This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/ogG7djAUZ8yRMRdAyuw_W5nzzh8.roa
File:                     ogG7djAUZ8yRMRdAyuw_W5nzzh8.roa (raw, json)
Hash identifier:          1t+gbYROFrlM9v5CjlELwyTvLHT7IFgBhc/IPtaYyfY=
Subject key identifier:   A2:01:BB:76:30:14:67:CC:91:31:17:40:CA:EC:3F:5B:99:F3:CE:1F
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019B7F8388C7D30F0EAEC56880D84A4591F7
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/ogG7djAUZ8yRMRdAyuw_W5nzzh8.roa
Signing time:             Fri 02 Jan 2026 16:21:25 +0000
ROA not before:           Fri 02 Jan 2026 16:21:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205220
IP address blocks:        188.209.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:88:c7:d3:0f:0e:ae:c5:68:80:d8:4a:45:91:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jan  2 16:21:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a201bb76301467cc91311740caec3f5b99f3ce1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:d4:c5:4b:8a:68:40:89:ed:f1:da:78:ba:93:
                    c9:30:2a:1b:4b:f4:e0:61:90:80:03:f3:c5:6b:ab:
                    58:1a:f5:c1:43:eb:8f:89:ae:bb:c9:8d:db:e4:d5:
                    40:21:e3:45:f4:dc:6f:63:37:6e:9f:eb:7f:bb:b8:
                    a1:c9:9f:10:12:01:38:da:89:d9:56:20:af:49:06:
                    21:15:82:1d:13:bf:0f:e4:d9:3c:1d:a3:63:f5:fa:
                    b7:8a:0a:6d:96:7f:60:43:e5:92:c7:35:80:95:1b:
                    32:b6:68:03:c8:69:a8:2a:64:d5:12:2f:d1:f3:ab:
                    2d:22:c2:25:66:32:1c:8a:e6:56:53:eb:a6:8e:ff:
                    9f:5b:f2:19:6a:a0:db:2c:62:13:da:ad:62:73:ef:
                    a9:2f:17:21:4b:33:3a:24:18:22:55:ad:91:75:c4:
                    49:40:dd:f2:58:c8:39:05:84:6e:0a:97:e1:a3:d3:
                    80:c8:31:12:6f:b4:2f:42:b2:71:56:a4:1c:8b:f6:
                    84:fc:f3:1c:28:c1:bd:cb:39:28:ca:be:10:39:22:
                    e7:ce:98:38:75:2f:78:6b:57:0f:09:3d:bb:26:15:
                    f7:0e:24:ff:41:79:34:03:bc:db:98:f3:b0:7e:16:
                    7c:95:de:43:cd:bd:2b:ba:0a:de:70:43:f1:91:96:
                    f3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:01:BB:76:30:14:67:CC:91:31:17:40:CA:EC:3F:5B:99:F3:CE:1F
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/ogG7djAUZ8yRMRdAyuw_W5nzzh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:54:92:30:a1:1b:68:f8:b2:85:a7:25:60:f8:7b:4e:f9:f4:
         35:ba:ea:ec:74:3d:b0:d1:1a:fe:ad:7d:31:b2:ef:f8:9b:85:
         e9:8c:92:62:c5:5a:de:5e:83:2e:21:a3:52:56:e6:c4:27:72:
         55:1e:10:c9:ee:f5:6a:06:d7:19:e2:e0:8a:fc:16:d4:23:15:
         2b:27:18:48:2e:bb:c8:24:56:cc:ac:bb:8c:28:68:99:0b:f6:
         e1:f9:5e:c9:07:08:32:bd:04:7d:cc:20:0e:b0:4e:00:84:6a:
         13:4d:04:99:63:76:b5:a8:15:53:ed:04:52:85:21:6a:95:fc:
         8b:17:b3:7c:0b:f2:21:26:9f:9b:e7:a3:93:26:28:2d:a8:ef:
         3a:39:7c:6c:c0:a1:bc:89:f8:a5:d7:40:83:8f:10:43:30:7e:
         3f:c2:79:6a:6b:0c:33:f1:85:73:97:69:ed:52:56:3f:61:e3:
         ac:2a:27:09:f8:2c:f3:68:b9:c7:fc:68:38:7c:67:5a:ab:b6:
         19:22:54:aa:0e:ef:f0:4d:56:0c:7f:aa:f1:a5:0e:7b:1a:43:
         ca:ab:7a:7b:f4:93:72:1f:36:aa:16:41:e6:a5:57:f4:33:89:
         73:c8:0e:99:ae:58:d6:45:46:0b:ec:56:6b:f1:9c:02:a8:90:
         dd:21:4e:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g4jH0w8OrsVogNhKRZH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjYwMTAyMTYyMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAxYmI3NjMwMTQ2N2NjOTEzMTE3NDBjYWVjM2Y1Yjk5ZjNjZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+tTFS4poQInt8dp4upPJMCobS/Tg
YZCAA/PFa6tYGvXBQ+uPia67yY3b5NVAIeNF9NxvYzdun+t/u7ihyZ8QEgE42onZ
ViCvSQYhFYIdE78P5Nk8HaNj9fq3igptln9gQ+WSxzWAlRsytmgDyGmoKmTVEi/R
86stIsIlZjIciuZWU+umjv+fW/IZaqDbLGIT2q1ic++pLxchSzM6JBgiVa2RdcRJ
QN3yWMg5BYRuCpfho9OAyDESb7QvQrJxVqQci/aE/PMcKMG9yzkoyr4QOSLnzpg4
dS94a1cPCT27JhX3DiT/QXk0A7zbmPOwfhZ8ld5Dzb0rugrecEPxkZbz2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIBu3YwFGfMkTEXQMrsP1uZ884fMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvb2dHN2RqQVVaOHlSTVJkQXl1d19XNW56emg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGIMA0G
CSqGSIb3DQEBCwUAA4IBAQCNVJIwoRto+LKFpyVg+HtO+fQ1uursdD2w0Rr+rX0x
su/4m4XpjJJixVreXoMuIaNSVubEJ3JVHhDJ7vVqBtcZ4uCK/BbUIxUrJxhILrvI
JFbMrLuMKGiZC/bh+V7JBwgyvQR9zCAOsE4AhGoTTQSZY3a1qBVT7QRShSFqlfyL
F7N8C/IhJp+b56OTJigtqO86OXxswKG8ifil10CDjxBDMH4/wnlqawwz8YVzl2nt
UlY/YeOsKicJ+CzzaLnH/Gg4fGdaq7YZIlSqDu/wTVYMf6rxpQ57GkPKq3p79JNy
HzaqFkHmpVf0M4lzyA6ZrljWRUYL7FZr8ZwCqJDdIU5y
-----END CERTIFICATE-----