This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a02c08-f31b-48c5-ad47-f83b8d04087c/1/3IMviFqKeTkgcM4hJ3DCovEJPT4.roa
File:                     3IMviFqKeTkgcM4hJ3DCovEJPT4.roa (raw, json)
Hash identifier:          PJ8bbhBGDwD8QZsH/L9/+WbI+Jn53tual+W0DILWDvw=
Subject key identifier:   DC:83:2F:88:5A:8A:79:39:20:70:CE:21:27:70:C2:A2:F1:09:3D:3E
Certificate issuer:       /CN=885c09522f635fcafa29bcebac72c894e4ffeed2
Certificate serial:       019B7EA668B406F2D5CADC9AC96CDE126C12
Authority key identifier: 88:5C:09:52:2F:63:5F:CA:FA:29:BC:EB:AC:72:C8:94:E4:FF:EE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFwJUi9jX8r6KbzrrHLIlOT_7tI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a02c08-f31b-48c5-ad47-f83b8d04087c/1/3IMviFqKeTkgcM4hJ3DCovEJPT4.roa
Signing time:             Fri 02 Jan 2026 12:19:53 +0000
ROA not before:           Fri 02 Jan 2026 12:19:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208167
IP address blocks:        193.104.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a02c08-f31b-48c5-ad47-f83b8d04087c/1/iFwJUi9jX8r6KbzrrHLIlOT_7tI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a02c08-f31b-48c5-ad47-f83b8d04087c/1/iFwJUi9jX8r6KbzrrHLIlOT_7tI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFwJUi9jX8r6KbzrrHLIlOT_7tI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:68:b4:06:f2:d5:ca:dc:9a:c9:6c:de:12:6c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885c09522f635fcafa29bcebac72c894e4ffeed2
        Validity
            Not Before: Jan  2 12:19:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc832f885a8a79392070ce212770c2a2f1093d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f3:67:43:d3:cb:7b:0f:39:f3:c9:b0:e1:80:
                    56:35:39:c3:ba:46:58:3d:6f:59:8b:a6:67:04:0e:
                    84:3c:2f:61:b6:e6:7e:86:5e:30:92:b8:91:61:98:
                    20:e8:2b:fa:65:53:db:2f:63:08:39:e8:e9:b3:ed:
                    8f:fb:ce:44:fa:ea:6c:66:ec:ac:6b:58:2a:53:39:
                    6d:53:46:bf:bd:bb:6b:ee:d5:3b:4c:72:7e:ff:2e:
                    fb:1d:f0:4a:23:87:62:55:f7:f0:2b:85:2f:af:3e:
                    12:01:46:3c:be:dc:eb:12:d1:9e:81:d9:30:2b:f4:
                    03:97:c5:69:56:93:b9:40:c2:15:01:56:84:51:c8:
                    3f:64:32:a0:17:04:5a:f3:b3:ad:7d:fd:f1:6f:56:
                    45:ff:a4:8a:67:98:37:eb:ce:f0:6c:ed:b3:20:f0:
                    57:57:84:2c:84:13:18:42:56:57:74:e1:92:b5:26:
                    c9:58:47:24:ae:48:d6:bc:6a:4c:e4:51:57:36:d2:
                    43:99:f3:57:9d:6c:bd:55:66:cb:2a:3a:dd:0d:7c:
                    0f:4e:dd:6f:f9:78:33:63:37:1e:d8:f7:17:cc:59:
                    de:a7:2d:eb:e6:38:ac:eb:1c:61:43:a8:55:fa:f4:
                    83:8d:eb:d5:d3:da:82:05:ee:73:32:9d:a9:22:fa:
                    19:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:83:2F:88:5A:8A:79:39:20:70:CE:21:27:70:C2:A2:F1:09:3D:3E
            X509v3 Authority Key Identifier:
                keyid:88:5C:09:52:2F:63:5F:CA:FA:29:BC:EB:AC:72:C8:94:E4:FF:EE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFwJUi9jX8r6KbzrrHLIlOT_7tI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a02c08-f31b-48c5-ad47-f83b8d04087c/1/3IMviFqKeTkgcM4hJ3DCovEJPT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a02c08-f31b-48c5-ad47-f83b8d04087c/1/iFwJUi9jX8r6KbzrrHLIlOT_7tI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:26:60:32:db:0e:61:93:b3:31:af:20:07:28:47:74:d6:94:
         3b:7c:3f:6c:3f:88:70:d2:74:9c:45:79:6c:59:38:9a:2c:03:
         43:d7:13:a0:73:e1:25:d7:0f:9a:0f:08:ae:87:9d:da:4b:e0:
         6d:f5:2b:e0:f7:66:91:1d:1b:9f:ec:c8:a0:e3:36:08:90:73:
         d3:88:12:bf:61:6d:b4:b0:c2:91:19:45:1a:3e:da:ea:1f:83:
         eb:be:bf:7f:f1:77:16:f4:f1:6e:c5:32:f7:00:47:97:e9:51:
         70:09:97:f0:09:07:91:b4:f0:75:91:bf:6d:22:c3:88:b4:15:
         29:4e:bc:fe:6a:ff:9a:a6:e1:78:a8:2d:27:b5:12:ac:c3:0d:
         21:ab:6e:1f:be:f5:d9:7c:6f:0d:e5:d4:ca:3e:4a:10:79:a6:
         9a:35:9c:ce:e2:e7:5c:59:b6:f7:d2:9c:95:62:d8:c6:e4:91:
         13:dd:09:1f:89:e3:4b:fb:e1:d8:35:a6:06:09:c2:2b:0c:db:
         6e:84:40:57:86:50:0f:66:92:82:5e:72:cd:8b:85:6b:ec:aa:
         d3:20:9c:e5:82:b2:58:f5:2c:5e:94:92:0f:26:ed:79:5c:de:
         ea:16:88:60:1d:92:52:90:49:c1:68:9a:69:55:91:4b:f1:c7:
         17:41:e0:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pmi0BvLVytyayWzeEmwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWMwOTUyMmY2MzVmY2FmYTI5YmNlYmFjNzJjODk0ZTRm
ZmVlZDIwHhcNMjYwMTAyMTIxOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzgzMmY4ODVhOGE3OTM5MjA3MGNlMjEyNzcwYzJhMmYxMDkzZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfNnQ9PLew8588mw4YBWNTnDukZY
PW9Zi6ZnBA6EPC9htuZ+hl4wkriRYZgg6Cv6ZVPbL2MIOejps+2P+85E+upsZuys
a1gqUzltU0a/vbtr7tU7THJ+/y77HfBKI4diVffwK4Uvrz4SAUY8vtzrEtGegdkw
K/QDl8VpVpO5QMIVAVaEUcg/ZDKgFwRa87Otff3xb1ZF/6SKZ5g3687wbO2zIPBX
V4QshBMYQlZXdOGStSbJWEckrkjWvGpM5FFXNtJDmfNXnWy9VWbLKjrdDXwPTt1v
+XgzYzce2PcXzFnepy3r5jis6xxhQ6hV+vSDjevV09qCBe5zMp2pIvoZCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyDL4haink5IHDOISdwwqLxCT0+MB8GA1UdIwQY
MBaAFIhcCVIvY1/K+im866xyyJTk/+7SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ3SlVpOWpYOHI2S2J6cnJITElsT1RfN3RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hMDJjMDgtZjMxYi00OGM1LWFkNDct
ZjgzYjhkMDQwODdjLzEvM0lNdmlGcUtlVGtnY000aEozRENvdkVKUFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hMDJjMDgtZjMxYi00OGM1LWFkNDctZjgzYjhkMDQwODdj
LzEvaUZ3SlVpOWpYOHI2S2J6cnJITElsT1RfN3RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWhKMA0G
CSqGSIb3DQEBCwUAA4IBAQBRJmAy2w5hk7MxryAHKEd01pQ7fD9sP4hw0nScRXls
WTiaLAND1xOgc+El1w+aDwiuh53aS+Bt9Svg92aRHRuf7Mig4zYIkHPTiBK/YW20
sMKRGUUaPtrqH4Prvr9/8XcW9PFuxTL3AEeX6VFwCZfwCQeRtPB1kb9tIsOItBUp
Trz+av+apuF4qC0ntRKsww0hq24fvvXZfG8N5dTKPkoQeaaaNZzO4udcWbb30pyV
YtjG5JET3QkfieNL++HYNaYGCcIrDNtuhEBXhlAPZpKCXnLNi4Vr7KrTIJzlgrJY
9SxelJIPJu15XN7qFohgHZJSkEnBaJppVZFL8ccXQeDz
-----END CERTIFICATE-----