This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/oKNCpcCzBqGQkkapGVmQ6yQAuXg.roa
File:                     oKNCpcCzBqGQkkapGVmQ6yQAuXg.roa (raw, json)
Hash identifier:          x1VGmz1TvNMJOY5QRynE8J58kRdyz/U6UQCEsYsPPbE=
Subject key identifier:   A0:A3:42:A5:C0:B3:06:A1:90:92:46:A9:19:59:90:EB:24:00:B9:78
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019B797E75B3716FD83D58017502B94CF9AE
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/oKNCpcCzBqGQkkapGVmQ6yQAuXg.roa
Signing time:             Thu 01 Jan 2026 12:18:09 +0000
ROA not before:           Thu 01 Jan 2026 12:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212335
IP address blocks:        109.122.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:75:b3:71:6f:d8:3d:58:01:75:02:b9:4c:f9:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  1 12:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0a342a5c0b306a1909246a9195990eb2400b978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a0:09:53:d0:60:56:85:d1:6e:2d:af:a2:b0:
                    ec:f5:0c:c8:48:f4:fb:62:42:0e:d5:ca:3f:2d:22:
                    39:70:c2:12:37:b0:3e:bc:f2:cc:fd:e0:a8:e7:77:
                    aa:05:e1:2e:cc:3b:88:77:eb:0a:ca:ba:95:a1:c7:
                    06:27:a8:87:2a:b6:5f:11:dd:52:5c:0b:fb:69:3a:
                    c2:00:05:3a:bc:e2:05:06:dd:11:71:48:e5:01:ed:
                    be:77:cd:6b:90:be:07:5e:11:ff:67:82:c9:5c:ed:
                    2f:14:65:a9:18:49:f8:be:e3:b0:8e:50:cf:7d:03:
                    36:24:6c:4e:e4:53:9e:41:04:25:e4:01:43:df:5e:
                    8f:d2:ca:dc:35:5e:60:9f:84:17:80:ff:f0:bb:8f:
                    a7:5e:c5:03:b3:eb:8a:e5:cb:9d:a8:cc:78:73:78:
                    76:f2:6c:b0:f4:4b:63:ef:84:cf:78:d2:7b:42:10:
                    bb:54:e7:7a:3e:07:90:30:3c:d5:b8:49:f4:9d:71:
                    38:e6:ef:24:8b:22:50:c2:92:10:47:69:dc:11:fc:
                    4a:b3:9b:28:f3:47:ea:b6:b3:1e:37:63:68:b3:92:
                    0c:fd:31:3b:31:f4:c5:75:82:1e:43:66:96:56:3c:
                    b0:aa:cb:60:a8:b1:d2:04:30:f6:29:f6:ca:e4:d0:
                    c9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A3:42:A5:C0:B3:06:A1:90:92:46:A9:19:59:90:EB:24:00:B9:78
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/oKNCpcCzBqGQkkapGVmQ6yQAuXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:6f:d8:f6:70:97:eb:c3:91:cb:31:49:de:9e:18:51:0f:71:
         bc:f2:80:ed:d8:c6:b6:69:03:3b:98:50:f3:b1:c2:2f:78:35:
         8f:f3:b8:e3:37:b0:3f:78:22:3f:bf:21:40:df:27:1a:d8:d4:
         cf:81:3b:c4:58:5b:55:56:c5:a9:b2:be:f0:1b:92:a0:4a:5b:
         8f:8d:ee:f2:8a:e0:c0:84:41:f1:b6:78:d4:1e:cf:4c:b0:a7:
         e8:54:8a:9f:94:ca:0d:7e:ca:1b:94:e3:e7:b4:21:a9:df:35:
         bc:d5:b1:ed:5b:09:26:e4:66:e2:5a:84:d2:0d:cd:b3:96:d2:
         3a:f7:a0:a2:e1:f9:e4:97:d0:22:94:be:63:ee:bc:0f:55:7f:
         1d:1e:d0:2a:e9:45:a7:89:d2:eb:af:69:8b:f2:0b:a3:03:b4:
         60:00:f9:52:7c:16:d6:62:c9:6e:3b:34:d4:89:8f:30:d7:61:
         2e:ff:6e:78:f2:ae:fe:10:5c:20:20:db:3e:be:79:aa:31:4a:
         1c:48:6f:8e:a8:73:11:e3:fa:dd:b5:8d:27:cc:6c:a9:50:33:
         f6:5d:19:78:3d:ff:df:59:7d:d9:b7:18:7b:fe:74:d7:e8:90:
         db:cd:96:b8:7b:46:02:36:ec:be:0d:90:a9:97:38:e8:8e:1b:
         a0:ea:de:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fnWzcW/YPVgBdQK5TPmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMTAxMTIxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGEzNDJhNWMwYjMwNmExOTA5MjQ2YTkxOTU5OTBlYjI0MDBiOTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKAJU9BgVoXRbi2vorDs9QzISPT7
YkIO1co/LSI5cMISN7A+vPLM/eCo53eqBeEuzDuId+sKyrqVoccGJ6iHKrZfEd1S
XAv7aTrCAAU6vOIFBt0RcUjlAe2+d81rkL4HXhH/Z4LJXO0vFGWpGEn4vuOwjlDP
fQM2JGxO5FOeQQQl5AFD316P0srcNV5gn4QXgP/wu4+nXsUDs+uK5cudqMx4c3h2
8myw9Etj74TPeNJ7QhC7VOd6PgeQMDzVuEn0nXE45u8kiyJQwpIQR2ncEfxKs5so
80fqtrMeN2Nos5IM/TE7MfTFdYIeQ2aWVjywqstgqLHSBDD2KfbK5NDJnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCjQqXAswahkJJGqRlZkOskALl4MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvb0tOQ3BjQ3pCcUdRa2thcEdWbVE2eVFBdVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXovMA0G
CSqGSIb3DQEBCwUAA4IBAQBTb9j2cJfrw5HLMUnenhhRD3G88oDt2Ma2aQM7mFDz
scIveDWP87jjN7A/eCI/vyFA3yca2NTPgTvEWFtVVsWpsr7wG5KgSluPje7yiuDA
hEHxtnjUHs9MsKfoVIqflMoNfsoblOPntCGp3zW81bHtWwkm5GbiWoTSDc2zltI6
96Ci4fnkl9AilL5j7rwPVX8dHtAq6UWnidLrr2mL8gujA7RgAPlSfBbWYsluOzTU
iY8w12Eu/2548q7+EFwgINs+vnmqMUocSG+OqHMR4/rdtY0nzGypUDP2XRl4Pf/f
WX3Ztxh7/nTX6JDbzZa4e0YCNuy+DZCplzjojhug6t7l
-----END CERTIFICATE-----