:93:d2:01:b6:0b:41:dc:6c:2c:bd:
         e2:aa:d5:c5:5c:38:2f:9e:b5:22:6e:b1:6a:34:9b:6a:4d:22:
         4b:bc:0d:2a:ec:d7:bc:65:97:85:68:be:2c:72:9e:06:eb:77:
         66:35:55:e8:61:e8:91:f2:03:e0:70:66:17:09:04:c3:b3:ab:
         ed:29:8b:46:d0:5e:3c:a3:06:90:d1:32:5a:db:c3:0c:45:09:
         77:d9:63:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8nb5/lX/wSnC3j2a8My7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjYwMTAyMTgyMjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjcwZmU2NjRlMDZkZmMxYjZiNDE4MzI1MzJkZTE1ZDJiNDJiOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb2MWFW63bCX0y1PaFAD4wUvzkdZ
w9RYRULrMv7C8TaF400TFLAEDHW9NKdkIvL2mBD6n1Ue2sYrW79fqF/0b/mWJEKP
0D5/RROS48Rfy1jjPAkisRR6EZnWvnp033hOsJDW1jQd93BuPu3yul9HjkJ0Mn/o
ekEiMxdzqa/DGS+66tzUSNXN6pOnamLtjT6G/3r9y/kHoElK/BMdxtMQPXjZGF2K
THhunvZ763/XfTdLt42imB3emyMl9a/YVbIhAWz/FwGyvT0R9QSdxp71J9Ul2fe8
EYWDNcTG4YfjXShkevjoA9IlBf++kYaDs3UkXP0qmmAHh/IZqCTfpgDKqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9w/mZOBt/BtrQYMlMt4V0rQrloMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvbjNELVprNEczOEcydEJneVV5M2hYU3RDdVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndRMA0G
CSqGSIb3DQEBCwUAA4IBAQCp2J0CK5PHJ8WT0MsYf/CGeBU5onXsWF2RDHm2J7Rb
PBGtjbLztK68IDv+8XCP3sJG6py2ThH4ZlKIkE2aUdqWEGVIOaVsjrdInYbCFkNV
V7Qxr/rO8HUJ5h1YRXRuDfUStG976CXIeJ1iBR0EuTOG4NwXzDDOEeZrguHugwp0
SKgC6ihXnJbVyzA1h/96li71NZGNtZSb1eQB3nl+XJz+IPXpEQ3gG4ObupPSAbYL
QdxsLL3iqtXFXDgvnrUibrFqNJtqTSJLvA0q7Ne8ZZeFaL4scp4G63dmNVXoYeiR
8gPgcGYXCQTDs6vtKYtG0F48owaQ0TJa28MMRQl32WNw
-----END CERTIFICATE-----