This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/opeByMAhQf0h9gQzgnTsYE9y1BA.roa
File:                     opeByMAhQf0h9gQzgnTsYE9y1BA.roa (raw, json)
Hash identifier:          W3rlC/2L7vl4G3Z8wUErI3R9U+oKbZvS1I+3Gb8zaq0=
Subject key identifier:   A2:97:81:C8:C0:21:41:FD:21:F6:04:33:82:74:EC:60:4F:72:D4:10
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019B797EB629CE8DFE3C37C225A01FDAA918
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/opeByMAhQf0h9gQzgnTsYE9y1BA.roa
Signing time:             Thu 01 Jan 2026 12:18:25 +0000
ROA not before:           Thu 01 Jan 2026 12:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40968
IP address blocks:        213.222.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b6:29:ce:8d:fe:3c:37:c2:25:a0:1f:da:a9:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 12:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a29781c8c02141fd21f604338274ec604f72d410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4d:68:ef:55:99:9c:cd:18:0c:3c:df:59:7a:
                    77:40:0c:08:5e:3b:cd:3e:b1:01:2c:9f:df:c9:32:
                    3f:c9:c4:35:b1:48:01:d9:1c:b5:bb:7b:2c:eb:54:
                    66:f9:24:91:3c:95:68:7d:b1:7a:74:d9:17:e0:53:
                    fc:cf:cf:59:65:6c:16:9f:ee:1b:67:b8:65:7e:4e:
                    29:c8:ca:4d:28:4b:b8:7e:cb:f3:e3:5c:92:2a:11:
                    1c:1e:32:04:24:12:fb:8d:73:01:f7:69:0d:f1:67:
                    b3:f6:3e:d6:ef:42:21:0f:30:a8:5d:fc:d9:ef:2f:
                    e9:69:6e:d6:df:dd:8a:77:c7:44:df:61:1b:4a:09:
                    cf:18:58:93:db:df:ea:d6:78:06:ba:fe:05:2e:a7:
                    ce:e9:bf:23:ca:35:2b:c1:52:e0:1d:b8:72:c7:8c:
                    68:f7:80:73:1e:bb:76:30:2e:f6:e3:2d:7f:f5:53:
                    19:9d:3b:8c:39:72:74:a0:ec:ce:f2:d3:65:3e:8c:
                    15:f6:ed:97:09:4f:fc:93:26:0a:10:f6:c8:2d:de:
                    ec:7c:47:50:ad:62:c1:a4:cb:ad:3c:e7:d4:99:66:
                    b8:b5:b6:10:2f:c4:9c:09:da:f5:bc:c7:bc:e8:be:
                    3d:df:eb:5e:12:b8:97:2d:5e:50:c4:e9:46:be:65:
                    76:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:97:81:C8:C0:21:41:FD:21:F6:04:33:82:74:EC:60:4F:72:D4:10
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/opeByMAhQf0h9gQzgnTsYE9y1BA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.222.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:02:86:75:6b:bb:88:9b:33:bb:c8:e9:4e:d3:fa:85:43:38:
         2c:d2:f9:c5:3f:cd:d3:44:05:e8:a2:32:fe:67:22:b6:43:20:
         c6:94:d9:c4:4d:15:6b:ac:b8:07:12:83:ab:e7:96:02:60:05:
         6a:06:2e:ee:00:f9:83:15:bc:7c:6c:b4:55:c3:94:c4:be:90:
         ab:b3:9e:d1:35:7c:71:af:d9:fd:5a:cc:33:33:61:0a:c7:df:
         1c:06:53:84:70:6d:ea:6b:b1:54:04:9a:3f:a2:5d:b7:a7:51:
         5c:b3:ad:02:2b:d1:22:5e:e2:27:36:4c:dc:84:92:ce:bf:62:
         ac:10:f1:75:dc:95:de:d0:cb:08:19:e0:18:4b:1f:a2:de:65:
         10:59:60:c3:20:04:e5:64:3d:67:82:4c:d7:db:ef:4b:1f:54:
         bb:2a:0c:3c:8e:e5:32:41:4c:38:a2:4c:fa:76:1b:7a:c9:f6:
         a0:07:b0:49:bc:ea:b6:00:c3:ed:54:55:cf:21:68:b9:6a:65:
         52:b8:cf:aa:bd:a6:43:01:a2:7f:b7:eb:35:64:d9:74:2f:14:
         10:9e:ba:11:af:a8:5a:e6:7c:0e:dd:a0:f4:2b:3a:f5:bf:f9:
         fd:65:20:af:76:2e:80:dd:fc:62:d1:66:13:1e:45:ca:75:de:
         52:95:7b:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5frYpzo3+PDfCJaAf2qkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMTAxMTIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjk3ODFjOGMwMjE0MWZkMjFmNjA0MzM4Mjc0ZWM2MDRmNzJkNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU1o71WZnM0YDDzfWXp3QAwIXjvN
PrEBLJ/fyTI/ycQ1sUgB2Ry1u3ss61Rm+SSRPJVofbF6dNkX4FP8z89ZZWwWn+4b
Z7hlfk4pyMpNKEu4fsvz41ySKhEcHjIEJBL7jXMB92kN8Wez9j7W70IhDzCoXfzZ
7y/paW7W392Kd8dE32EbSgnPGFiT29/q1ngGuv4FLqfO6b8jyjUrwVLgHbhyx4xo
94BzHrt2MC724y1/9VMZnTuMOXJ0oOzO8tNlPowV9u2XCU/8kyYKEPbILd7sfEdQ
rWLBpMutPOfUmWa4tbYQL8ScCdr1vMe86L493+teEriXLV5QxOlGvmV2fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKXgcjAIUH9IfYEM4J07GBPctQQMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvb3BlQnlNQWhRZjBoOWdRemduVHNZRTl5MUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1d4hMA0G
CSqGSIb3DQEBCwUAA4IBAQCNAoZ1a7uImzO7yOlO0/qFQzgs0vnFP83TRAXoojL+
ZyK2QyDGlNnETRVrrLgHEoOr55YCYAVqBi7uAPmDFbx8bLRVw5TEvpCrs57RNXxx
r9n9WswzM2EKx98cBlOEcG3qa7FUBJo/ol23p1Fcs60CK9EiXuInNkzchJLOv2Ks
EPF13JXe0MsIGeAYSx+i3mUQWWDDIATlZD1ngkzX2+9LH1S7Kgw8juUyQUw4okz6
dht6yfagB7BJvOq2AMPtVFXPIWi5amVSuM+qvaZDAaJ/t+s1ZNl0LxQQnroRr6ha
5nwO3aD0Kzr1v/n9ZSCvdi6A3fxi0WYTHkXKdd5SlXso
-----END CERTIFICATE-----