This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/OZvI4MXWtnolgxghoQ6_cphW1W4.roa
File:                     OZvI4MXWtnolgxghoQ6_cphW1W4.roa (raw, json)
Hash identifier:          Oi9ZbYQx2WEELwMB6HBFHb18B/3Zxcuia5/qRlgnoFw=
Subject key identifier:   39:9B:C8:E0:C5:D6:B6:7A:25:83:18:21:A1:0E:BF:72:98:56:D5:6E
Certificate issuer:       /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial:       019B797DFD8259A79811B9D0BC1CD280B281
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/OZvI4MXWtnolgxghoQ6_cphW1W4.roa
Signing time:             Thu 01 Jan 2026 12:17:38 +0000
ROA not before:           Thu 01 Jan 2026 12:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210259
IP address blocks:        81.29.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:fd:82:59:a7:98:11:b9:d0:bc:1c:d2:80:b2:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
        Validity
            Not Before: Jan  1 12:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=399bc8e0c5d6b67a25831821a10ebf729856d56e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:45:94:51:98:11:8b:19:e5:7a:45:1f:86:ec:
                    fe:e3:99:8c:9c:08:4a:dc:7d:de:10:be:9d:b0:62:
                    73:83:c9:b6:5e:a6:2b:94:37:17:05:f9:90:23:9c:
                    60:8c:9f:2f:db:40:c1:4c:1c:ce:46:75:1b:3b:09:
                    06:63:de:f9:a0:11:98:9d:85:3f:16:c5:a2:9e:32:
                    2e:3d:b7:4a:d8:1c:ba:64:3b:1f:3f:f3:37:c1:57:
                    e5:79:79:8d:fd:0e:3b:db:3b:04:3a:28:52:d0:5c:
                    c5:9f:6c:30:7e:f8:76:5d:9b:93:eb:2a:aa:72:44:
                    d4:98:c7:78:08:49:58:e1:a9:e8:41:e5:ca:42:44:
                    5b:b4:a1:4c:bf:6b:14:bd:c4:e8:3b:c6:aa:a9:1c:
                    70:04:25:a6:81:b0:e3:99:be:5f:73:f9:d6:ad:68:
                    26:64:9b:6e:ae:c5:25:04:08:7b:2f:4a:d3:69:06:
                    83:b2:7e:ad:71:a8:77:d5:2f:cf:bd:1e:6f:e9:77:
                    f8:d2:ee:a6:21:1b:4b:75:77:c9:69:a3:4f:e0:f5:
                    a8:d3:29:87:07:f6:ce:7f:c7:d6:9d:f8:13:9b:cc:
                    29:12:1c:7c:83:f6:99:1b:7b:33:20:fd:22:56:4a:
                    ed:08:75:e2:73:92:72:69:71:b6:99:05:20:f3:51:
                    1f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:9B:C8:E0:C5:D6:B6:7A:25:83:18:21:A1:0E:BF:72:98:56:D5:6E
            X509v3 Authority Key Identifier:
                keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/OZvI4MXWtnolgxghoQ6_cphW1W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:4d:d4:e4:2a:6c:78:6c:22:f9:5a:1c:28:55:a4:41:e6:bc:
         56:4f:38:93:fb:b0:6d:69:9b:cd:53:4b:bb:e7:6a:ae:93:a8:
         00:a0:82:7d:2a:cc:e5:ad:2c:ac:6e:a9:32:16:4e:fc:b3:d0:
         d7:41:de:b4:3f:f1:dd:6f:99:79:ca:4d:3f:a8:dd:2c:d4:e5:
         25:1d:28:98:39:4f:1c:c7:57:0a:55:a7:9d:dc:10:ca:a0:10:
         9a:e7:3f:93:77:28:2c:f9:97:d9:70:34:84:6d:eb:5a:5a:c8:
         58:d0:2c:99:3d:a9:a2:4e:30:29:32:ca:ee:3b:72:39:64:d4:
         3b:5f:12:ba:b1:7d:ea:1e:89:cb:c8:71:84:e4:c6:3d:c5:f3:
         f7:f1:c5:46:f0:c3:3a:63:00:28:32:04:0b:46:a1:6d:ce:74:
         b3:f7:ff:95:c2:fa:31:89:b5:0a:9e:dc:52:94:19:a0:61:4a:
         bb:6e:5b:47:f3:e6:eb:06:f3:ba:41:9f:bb:bf:7b:69:30:c6:
         7a:72:f2:28:a5:27:25:1b:b4:72:28:87:7a:96:62:f9:e0:c8:
         18:35:0c:71:2e:e9:e9:c3:8b:7f:58:e5:24:ed:50:c7:a0:0f:
         5d:f0:5e:33:4f:4e:e3:5c:9b:a1:ca:2d:23:9f:8c:6f:c8:c6:
         1b:99:60:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ff2CWaeYEbnQvBzSgLKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjYwMTAxMTIxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTliYzhlMGM1ZDZiNjdhMjU4MzE4MjFhMTBlYmY3Mjk4NTZkNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0WUUZgRixnlekUfhuz+45mMnAhK
3H3eEL6dsGJzg8m2XqYrlDcXBfmQI5xgjJ8v20DBTBzORnUbOwkGY975oBGYnYU/
FsWinjIuPbdK2By6ZDsfP/M3wVfleXmN/Q472zsEOihS0FzFn2wwfvh2XZuT6yqq
ckTUmMd4CElY4anoQeXKQkRbtKFMv2sUvcToO8aqqRxwBCWmgbDjmb5fc/nWrWgm
ZJtursUlBAh7L0rTaQaDsn6tcah31S/PvR5v6Xf40u6mIRtLdXfJaaNP4PWo0ymH
B/bOf8fWnfgTm8wpEhx8g/aZG3szIP0iVkrtCHXic5JyaXG2mQUg81EfBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmbyODF1rZ6JYMYIaEOv3KYVtVuMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEvT1p2STRNWFd0bm9sZ3hnaG9RNl9jcGhXMVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGItYTcyNDdlOWQ1ZjNh
LzEvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2OMA0G
CSqGSIb3DQEBCwUAA4IBAQAhTdTkKmx4bCL5WhwoVaRB5rxWTziT+7BtaZvNU0u7
52quk6gAoIJ9KszlrSysbqkyFk78s9DXQd60P/Hdb5l5yk0/qN0s1OUlHSiYOU8c
x1cKVaed3BDKoBCa5z+Tdygs+ZfZcDSEbetaWshY0CyZPamiTjApMsruO3I5ZNQ7
XxK6sX3qHonLyHGE5MY9xfP38cVG8MM6YwAoMgQLRqFtznSz9/+VwvoxibUKntxS
lBmgYUq7bltH8+brBvO6QZ+7v3tpMMZ6cvIopSclG7RyKId6lmL54MgYNQxxLunp
w4t/WOUk7VDHoA9d8F4zT07jXJuhyi0jn4xvyMYbmWCz
-----END CERTIFICATE-----