This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/dc06bd-e834-405f-8c33-9e5f90538336/1/3Td8_KpnCVMIwy0JMauQgrbBuQQ.roa
File:                     3Td8_KpnCVMIwy0JMauQgrbBuQQ.roa (raw, json)
Hash identifier:          ABEQh5NopDc0Mx4tEJaetYGzLjPCdMdfeYzfxLmWlSg=
Subject key identifier:   DD:37:7C:FC:AA:67:09:53:08:C3:2D:09:31:AB:90:82:B6:C1:B9:04
Certificate issuer:       /CN=2fa5f05f99e0250040a431d2bedcab7f8928e9b2
Certificate serial:       019B7B36CEC5C60B27CD2875DBCDD75E4172
Authority key identifier: 2F:A5:F0:5F:99:E0:25:00:40:A4:31:D2:BE:DC:AB:7F:89:28:E9:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6XwX5ngJQBApDHSvtyrf4ko6bI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/dc06bd-e834-405f-8c33-9e5f90538336/1/3Td8_KpnCVMIwy0JMauQgrbBuQQ.roa
Signing time:             Thu 01 Jan 2026 20:19:08 +0000
ROA not before:           Thu 01 Jan 2026 20:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29695
IP address blocks:        91.201.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/dc06bd-e834-405f-8c33-9e5f90538336/1/L6XwX5ngJQBApDHSvtyrf4ko6bI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/dc06bd-e834-405f-8c33-9e5f90538336/1/L6XwX5ngJQBApDHSvtyrf4ko6bI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6XwX5ngJQBApDHSvtyrf4ko6bI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:ce:c5:c6:0b:27:cd:28:75:db:cd:d7:5e:41:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa5f05f99e0250040a431d2bedcab7f8928e9b2
        Validity
            Not Before: Jan  1 20:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd377cfcaa67095308c32d0931ab9082b6c1b904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:75:c5:13:fa:1e:22:0c:bd:46:2a:bd:52:0b:
                    54:72:87:2a:34:b9:1e:80:cd:2c:4b:24:1d:1a:5c:
                    20:15:58:6a:bb:20:67:8d:20:34:75:8f:2e:6d:ad:
                    8c:b3:98:bd:40:00:44:8d:6e:a2:a2:d5:52:cc:9c:
                    59:2d:d1:45:73:18:5f:d9:ec:9b:2b:7d:ec:f3:49:
                    f3:c3:17:9d:44:0f:e3:99:b6:3e:8f:c2:a2:c6:05:
                    23:05:6c:dd:d5:70:82:60:f1:e2:59:10:9f:41:6d:
                    71:81:b5:4f:f9:75:fe:7b:ba:1e:d3:1e:09:31:9c:
                    0d:d7:95:16:0c:4c:e0:12:9a:80:bf:6f:64:65:c1:
                    9d:f4:6d:9f:92:86:09:05:d1:ac:c8:24:09:3a:4f:
                    02:c1:4b:03:95:4b:8e:39:a3:b5:4d:dd:d3:32:72:
                    57:a2:c8:94:83:03:69:68:6c:59:43:74:dc:a0:a2:
                    2a:9a:89:67:19:93:39:53:0e:14:93:09:34:12:bd:
                    69:51:13:bf:0b:ba:28:d2:e3:07:65:8b:9d:d0:22:
                    44:31:52:68:98:fa:4d:d9:07:f4:ed:d6:db:a8:51:
                    c0:88:d4:e5:90:51:5b:ef:1b:2c:13:92:03:e5:c0:
                    e4:59:80:53:b2:f8:d2:7d:91:6b:58:cd:77:dc:6e:
                    00:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:37:7C:FC:AA:67:09:53:08:C3:2D:09:31:AB:90:82:B6:C1:B9:04
            X509v3 Authority Key Identifier:
                keyid:2F:A5:F0:5F:99:E0:25:00:40:A4:31:D2:BE:DC:AB:7F:89:28:E9:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6XwX5ngJQBApDHSvtyrf4ko6bI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/dc06bd-e834-405f-8c33-9e5f90538336/1/3Td8_KpnCVMIwy0JMauQgrbBuQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/dc06bd-e834-405f-8c33-9e5f90538336/1/L6XwX5ngJQBApDHSvtyrf4ko6bI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:77:9f:ed:cf:16:0b:dd:af:f0:43:f9:60:8d:1b:12:a3:a4:
         bd:92:5d:82:84:cd:f4:88:ad:07:78:0d:c3:ae:a0:83:bb:e8:
         ef:71:ec:0c:ba:7b:90:34:06:ca:2a:60:f3:bd:d3:66:b0:99:
         9b:f8:a5:e3:9f:f8:75:c3:01:2e:bf:fd:92:64:17:ac:01:fd:
         59:64:ab:26:f9:ea:77:a8:6b:0a:5b:a4:f7:6f:13:82:d4:be:
         66:87:ea:67:ac:7a:06:29:52:50:2e:a2:b2:0c:ef:65:0d:33:
         a7:76:39:c4:46:4d:20:90:26:9a:f1:11:68:52:27:88:e8:96:
         ef:07:f9:29:ab:93:4c:8e:ab:f5:e5:83:ad:72:d6:2b:16:ba:
         4f:7d:27:65:03:61:5f:a0:24:4b:b0:73:b1:5a:07:c4:82:69:
         50:f3:fe:a1:88:83:d5:84:7d:8a:5b:80:9d:e4:3b:ac:42:02:
         78:05:94:52:3b:1f:0e:8d:45:e6:7c:92:d7:dd:99:38:36:86:
         7e:7c:fc:44:51:8f:12:a1:5d:d9:40:66:81:b7:14:81:93:8c:
         07:2b:96:22:e7:a4:84:3d:f7:15:73:5e:db:4f:8e:78:ff:47:
         3d:37:26:f8:ba:be:62:6f:43:6a:14:e4:f5:b8:4c:ae:5a:b2:
         e2:c0:ae:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Ns7FxgsnzSh1283XXkFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTVmMDVmOTllMDI1MDA0MGE0MzFkMmJlZGNhYjdmODky
OGU5YjIwHhcNMjYwMTAxMjAxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM3N2NmY2FhNjcwOTUzMDhjMzJkMDkzMWFiOTA4MmI2YzFiOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXXFE/oeIgy9Riq9UgtUcocqNLke
gM0sSyQdGlwgFVhquyBnjSA0dY8uba2Ms5i9QABEjW6iotVSzJxZLdFFcxhf2eyb
K33s80nzwxedRA/jmbY+j8KixgUjBWzd1XCCYPHiWRCfQW1xgbVP+XX+e7oe0x4J
MZwN15UWDEzgEpqAv29kZcGd9G2fkoYJBdGsyCQJOk8CwUsDlUuOOaO1Td3TMnJX
osiUgwNpaGxZQ3TcoKIqmolnGZM5Uw4Ukwk0Er1pURO/C7oo0uMHZYud0CJEMVJo
mPpN2Qf07dbbqFHAiNTlkFFb7xssE5ID5cDkWYBTsvjSfZFrWM133G4AJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN03fPyqZwlTCMMtCTGrkIK2wbkEMB8GA1UdIwQY
MBaAFC+l8F+Z4CUAQKQx0r7cq3+JKOmyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZYd1g1bmdKUUJBcERIU3Z0eXJmNGtvNmJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kYzA2YmQtZTgzNC00MDVmLThjMzMt
OWU1ZjkwNTM4MzM2LzEvM1RkOF9LcG5DVk1Jd3kwSk1hdVFncmJCdVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kYzA2YmQtZTgzNC00MDVmLThjMzMtOWU1ZjkwNTM4MzM2
LzEvTDZYd1g1bmdKUUJBcERIU3Z0eXJmNGtvNmJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8nJMA0G
CSqGSIb3DQEBCwUAA4IBAQCTd5/tzxYL3a/wQ/lgjRsSo6S9kl2ChM30iK0HeA3D
rqCDu+jvcewMunuQNAbKKmDzvdNmsJmb+KXjn/h1wwEuv/2SZBesAf1ZZKsm+ep3
qGsKW6T3bxOC1L5mh+pnrHoGKVJQLqKyDO9lDTOndjnERk0gkCaa8RFoUieI6Jbv
B/kpq5NMjqv15YOtctYrFrpPfSdlA2FfoCRLsHOxWgfEgmlQ8/6hiIPVhH2KW4Cd
5DusQgJ4BZRSOx8OjUXmfJLX3Zk4NoZ+fPxEUY8SoV3ZQGaBtxSBk4wHK5Yi56SE
PfcVc17bT454/0c9Nyb4ur5ib0NqFOT1uEyuWrLiwK6z
-----END CERTIFICATE-----