This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/OA6POnkqSmxP_dnzNwpmYYzavz8.roa
File:                     OA6POnkqSmxP_dnzNwpmYYzavz8.roa (raw, json)
Hash identifier:          kX8yEulbOjRkpob8aF431Ln0/YwvLU/L28eJTVYnKTI=
Subject key identifier:   38:0E:8F:3A:79:2A:4A:6C:4F:FD:D9:F3:37:0A:66:61:8C:DA:BF:3F
Certificate issuer:       /CN=107807c2518915138f555123605c0133dfdbb4fa
Certificate serial:       019B7C80CA6D76231ED722CB5FBE66C6D08B
Authority key identifier: 10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/OA6POnkqSmxP_dnzNwpmYYzavz8.roa
Signing time:             Fri 02 Jan 2026 02:19:33 +0000
ROA not before:           Fri 02 Jan 2026 02:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198949
IP address blocks:        132.70.0.0/16 maxlen: 16
                          132.71.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:ca:6d:76:23:1e:d7:22:cb:5f:be:66:c6:d0:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107807c2518915138f555123605c0133dfdbb4fa
        Validity
            Not Before: Jan  2 02:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=380e8f3a792a4a6c4ffdd9f3370a66618cdabf3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e6:69:ab:b3:95:e5:4d:92:94:e6:2c:36:c4:
                    33:de:d1:bc:3d:6e:ee:29:8b:74:ca:48:a4:2f:9a:
                    f9:65:47:84:5c:89:91:b9:1d:07:f0:35:c2:57:b0:
                    f9:29:7a:64:6f:aa:a4:29:24:01:57:81:bc:08:dd:
                    55:84:47:60:cf:1d:4b:d4:28:1c:b4:6f:2b:59:91:
                    1d:34:a1:57:11:3e:33:a0:9d:c3:23:3a:59:f7:ad:
                    1b:27:33:2d:01:00:8a:75:58:ad:32:f0:92:06:ed:
                    6a:d5:48:a0:c7:51:13:ed:af:5f:01:74:ee:fe:27:
                    2f:9d:9c:28:b4:d2:18:b0:48:37:34:ea:06:30:e8:
                    60:b9:52:c1:21:b5:75:d9:ff:5c:a2:f9:83:07:d7:
                    99:39:5b:e6:7e:af:01:94:4d:e1:e2:de:20:36:22:
                    c6:0f:2c:a8:f5:73:cd:1d:8c:7e:f1:46:01:d2:82:
                    6e:44:a1:84:c9:6d:59:ca:2e:85:20:76:70:ce:fd:
                    a2:81:de:ce:97:1c:72:2a:1a:be:fe:85:c4:9d:72:
                    bb:35:f0:5b:76:77:b0:28:bf:3e:40:57:30:0b:0e:
                    dd:9f:06:c3:c8:dd:7f:e3:13:4b:09:5e:16:f2:c8:
                    02:e6:c4:e4:ee:79:cd:3a:05:62:0e:01:7c:6d:bb:
                    b7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0E:8F:3A:79:2A:4A:6C:4F:FD:D9:F3:37:0A:66:61:8C:DA:BF:3F
            X509v3 Authority Key Identifier:
                keyid:10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/OA6POnkqSmxP_dnzNwpmYYzavz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.70.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         7f:a6:fc:ab:24:f6:f9:49:11:43:b3:24:bb:b8:71:7d:80:6e:
         35:2e:ea:65:4f:82:b5:ac:c7:f0:b5:b0:b4:7d:11:1e:bb:03:
         85:36:ec:f2:4f:42:09:ca:a6:b7:33:07:a8:e6:a7:5d:31:20:
         12:35:16:fa:df:ed:b1:4f:49:05:9a:82:9e:21:4f:a1:b0:fe:
         cd:a5:68:f4:09:eb:5c:42:2a:61:13:4f:23:fc:ce:d9:cf:91:
         91:54:42:9b:8b:c4:1c:23:4d:bd:43:5d:6d:ec:43:d7:5d:a3:
         71:4f:7c:a7:20:4e:24:fe:31:6f:27:6d:39:c9:28:42:c0:b8:
         46:7f:45:76:51:ed:85:77:ac:d2:1f:41:50:5f:fd:40:3c:3b:
         7b:39:7c:2c:64:b6:ee:5d:fc:31:88:f4:8a:7c:f1:f7:3c:6a:
         48:17:f3:b4:2e:35:91:0f:cb:af:61:36:b7:d2:af:9c:f6:b2:
         b5:cb:91:a4:a6:9c:75:05:1c:f3:fb:6c:fd:9c:e8:92:08:3c:
         d0:b3:f3:cd:93:9a:a2:e3:da:45:68:8d:1a:96:96:19:8e:b5:
         dc:f6:06:ce:84:2c:10:2b:4c:7c:f4:0a:92:0e:6c:d4:0f:c8:
         fc:0d:ee:3a:80:11:59:af:72:79:98:98:0c:2c:31:04:8d:21:
         25:9b:1c:d5
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt8gMptdiMe1yLLX75mxtCLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzgwN2MyNTE4OTE1MTM4ZjU1NTEyMzYwNWMwMTMzZGZk
YmI0ZmEwHhcNMjYwMTAyMDIxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBlOGYzYTc5MmE0YTZjNGZmZGQ5ZjMzNzBhNjY2MThjZGFiZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuZpq7OV5U2SlOYsNsQz3tG8PW7u
KYt0ykikL5r5ZUeEXImRuR0H8DXCV7D5KXpkb6qkKSQBV4G8CN1VhEdgzx1L1Cgc
tG8rWZEdNKFXET4zoJ3DIzpZ960bJzMtAQCKdVitMvCSBu1q1Uigx1ET7a9fAXTu
/icvnZwotNIYsEg3NOoGMOhguVLBIbV12f9covmDB9eZOVvmfq8BlE3h4t4gNiLG
Dyyo9XPNHYx+8UYB0oJuRKGEyW1Zyi6FIHZwzv2igd7OlxxyKhq+/oXEnXK7NfBb
dnewKL8+QFcwCw7dnwbDyN1/4xNLCV4W8sgC5sTk7nnNOgViDgF8bbu33wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDgOjzp5KkpsT/3Z8zcKZmGM2r8/MB8GA1UdIwQY
MBaAFBB4B8JRiRUTj1VRI2BcATPf27T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTIt
ZjlhYzE1ZTY2Mzg2LzEvT0E2UE9ua3FTbXhQX2Ruek53cG1ZWXphdno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTItZjlhYzE1ZTY2Mzg2
LzEvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEYwDQYJ
KoZIhvcNAQELBQADggEBAH+m/Ksk9vlJEUOzJLu4cX2AbjUu6mVPgrWsx/C1sLR9
ER67A4U27PJPQgnKprczB6jmp10xIBI1Fvrf7bFPSQWagp4hT6Gw/s2laPQJ61xC
KmETTyP8ztnPkZFUQpuLxBwjTb1DXW3sQ9ddo3FPfKcgTiT+MW8nbTnJKELAuEZ/
RXZR7YV3rNIfQVBf/UA8O3s5fCxktu5d/DGI9Ip88fc8akgX87QuNZEPy69hNrfS
r5z2srXLkaSmnHUFHPP7bP2c6JIIPNCz882TmqLj2kVojRqWlhmOtdz2Bs6ELBAr
THz0CpIObNQPyPwN7jqAEVmvcnmYmAwsMQSNISWbHNU=
-----END CERTIFICATE-----