This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/0ohKVQN8JuTcilJLLas1PbkpJLQ.roa
File:                     0ohKVQN8JuTcilJLLas1PbkpJLQ.roa (raw, json)
Hash identifier:          Iy3MQLBkcAq1eJnpEU2jctdrlX7AMZPQC/y2+z0Uq40=
Subject key identifier:   D2:88:4A:55:03:7C:26:E4:DC:8A:52:4B:2D:AB:35:3D:B9:29:24:B4
Certificate issuer:       /CN=6cf96a7c01d62e37acecf0786f64978905121647
Certificate serial:       019B7A5AD0794FD2984C39E1F35026AF8FFB
Authority key identifier: 6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/0ohKVQN8JuTcilJLLas1PbkpJLQ.roa
Signing time:             Thu 01 Jan 2026 16:18:50 +0000
ROA not before:           Thu 01 Jan 2026 16:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209180
IP address blocks:        185.117.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:d0:79:4f:d2:98:4c:39:e1:f3:50:26:af:8f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf96a7c01d62e37acecf0786f64978905121647
        Validity
            Not Before: Jan  1 16:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2884a55037c26e4dc8a524b2dab353db92924b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:40:59:be:5f:93:5d:a7:b0:45:a6:44:dc:1e:
                    38:e2:99:54:68:fb:7d:46:a3:1d:e9:8e:2c:d3:b6:
                    8c:83:48:b4:fb:b3:9a:25:a9:ee:e7:27:ac:f5:1c:
                    81:60:31:17:01:de:df:0b:cd:5b:14:0b:b3:6a:fa:
                    15:1e:3e:07:3b:46:85:5f:95:c2:19:b4:bc:9a:91:
                    c5:1f:84:a0:e5:3e:d7:f7:78:ab:7c:75:42:99:bb:
                    66:11:7c:78:7f:f8:e7:3a:9e:89:36:48:45:b6:28:
                    d6:a4:34:47:99:2b:6d:c6:78:c4:15:50:09:56:56:
                    e9:f8:39:3e:14:14:8d:a9:60:0e:18:24:03:f2:da:
                    01:da:42:f5:29:3a:9f:53:c2:60:1d:0b:08:89:71:
                    a9:be:7e:5e:c3:48:08:fe:6b:dd:84:1d:16:e9:63:
                    e0:92:32:de:c9:71:68:45:5d:f5:a8:bc:f5:b4:0f:
                    0e:b2:1e:96:7c:e8:95:37:8a:2d:e9:99:42:f8:5c:
                    38:17:d6:e1:86:86:c0:ad:5e:a6:c5:57:da:f5:cd:
                    b9:31:28:cc:b4:d7:2e:32:e5:3d:6f:68:a8:8e:46:
                    06:7e:6c:cd:07:6b:c9:c7:7a:03:9f:86:46:97:30:
                    22:88:e6:5c:09:12:82:80:ba:9a:dc:27:21:ea:d7:
                    6b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:88:4A:55:03:7C:26:E4:DC:8A:52:4B:2D:AB:35:3D:B9:29:24:B4
            X509v3 Authority Key Identifier:
                keyid:6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/0ohKVQN8JuTcilJLLas1PbkpJLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:1f:86:0a:01:42:fb:e9:32:58:89:ed:30:42:67:3a:20:d2:
         68:02:18:e9:3f:84:1a:21:7b:c0:dd:80:ca:78:a0:9e:cc:d7:
         6f:32:cf:1c:dd:41:88:d6:49:45:e4:d5:5c:59:0b:b5:68:69:
         38:c1:03:8b:20:61:81:ff:b3:52:cc:24:af:8b:03:b8:ed:bb:
         42:d2:de:1f:31:06:c5:65:5c:6a:35:5a:21:af:84:46:ea:af:
         db:1f:b1:9e:9d:ba:e4:6b:32:7b:00:7d:10:39:7e:05:a4:f0:
         3f:ff:78:46:28:6e:23:cc:d0:7c:2e:7c:82:7d:c8:92:9a:f8:
         10:7f:ae:19:b3:ff:32:9c:62:e8:ea:26:36:02:0f:b8:06:47:
         65:dd:1d:7d:84:b7:f1:b6:5b:39:4a:14:e9:03:46:ee:a9:9a:
         aa:66:d1:3a:f9:78:ac:14:dd:2f:4a:72:ac:ea:61:e6:a8:69:
         34:6a:1d:8f:91:cb:66:3c:f9:3d:23:6b:70:1b:19:6d:b1:59:
         75:41:e4:4e:a7:55:17:9d:a0:f5:0d:9a:9a:dd:b4:44:a3:88:
         4a:5c:11:3f:89:a4:8f:3e:13:d3:88:63:82:33:47:6a:af:29:
         34:f3:a1:d5:e5:ec:1f:fc:ae:c0:96:a5:2b:34:f2:15:d3:8b:
         21:dc:0d:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WtB5T9KYTDnh81Amr4/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjk2YTdjMDFkNjJlMzdhY2VjZjA3ODZmNjQ5Nzg5MDUx
MjE2NDcwHhcNMjYwMTAxMTYxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjg4NGE1NTAzN2MyNmU0ZGM4YTUyNGIyZGFiMzUzZGI5MjkyNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0BZvl+TXaewRaZE3B444plUaPt9
RqMd6Y4s07aMg0i0+7OaJanu5yes9RyBYDEXAd7fC81bFAuzavoVHj4HO0aFX5XC
GbS8mpHFH4Sg5T7X93irfHVCmbtmEXx4f/jnOp6JNkhFtijWpDRHmSttxnjEFVAJ
Vlbp+Dk+FBSNqWAOGCQD8toB2kL1KTqfU8JgHQsIiXGpvn5ew0gI/mvdhB0W6WPg
kjLeyXFoRV31qLz1tA8Osh6WfOiVN4ot6ZlC+Fw4F9bhhobArV6mxVfa9c25MSjM
tNcuMuU9b2iojkYGfmzNB2vJx3oDn4ZGlzAiiOZcCRKCgLqa3Cch6tdrYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKISlUDfCbk3IpSSy2rNT25KSS0MB8GA1UdIwQY
MBaAFGz5anwB1i43rOzweG9kl4kFEhZHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEt
YjE1YjNmYmMwNGE2LzEvMG9oS1ZRTjhKdVRjaWxKTExhczFQYmtwSkxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEtYjE1YjNmYmMwNGE2
LzEvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXWEMA0G
CSqGSIb3DQEBCwUAA4IBAQBeH4YKAUL76TJYie0wQmc6INJoAhjpP4QaIXvA3YDK
eKCezNdvMs8c3UGI1klF5NVcWQu1aGk4wQOLIGGB/7NSzCSviwO47btC0t4fMQbF
ZVxqNVohr4RG6q/bH7GenbrkazJ7AH0QOX4FpPA//3hGKG4jzNB8LnyCfciSmvgQ
f64Zs/8ynGLo6iY2Ag+4Bkdl3R19hLfxtls5ShTpA0buqZqqZtE6+XisFN0vSnKs
6mHmqGk0ah2PkctmPPk9I2twGxltsVl1QeROp1UXnaD1DZqa3bREo4hKXBE/iaSP
PhPTiGOCM0dqryk086HV5ewf/K7AlqUrNPIV04sh3A1P
-----END CERTIFICATE-----