This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/Oc3Pl8vt5msIpuo1Qft7AEygjlU.roa
File:                     Oc3Pl8vt5msIpuo1Qft7AEygjlU.roa (raw, json)
Hash identifier:          fw0vLvCgyhMAg7PoEo5OwVd+c6rQftcmPr9WX9qeUeg=
Subject key identifier:   39:CD:CF:97:CB:ED:E6:6B:08:A6:EA:35:41:FB:7B:00:4C:A0:8E:55
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       019B7910839CCAB03FEACD47ACED6BCAD176
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/Oc3Pl8vt5msIpuo1Qft7AEygjlU.roa
Signing time:             Thu 01 Jan 2026 10:18:03 +0000
ROA not before:           Thu 01 Jan 2026 10:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43486
IP address blocks:        81.93.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:83:9c:ca:b0:3f:ea:cd:47:ac:ed:6b:ca:d1:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  1 10:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39cdcf97cbede66b08a6ea3541fb7b004ca08e55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:51:43:19:0e:e6:6b:12:af:22:e1:0f:bf:
                    c1:3a:35:ed:de:6a:39:8f:96:26:03:81:3d:64:41:
                    bd:ab:a0:b7:f6:08:ee:50:ee:94:9c:15:86:d1:99:
                    da:ea:46:bc:2c:16:23:09:a0:75:cf:76:f9:16:43:
                    f9:95:dc:14:58:07:f3:89:48:d8:bf:df:bf:ba:da:
                    f1:b0:25:97:37:38:b1:30:87:34:7b:d5:c5:05:23:
                    d0:49:6a:01:51:80:d9:b0:59:81:93:9c:0d:d4:98:
                    0f:d0:7e:72:e3:5c:16:d0:76:8b:f4:9c:3e:5b:d2:
                    82:9a:81:40:ee:ff:33:7b:f2:87:c4:12:34:63:db:
                    9a:03:65:44:36:78:01:53:0f:dd:c3:14:c7:46:94:
                    af:d1:c2:83:d5:90:cd:76:48:97:d1:38:bb:ad:58:
                    02:2b:e0:bf:86:5d:4c:e7:51:6c:aa:de:c6:04:52:
                    51:a7:27:1d:9b:30:5d:d1:a5:aa:ad:e1:b1:9a:00:
                    8c:36:1c:23:db:e8:e1:c8:1d:7c:ca:e5:f9:72:d1:
                    b9:ab:c1:52:7c:2c:87:f0:f8:89:10:58:64:77:b9:
                    90:bf:6b:f7:83:5e:51:fa:a8:1e:07:49:dc:e7:76:
                    5d:4e:ad:b0:e7:d8:0c:80:6e:36:7c:d9:e8:e1:78:
                    1e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:CD:CF:97:CB:ED:E6:6B:08:A6:EA:35:41:FB:7B:00:4C:A0:8E:55
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/Oc3Pl8vt5msIpuo1Qft7AEygjlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.93.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:9e:d2:ff:0b:49:cf:72:0b:94:6a:af:ee:d1:aa:d9:27:8d:
         31:27:13:3d:17:f4:00:55:11:3d:f6:45:1e:e2:3c:75:cd:76:
         81:09:fa:79:40:30:7c:27:4f:96:95:ef:17:f8:43:77:06:89:
         63:7f:f9:23:fe:ef:44:d8:e3:ed:4a:77:1f:44:f9:8b:bc:32:
         ae:a0:ec:3d:2e:34:81:29:9f:9f:9d:81:87:d7:63:67:ee:5e:
         68:18:29:13:88:3f:da:44:6c:ca:03:74:2c:fe:f6:eb:cf:61:
         f5:e9:69:cd:ad:fc:57:c2:ea:43:1d:33:ba:82:38:18:67:10:
         9a:9c:c9:26:63:81:1c:21:5f:8a:ff:03:c7:34:29:10:5b:71:
         7e:04:18:6f:3d:bb:20:18:d4:90:39:0a:9a:12:fb:95:73:f0:
         76:e4:eb:f7:a7:c4:db:29:5a:0a:9d:9f:2e:64:89:3d:cb:d4:
         0e:08:51:c1:0a:c3:6e:19:f6:69:ec:03:75:44:bf:fa:b8:1b:
         09:cb:59:37:5a:fa:1e:8b:79:f9:04:8d:36:ca:2b:c4:87:97:
         6a:8a:0f:44:04:72:5a:13:c3:01:6a:c9:64:b6:bf:56:15:15:
         7b:80:d3:f0:a5:80:c5:f5:35:f9:f2:07:64:c2:fd:bc:e2:5e:
         7d:48:1c:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIOcyrA/6s1HrO1rytF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjYwMTAxMTAxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWNkY2Y5N2NiZWRlNjZiMDhhNmVhMzU0MWZiN2IwMDRjYTA4ZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuClRQxkO5msSryLhD7/BOjXt3mo5
j5YmA4E9ZEG9q6C39gjuUO6UnBWG0Zna6ka8LBYjCaB1z3b5FkP5ldwUWAfziUjY
v9+/utrxsCWXNzixMIc0e9XFBSPQSWoBUYDZsFmBk5wN1JgP0H5y41wW0HaL9Jw+
W9KCmoFA7v8ze/KHxBI0Y9uaA2VENngBUw/dwxTHRpSv0cKD1ZDNdkiX0Ti7rVgC
K+C/hl1M51Fsqt7GBFJRpycdmzBd0aWqreGxmgCMNhwj2+jhyB18yuX5ctG5q8FS
fCyH8PiJEFhkd7mQv2v3g15R+qgeB0nc53ZdTq2w59gMgG42fNno4XgevwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnNz5fL7eZrCKbqNUH7ewBMoI5VMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvT2MzUGw4dnQ1bXNJcHVvMVFmdDdBRXlnamxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUV2/MA0G
CSqGSIb3DQEBCwUAA4IBAQCrntL/C0nPcguUaq/u0arZJ40xJxM9F/QAVRE99kUe
4jx1zXaBCfp5QDB8J0+Wle8X+EN3Boljf/kj/u9E2OPtSncfRPmLvDKuoOw9LjSB
KZ+fnYGH12Nn7l5oGCkTiD/aRGzKA3Qs/vbrz2H16WnNrfxXwupDHTO6gjgYZxCa
nMkmY4EcIV+K/wPHNCkQW3F+BBhvPbsgGNSQOQqaEvuVc/B25Ov3p8TbKVoKnZ8u
ZIk9y9QOCFHBCsNuGfZp7AN1RL/6uBsJy1k3Wvoei3n5BI02yivEh5dqig9EBHJa
E8MBaslktr9WFRV7gNPwpYDF9TX58gdkwv284l59SBzz
-----END CERTIFICATE-----