This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/3Syacw0kA1-ynTLjhAFHVC60Ux8.roa
File:                     3Syacw0kA1-ynTLjhAFHVC60Ux8.roa (raw, json)
Hash identifier:          U3SW2ZOoHktaoXakRfEn1+6KwZhVhuD7PQXG5yVZEPA=
Subject key identifier:   DD:2C:9A:73:0D:24:03:5F:B2:9D:32:E3:84:01:47:54:2E:B4:53:1F
Certificate issuer:       /CN=17bbd60374bc23ed07d01c24e7cfd9178b8fed21
Certificate serial:       019B7A5A5584C8A1CE505506E928A0ED7ABD
Authority key identifier: 17:BB:D6:03:74:BC:23:ED:07:D0:1C:24:E7:CF:D9:17:8B:8F:ED:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/3Syacw0kA1-ynTLjhAFHVC60Ux8.roa
Signing time:             Thu 01 Jan 2026 16:18:19 +0000
ROA not before:           Thu 01 Jan 2026 16:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201207
IP address blocks:        185.66.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:55:84:c8:a1:ce:50:55:06:e9:28:a0:ed:7a:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17bbd60374bc23ed07d01c24e7cfd9178b8fed21
        Validity
            Not Before: Jan  1 16:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd2c9a730d24035fb29d32e3840147542eb4531f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:da:c1:74:17:ff:a7:41:21:86:ac:95:ea:3c:
                    c8:b7:fe:1e:53:7b:00:88:53:0e:0d:b1:13:37:7c:
                    28:8a:ad:e0:75:0a:05:a9:91:61:14:e2:8b:7c:80:
                    68:8c:39:a2:a8:04:a5:2e:c8:57:34:f2:1b:57:a5:
                    20:0a:65:1f:69:3d:4e:03:64:09:49:a8:97:2f:b7:
                    f3:8c:87:e5:b5:85:17:e4:95:aa:eb:6a:a3:9f:07:
                    e7:e2:31:af:b9:c5:34:bf:6e:e2:b1:6b:a2:34:a7:
                    e8:87:5f:f1:b4:2f:92:69:30:9d:b8:e6:0d:2b:ba:
                    09:9f:3a:8b:dd:18:2d:c8:c7:6e:c8:39:e9:3b:73:
                    18:a3:f1:51:01:a6:37:ff:fb:ae:3d:06:ac:ef:ba:
                    37:e5:d6:db:7b:99:c5:fe:f4:ee:80:d5:77:14:64:
                    32:8b:88:fe:94:20:be:76:ba:75:97:2e:52:86:9a:
                    36:5f:09:ad:60:7d:7e:3e:2b:c5:c9:87:84:a7:fb:
                    c3:ab:24:11:da:63:6b:91:ff:0e:d0:62:b2:99:44:
                    1a:4c:b6:4c:3b:71:9c:e5:c5:72:7c:e0:3a:7c:a8:
                    a7:dc:e9:20:64:4d:d9:af:6d:6e:dc:6f:46:43:b9:
                    e6:f6:48:00:8e:18:65:91:3d:36:8a:96:fa:6d:96:
                    b5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2C:9A:73:0D:24:03:5F:B2:9D:32:E3:84:01:47:54:2E:B4:53:1F
            X509v3 Authority Key Identifier:
                keyid:17:BB:D6:03:74:BC:23:ED:07:D0:1C:24:E7:CF:D9:17:8B:8F:ED:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/3Syacw0kA1-ynTLjhAFHVC60Ux8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d7:75:01:1c:3e:10:ed:d5:19:57:36:77:3a:87:4d:d4:5c:
         4f:63:b1:f7:92:2a:ce:00:2d:b5:76:bd:14:c3:b8:77:6c:75:
         30:0a:e7:1c:b2:7a:38:4f:0c:58:68:8e:fe:fa:f1:ce:68:41:
         5c:a8:b7:ce:24:60:a9:1f:4d:68:b6:3b:98:e9:d1:ba:89:27:
         c5:ab:96:1e:e6:5f:c3:5d:b8:f1:51:a9:25:5c:99:e3:f9:dc:
         62:4b:32:a9:06:4c:4f:61:e8:aa:27:10:4e:08:32:15:f7:ba:
         77:55:8c:09:a2:33:87:85:83:2c:a9:c3:72:36:4c:ae:01:b0:
         75:7a:64:c1:c0:22:b3:90:84:85:87:08:ea:53:8f:57:2c:c8:
         e8:b8:86:0b:42:93:3a:9e:93:f6:d7:de:f5:08:45:1b:f2:25:
         08:00:47:b3:6d:0f:4d:d1:00:d8:f8:03:a3:35:71:17:74:cf:
         97:5b:9a:35:c5:1d:34:af:c0:84:f4:9f:76:24:7e:66:0c:26:
         9d:02:15:05:49:a0:c5:b7:d8:72:54:fd:0b:82:9b:5d:89:dd:
         97:58:86:1b:62:25:28:27:3e:a2:02:b3:42:00:09:45:ef:82:
         a7:98:56:ae:63:af:a8:b1:26:c9:7b:a4:3b:b5:9f:54:c2:60:
         e2:f3:73:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WlWEyKHOUFUG6Sig7Xq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YmJkNjAzNzRiYzIzZWQwN2QwMWMyNGU3Y2ZkOTE3OGI4
ZmVkMjEwHhcNMjYwMTAxMTYxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJjOWE3MzBkMjQwMzVmYjI5ZDMyZTM4NDAxNDc1NDJlYjQ1MzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNrBdBf/p0EhhqyV6jzIt/4eU3sA
iFMODbETN3woiq3gdQoFqZFhFOKLfIBojDmiqASlLshXNPIbV6UgCmUfaT1OA2QJ
SaiXL7fzjIfltYUX5JWq62qjnwfn4jGvucU0v27isWuiNKfoh1/xtC+SaTCduOYN
K7oJnzqL3RgtyMduyDnpO3MYo/FRAaY3//uuPQas77o35dbbe5nF/vTugNV3FGQy
i4j+lCC+drp1ly5Shpo2XwmtYH1+PivFyYeEp/vDqyQR2mNrkf8O0GKymUQaTLZM
O3Gc5cVyfOA6fKin3OkgZE3Zr21u3G9GQ7nm9kgAjhhlkT02ipb6bZa11QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0smnMNJANfsp0y44QBR1QutFMfMB8GA1UdIwQY
MBaAFBe71gN0vCPtB9AcJOfP2ReLj+0hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjd2V0EzUzhJLTBIMEJ3azU4X1pGNHVQN1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy81YjczZDctZjFmNS00ZThmLWE0YjYt
Y2RmODk2ODM1NDBlLzEvM1N5YWN3MGtBMS15blRMamhBRkhWQzYwVXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy81YjczZDctZjFmNS00ZThmLWE0YjYtY2RmODk2ODM1NDBl
LzEvRjd2V0EzUzhJLTBIMEJ3azU4X1pGNHVQN1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuULUMA0G
CSqGSIb3DQEBCwUAA4IBAQAK13UBHD4Q7dUZVzZ3OodN1FxPY7H3kirOAC21dr0U
w7h3bHUwCuccsno4TwxYaI7++vHOaEFcqLfOJGCpH01otjuY6dG6iSfFq5Ye5l/D
XbjxUaklXJnj+dxiSzKpBkxPYeiqJxBOCDIV97p3VYwJojOHhYMsqcNyNkyuAbB1
emTBwCKzkISFhwjqU49XLMjouIYLQpM6npP21971CEUb8iUIAEezbQ9N0QDY+AOj
NXEXdM+XW5o1xR00r8CE9J92JH5mDCadAhUFSaDFt9hyVP0Lgptdid2XWIYbYiUo
Jz6iArNCAAlF74KnmFauY6+osSbJe6Q7tZ9UwmDi83Pr
-----END CERTIFICATE-----