This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/OzwsnvxeDJkm0QVUpphiFEJtvXM.roa
File:                     OzwsnvxeDJkm0QVUpphiFEJtvXM.roa (raw, json)
Hash identifier:          TmvRIrlWkGkcpqcZ+XPLXCTe2NOMv6YsWS06CFcaAg0=
Subject key identifier:   3B:3C:2C:9E:FC:5E:0C:99:26:D1:05:54:A6:98:62:14:42:6D:BD:73
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019A6676432786D9AC4EAAF7B46F53ECCDAF
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/OzwsnvxeDJkm0QVUpphiFEJtvXM.roa
Signing time:             Sun 09 Nov 2025 02:33:37 +0000
ROA not before:           Sun 09 Nov 2025 02:33:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133398
IP address blocks:        212.100.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Nov 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:66:76:43:27:86:d9:ac:4e:aa:f7:b4:6f:53:ec:cd:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Nov  9 02:33:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b3c2c9efc5e0c9926d10554a6986214426dbd73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5b:2f:3b:e0:54:11:7f:2f:7b:ec:15:36:aa:
                    39:84:b4:0e:79:a9:b3:db:68:36:8c:c8:5c:fd:7f:
                    bc:98:dd:ae:c5:56:e8:50:21:06:88:1e:7e:f5:e5:
                    87:63:97:9d:a4:75:85:68:64:b8:75:d1:18:67:fd:
                    b0:2e:30:fd:33:69:39:1f:5a:d8:06:06:93:52:5b:
                    3c:94:b8:ba:05:c6:07:68:20:b7:3b:5c:a3:62:41:
                    fc:cd:88:f1:c2:1e:d2:8a:d3:76:39:90:48:ec:a8:
                    55:f0:69:c1:b8:8b:4b:a0:3e:18:c6:12:ce:1b:2b:
                    c1:73:e9:6f:3b:94:73:98:46:c9:b9:30:fd:7f:7a:
                    ca:fc:44:03:8e:60:2a:c2:ce:8e:97:ea:bf:0e:b2:
                    9d:63:f7:dc:55:c4:6b:78:85:31:e1:e6:92:4e:f0:
                    bb:4f:00:6b:5f:83:86:d9:50:88:c9:f0:d0:87:02:
                    d5:bf:80:89:3d:4d:b9:45:ea:a4:48:66:18:34:80:
                    89:cc:7d:f0:a6:42:75:15:01:da:01:6a:f6:e8:b4:
                    c1:81:01:33:8f:38:4d:a5:fe:da:94:83:3f:c4:c7:
                    21:1a:39:a1:cc:69:7e:65:de:9b:9d:48:b6:ad:49:
                    e8:1e:a5:45:19:ce:28:6a:90:24:e0:c1:ce:1d:bb:
                    67:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:3C:2C:9E:FC:5E:0C:99:26:D1:05:54:A6:98:62:14:42:6D:BD:73
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/OzwsnvxeDJkm0QVUpphiFEJtvXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:97:44:13:fd:a1:46:7c:6a:23:91:a8:f5:14:d3:ee:e2:49:
         c4:ee:1d:2a:41:ab:ef:2f:68:f5:e0:09:a9:ce:83:be:d6:4a:
         86:3e:1c:15:68:de:39:85:f0:60:6b:2a:54:dd:a7:98:10:11:
         9b:3a:dc:8c:fd:60:92:75:dc:ae:d5:7d:dd:db:cd:cd:61:51:
         cd:06:3b:ab:e8:9d:16:49:56:ee:2b:ae:ba:71:78:af:c0:1c:
         0f:3a:4f:a1:47:41:c8:ca:9d:e5:5d:de:5d:f0:6d:07:8c:d0:
         00:ce:81:d2:b6:e8:e8:d0:66:bf:dd:e8:2f:b0:2c:8f:2f:fa:
         5a:99:a5:cc:04:89:6e:86:f8:b8:01:b5:a3:e2:61:61:f6:5f:
         96:69:4c:84:a4:11:f1:15:5e:e2:0a:f7:ef:f0:f2:90:b1:e4:
         1b:92:db:4b:b4:66:77:04:a5:69:8e:24:1e:62:47:68:07:1e:
         d4:7d:a4:8f:15:4f:00:7d:25:bd:c6:d7:cd:95:c5:38:26:77:
         cd:9a:08:10:1f:71:4b:8e:23:98:69:90:94:a9:61:b7:8b:d5:
         ce:cf:e8:8b:ca:fb:33:c1:d7:ac:32:fb:14:1f:15:f2:38:9f:
         2c:c1:79:aa:bb:35:d1:e2:3f:66:56:29:5b:e2:f7:50:5d:87:
         d4:73:46:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpmdkMnhtmsTqr3tG9T7M2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUxMTA5MDIzMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjNjMmM5ZWZjNWUwYzk5MjZkMTA1NTRhNjk4NjIxNDQyNmRiZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlsvO+BUEX8ve+wVNqo5hLQOeamz
22g2jMhc/X+8mN2uxVboUCEGiB5+9eWHY5edpHWFaGS4ddEYZ/2wLjD9M2k5H1rY
BgaTUls8lLi6BcYHaCC3O1yjYkH8zYjxwh7SitN2OZBI7KhV8GnBuItLoD4YxhLO
GyvBc+lvO5RzmEbJuTD9f3rK/EQDjmAqws6Ol+q/DrKdY/fcVcRreIUx4eaSTvC7
TwBrX4OG2VCIyfDQhwLVv4CJPU25ReqkSGYYNICJzH3wpkJ1FQHaAWr26LTBgQEz
jzhNpf7alIM/xMchGjmhzGl+Zd6bnUi2rUnoHqVFGc4oapAk4MHOHbtn6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDs8LJ78XgyZJtEFVKaYYhRCbb1zMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvT3p3c252eGVESmttMFFWVXBwaGlGRUp0dlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSpMA0G
CSqGSIb3DQEBCwUAA4IBAQCUl0QT/aFGfGojkaj1FNPu4knE7h0qQavvL2j14Amp
zoO+1kqGPhwVaN45hfBgaypU3aeYEBGbOtyM/WCSddyu1X3d283NYVHNBjur6J0W
SVbuK666cXivwBwPOk+hR0HIyp3lXd5d8G0HjNAAzoHStujo0Ga/3egvsCyPL/pa
maXMBIluhvi4AbWj4mFh9l+WaUyEpBHxFV7iCvfv8PKQseQbkttLtGZ3BKVpjiQe
YkdoBx7UfaSPFU8AfSW9xtfNlcU4JnfNmggQH3FLjiOYaZCUqWG3i9XOz+iLyvsz
wdesMvsUHxXyOJ8swXmquzXR4j9mVilb4vdQXYfUc0aO
-----END CERTIFICATE-----