This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/cUOwzS6zZJ75wp4AMkGAVEGIHAM.roa
File:                     cUOwzS6zZJ75wp4AMkGAVEGIHAM.roa (raw, json)
Hash identifier:          zhJ7nX2X7NThWP5yAOvlZvDnjb68FXcjF71dp2XEQHI=
Subject key identifier:   71:43:B0:CD:2E:B3:64:9E:F9:C2:9E:00:32:41:80:54:41:88:1C:03
Certificate issuer:       /CN=3ed5bcdfe0adb6b94151187ffdac4ae8f311a6f1
Certificate serial:       019B7D5CB6C80D7B40D4BEE1701D550EE9B8
Authority key identifier: 3E:D5:BC:DF:E0:AD:B6:B9:41:51:18:7F:FD:AC:4A:E8:F3:11:A6:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PtW83-CttrlBURh__axK6PMRpvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/cUOwzS6zZJ75wp4AMkGAVEGIHAM.roa
Signing time:             Fri 02 Jan 2026 06:19:46 +0000
ROA not before:           Fri 02 Jan 2026 06:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2852
IP address blocks:        193.84.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/PtW83-CttrlBURh__axK6PMRpvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/PtW83-CttrlBURh__axK6PMRpvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PtW83-CttrlBURh__axK6PMRpvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:b6:c8:0d:7b:40:d4:be:e1:70:1d:55:0e:e9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ed5bcdfe0adb6b94151187ffdac4ae8f311a6f1
        Validity
            Not Before: Jan  2 06:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7143b0cd2eb3649ef9c29e003241805441881c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c0:ee:79:cc:13:12:50:6f:d9:11:e5:1b:46:
                    82:d1:6c:7d:98:d6:2e:1c:18:87:75:5c:42:c5:0c:
                    a6:40:1b:55:d1:0a:e3:48:cb:ab:37:6c:e3:0d:69:
                    ee:7f:35:a5:a6:d3:d8:3b:ed:a8:77:be:19:f3:db:
                    51:21:43:ef:33:3e:86:33:e6:55:ff:64:9c:bc:56:
                    d7:64:2f:6d:ea:2a:2b:d3:52:80:7f:a9:1a:64:22:
                    03:34:5f:3d:1a:62:7b:39:b9:4d:15:2a:95:32:c4:
                    f6:06:03:a0:f0:94:b6:39:c3:a4:25:7d:00:12:f5:
                    c8:f6:b3:5e:9a:c2:c1:c8:ee:80:14:73:84:9d:7f:
                    bb:7f:f9:e0:6a:be:88:2f:1b:38:f8:af:2f:6f:92:
                    5d:d4:91:38:bf:7a:35:21:d6:8c:99:41:75:b3:29:
                    04:80:57:63:f5:14:23:23:e3:fc:c0:55:44:ba:d2:
                    c2:5e:d4:cc:26:22:bb:81:5c:6d:73:bd:c4:1d:e9:
                    7f:d2:95:0e:aa:1e:29:4b:b6:1f:8a:6f:54:2a:a6:
                    60:db:c2:e4:35:26:91:d0:ce:8a:d5:93:0c:4d:cd:
                    29:9f:c8:1e:90:e9:76:fb:ce:4a:76:3b:98:72:d8:
                    e1:7f:2c:de:03:14:81:f1:0d:81:1c:d7:33:84:16:
                    a5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:43:B0:CD:2E:B3:64:9E:F9:C2:9E:00:32:41:80:54:41:88:1C:03
            X509v3 Authority Key Identifier:
                keyid:3E:D5:BC:DF:E0:AD:B6:B9:41:51:18:7F:FD:AC:4A:E8:F3:11:A6:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PtW83-CttrlBURh__axK6PMRpvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/cUOwzS6zZJ75wp4AMkGAVEGIHAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/PtW83-CttrlBURh__axK6PMRpvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         22:08:8b:91:fd:25:3a:f9:11:52:82:3a:49:7f:14:56:49:a7:
         b0:99:d7:a9:92:40:b0:ef:79:43:78:64:b7:68:38:b7:9a:e9:
         34:7d:ae:48:9a:47:8d:79:06:d0:9c:8a:54:ff:84:18:02:ae:
         3e:a6:25:6e:d5:8a:16:d4:f0:59:42:96:25:19:a2:8d:bd:a2:
         de:62:fd:1c:ae:3a:7b:1b:a3:84:05:ec:c9:60:d1:bb:76:5a:
         19:76:10:41:28:fe:50:09:96:9b:e1:4c:ab:5d:d8:9a:31:0c:
         00:3a:b7:3a:4d:20:aa:8c:3c:bf:5a:3b:01:a2:93:ef:d1:1e:
         c8:f6:b3:d3:52:65:15:81:bf:7a:08:25:85:34:b1:5d:20:b7:
         56:a0:67:7d:ca:6c:f3:b6:f4:12:45:18:07:c8:ed:4d:b0:b5:
         7c:4a:8f:97:fa:02:6c:f3:c4:c4:a6:96:af:44:95:04:86:44:
         7c:f7:9f:3e:f5:54:79:30:20:a3:de:5c:e1:bf:54:cf:3e:dd:
         a9:59:1d:b9:c5:11:c3:62:78:a3:f5:6e:d6:34:03:2d:c4:ed:
         fc:5e:d9:12:2a:d4:4a:73:15:2e:ff:4d:05:34:48:f3:63:d0:
         ed:bf:14:7b:43:88:b8:2f:fa:2e:0a:1c:65:47:e9:14:48:9d:
         94:dd:7a:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XLbIDXtA1L7hcB1VDum4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZDViY2RmZTBhZGI2Yjk0MTUxMTg3ZmZkYWM0YWU4ZjMx
MWE2ZjEwHhcNMjYwMTAyMDYxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQzYjBjZDJlYjM2NDllZjljMjllMDAzMjQxODA1NDQxODgxYzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMDuecwTElBv2RHlG0aC0Wx9mNYu
HBiHdVxCxQymQBtV0QrjSMurN2zjDWnufzWlptPYO+2od74Z89tRIUPvMz6GM+ZV
/2ScvFbXZC9t6ior01KAf6kaZCIDNF89GmJ7OblNFSqVMsT2BgOg8JS2OcOkJX0A
EvXI9rNemsLByO6AFHOEnX+7f/ngar6ILxs4+K8vb5Jd1JE4v3o1IdaMmUF1sykE
gFdj9RQjI+P8wFVEutLCXtTMJiK7gVxtc73EHel/0pUOqh4pS7Yfim9UKqZg28Lk
NSaR0M6K1ZMMTc0pn8gekOl2+85KdjuYctjhfyzeAxSB8Q2BHNczhBalBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFDsM0us2Se+cKeADJBgFRBiBwDMB8GA1UdIwQY
MBaAFD7VvN/grba5QVEYf/2sSujzEabxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHRXODMtQ3R0cmxCVVJoX19heEs2UE1ScHZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8xYjgyOTItODZlNy00ZmI1LWEzODct
MmFlOTBjM2ZhZTMxLzEvY1VPd3pTNnpaSjc1d3A0QU1rR0FWRUdJSEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8xYjgyOTItODZlNy00ZmI1LWEzODctMmFlOTBjM2ZhZTMx
LzEvUHRXODMtQ3R0cmxCVVJoX19heEs2UE1ScHZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwVSgMA0G
CSqGSIb3DQEBCwUAA4IBAQAiCIuR/SU6+RFSgjpJfxRWSaewmdepkkCw73lDeGS3
aDi3muk0fa5ImkeNeQbQnIpU/4QYAq4+piVu1YoW1PBZQpYlGaKNvaLeYv0crjp7
G6OEBezJYNG7dloZdhBBKP5QCZab4UyrXdiaMQwAOrc6TSCqjDy/WjsBopPv0R7I
9rPTUmUVgb96CCWFNLFdILdWoGd9ymzztvQSRRgHyO1NsLV8So+X+gJs88TEppav
RJUEhkR8958+9VR5MCCj3lzhv1TPPt2pWR25xRHDYnij9W7WNAMtxO38XtkSKtRK
cxUu/00FNEjzY9DtvxR7Q4i4L/ouChxlR+kUSJ2U3XrB
-----END CERTIFICATE-----