This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/0-CfXr5FSJ7QMjoY8mIHPZBgI3Q.roa
File:                     0-CfXr5FSJ7QMjoY8mIHPZBgI3Q.roa (raw, json)
Hash identifier:          MoCJmm/n6jdFT/Ij8oC3QyzUQTVWWjSnQl4LbZiISEk=
Subject key identifier:   D3:E0:9F:5E:BE:45:48:9E:D0:32:3A:18:F2:62:07:3D:90:60:23:74
Certificate issuer:       /CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
Certificate serial:       019B79ED4A246AD0DB28C34F3B679EDA2083
Authority key identifier: 3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/0-CfXr5FSJ7QMjoY8mIHPZBgI3Q.roa
Signing time:             Thu 01 Jan 2026 14:19:12 +0000
ROA not before:           Thu 01 Jan 2026 14:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39386
IP address blocks:        159.0.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:4a:24:6a:d0:db:28:c3:4f:3b:67:9e:da:20:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
        Validity
            Not Before: Jan  1 14:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3e09f5ebe45489ed0323a18f262073d90602374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:91:55:15:94:93:65:47:e1:e5:1f:eb:64:c0:
                    cf:79:64:ea:d6:6c:f4:40:34:ab:f7:c0:48:75:5d:
                    1c:fc:75:62:23:cd:c9:83:e8:fb:ef:d9:cb:de:17:
                    b5:16:97:58:ac:f1:84:76:1c:3c:c4:13:b8:6c:b2:
                    3a:8e:47:16:1d:3f:5e:91:5b:9e:36:9d:67:ef:03:
                    19:52:24:e5:5e:39:19:ed:3f:c8:aa:ee:3a:bd:c9:
                    29:62:fd:72:f3:ef:f4:26:d3:5d:3e:ba:e6:7b:1e:
                    fc:67:73:c7:56:19:cf:02:f4:11:16:e1:bf:cc:67:
                    e1:9b:d4:5c:15:fa:5e:72:85:f0:1e:d0:8e:78:42:
                    88:1a:32:8b:7c:a6:42:aa:46:3b:3b:75:6b:10:3c:
                    82:45:de:42:83:36:8d:5b:84:a4:a9:27:e2:a1:59:
                    4d:a4:e3:31:30:ca:ba:ab:2b:c5:9b:e9:de:a5:a5:
                    be:c9:e2:ba:78:98:61:0c:1c:a8:ab:89:03:f4:e5:
                    08:ec:6f:92:87:4b:4a:7e:66:6a:5e:39:c2:61:14:
                    77:ed:89:1d:b5:e8:ce:49:85:d8:95:f7:03:f5:1e:
                    75:db:c5:df:c0:af:7b:4e:03:5e:36:d6:68:d0:b6:
                    2c:15:8b:bf:71:c9:f9:f2:92:35:5a:b9:6b:09:0b:
                    8e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:E0:9F:5E:BE:45:48:9E:D0:32:3A:18:F2:62:07:3D:90:60:23:74
            X509v3 Authority Key Identifier:
                keyid:3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/0-CfXr5FSJ7QMjoY8mIHPZBgI3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.0.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:58:d6:20:8d:a1:17:08:c8:c1:23:71:91:a7:39:84:cd:55:
         59:ee:f9:af:8c:90:ac:0d:b3:f8:97:df:76:2b:58:93:4c:df:
         a5:d4:18:dc:4e:bd:07:77:b8:ba:26:92:08:92:75:2b:dc:2b:
         13:ba:f9:84:67:89:96:3c:6c:a4:ba:16:e8:07:e2:40:9f:10:
         07:eb:7c:f4:57:77:30:c1:b4:0a:4f:8e:f3:53:8f:dd:3d:1f:
         30:f9:55:ae:d6:6b:4d:0c:c5:9d:49:50:a6:dc:cd:7f:5b:f2:
         1f:f6:ed:5d:b0:3d:13:66:4d:6c:f9:fa:d7:8d:37:b6:35:07:
         55:0e:45:f9:b8:a5:1a:dd:22:bc:49:6f:6b:66:4a:53:71:05:
         43:3c:06:f8:3b:b1:95:7b:c6:a2:a3:6a:7a:64:65:3c:a8:07:
         aa:6d:0c:44:3a:30:d4:54:87:b1:5d:75:bb:42:84:74:54:5b:
         21:1c:62:f1:92:87:f9:8f:ad:9d:bf:b9:17:df:8a:d5:40:b9:
         e2:53:7a:72:33:31:cc:23:4e:45:df:66:c3:31:06:69:c1:2c:
         86:1e:ed:f9:ef:c9:11:a5:b6:ff:84:cd:70:0e:14:b7:32:7a:
         5d:8d:2a:34:32:15:46:a3:5a:77:c7:d8:6b:ba:82:04:31:1f:
         70:42:b0:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57UokatDbKMNPO2ee2iCDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2NiYzcwZTE4YjZjNjllNTNlZjUyYTVlOTI1ZTVmNGYw
Y2RjYzEwHhcNMjYwMTAxMTQxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2UwOWY1ZWJlNDU0ODllZDAzMjNhMThmMjYyMDczZDkwNjAyMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55FVFZSTZUfh5R/rZMDPeWTq1mz0
QDSr98BIdV0c/HViI83Jg+j779nL3he1FpdYrPGEdhw8xBO4bLI6jkcWHT9ekVue
Np1n7wMZUiTlXjkZ7T/Iqu46vckpYv1y8+/0JtNdPrrmex78Z3PHVhnPAvQRFuG/
zGfhm9RcFfpecoXwHtCOeEKIGjKLfKZCqkY7O3VrEDyCRd5CgzaNW4SkqSfioVlN
pOMxMMq6qyvFm+nepaW+yeK6eJhhDByoq4kD9OUI7G+Sh0tKfmZqXjnCYRR37Ykd
tejOSYXYlfcD9R5128XfwK97TgNeNtZo0LYsFYu/ccn58pI1WrlrCQuOMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPgn16+RUie0DI6GPJiBz2QYCN0MB8GA1UdIwQY
MBaAFDvMvHDhi2xp5T71Kl6SXl9PDNzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgt
YmJlNjBlYTIyMmM1LzEvMC1DZlhyNUZTSjdRTWpvWThtSUhQWkJnSTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgtYmJlNjBlYTIyMmM1
LzEvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnwC4MA0G
CSqGSIb3DQEBCwUAA4IBAQB+WNYgjaEXCMjBI3GRpzmEzVVZ7vmvjJCsDbP4l992
K1iTTN+l1BjcTr0Hd7i6JpIIknUr3CsTuvmEZ4mWPGykuhboB+JAnxAH63z0V3cw
wbQKT47zU4/dPR8w+VWu1mtNDMWdSVCm3M1/W/If9u1dsD0TZk1s+frXjTe2NQdV
DkX5uKUa3SK8SW9rZkpTcQVDPAb4O7GVe8aio2p6ZGU8qAeqbQxEOjDUVIexXXW7
QoR0VFshHGLxkof5j62dv7kX34rVQLniU3pyMzHMI05F32bDMQZpwSyGHu3578kR
pbb/hM1wDhS3MnpdjSo0MhVGo1p3x9hruoIEMR9wQrBQ
-----END CERTIFICATE-----