This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/ofgcBJL5IkucI_t2Tbw87DuVUlg.roa
File:                     ofgcBJL5IkucI_t2Tbw87DuVUlg.roa (raw, json)
Hash identifier:          0n3F9loIDoRxXepxc9dufIeLMM9JHYgsIDsHjtK3JWY=
Subject key identifier:   A1:F8:1C:04:92:F9:22:4B:9C:23:FB:76:4D:BC:3C:EC:3B:95:52:58
Certificate issuer:       /CN=d8ef1290cf38b4f6e0183e7e4bf87ac67a12d7ab
Certificate serial:       019B797EDCD9D34FDE91CC53EF993630B53B
Authority key identifier: D8:EF:12:90:CF:38:B4:F6:E0:18:3E:7E:4B:F8:7A:C6:7A:12:D7:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2O8SkM84tPbgGD5-S_h6xnoS16s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/ofgcBJL5IkucI_t2Tbw87DuVUlg.roa
Signing time:             Thu 01 Jan 2026 12:18:35 +0000
ROA not before:           Thu 01 Jan 2026 12:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48067
IP address blocks:        193.84.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/2O8SkM84tPbgGD5-S_h6xnoS16s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/2O8SkM84tPbgGD5-S_h6xnoS16s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2O8SkM84tPbgGD5-S_h6xnoS16s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:dc:d9:d3:4f:de:91:cc:53:ef:99:36:30:b5:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8ef1290cf38b4f6e0183e7e4bf87ac67a12d7ab
        Validity
            Not Before: Jan  1 12:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1f81c0492f9224b9c23fb764dbc3cec3b955258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c0:fd:57:15:6b:01:b1:f9:ff:81:d6:f9:32:
                    51:f1:9d:e3:04:40:3d:85:91:1b:1b:59:cb:17:2c:
                    c6:ab:0c:17:65:98:77:ef:83:2c:62:3d:10:81:2b:
                    95:1c:3d:cb:65:7f:7f:97:d3:8f:81:72:96:60:22:
                    a2:23:f4:85:76:58:75:0a:7c:b6:e8:62:3b:63:b0:
                    1e:4b:69:3e:64:3b:bf:0a:92:29:8b:0e:b0:01:2c:
                    c8:50:27:99:1b:c4:3f:61:07:0b:03:97:2a:d7:e5:
                    a6:4b:5b:22:1c:d7:cb:33:e9:a5:0f:2c:6e:47:e7:
                    5d:4b:3b:db:57:11:04:6a:08:56:c1:51:77:96:ad:
                    99:56:96:9a:e4:b1:d9:34:8a:a1:3c:e7:c9:61:63:
                    3e:95:fe:cf:ab:e2:d5:45:b7:44:7b:e3:b9:fa:48:
                    ff:fe:f2:be:48:bb:32:74:38:33:b0:09:8a:d5:b7:
                    b1:30:d2:b1:a6:14:82:f3:d0:07:d3:56:56:f6:3e:
                    7d:c5:28:b6:bd:ba:bf:58:03:83:40:2c:34:56:16:
                    b9:8c:9c:60:83:bc:0e:f9:e2:4e:37:5e:43:f1:23:
                    17:e8:b0:ce:f9:57:b1:ff:7a:67:a0:e5:39:90:c4:
                    d2:1d:cb:5b:10:91:ab:71:5d:2b:f2:19:79:26:aa:
                    ec:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:F8:1C:04:92:F9:22:4B:9C:23:FB:76:4D:BC:3C:EC:3B:95:52:58
            X509v3 Authority Key Identifier:
                keyid:D8:EF:12:90:CF:38:B4:F6:E0:18:3E:7E:4B:F8:7A:C6:7A:12:D7:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2O8SkM84tPbgGD5-S_h6xnoS16s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/ofgcBJL5IkucI_t2Tbw87DuVUlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/2O8SkM84tPbgGD5-S_h6xnoS16s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:c8:43:0e:39:7d:87:b2:8c:97:58:60:6e:f8:57:92:26:1e:
         af:71:95:d9:43:6b:30:6c:04:2c:aa:ab:71:3d:9f:2d:5f:54:
         7b:dc:d8:29:a4:81:1b:eb:5f:da:5a:8d:61:ff:f5:91:bc:cb:
         45:fb:51:be:aa:7f:dc:f2:a3:3f:f4:46:55:f9:c1:ad:53:41:
         d5:8d:01:1c:6f:6e:14:9a:d0:30:e3:58:de:58:3b:d3:41:02:
         14:9a:ca:34:e6:06:5a:dd:11:9d:21:d1:d7:97:10:80:26:cf:
         8a:39:2a:ef:e0:75:75:fb:27:70:d1:53:fe:12:81:aa:e8:8e:
         4c:2a:cd:45:d7:ae:ac:c6:26:6e:ae:49:d1:c8:c2:f8:6f:d4:
         88:1c:17:8e:f8:31:5b:f2:a2:ee:93:f2:60:06:68:d5:7d:d7:
         3e:f0:1e:72:8a:5e:b8:de:cf:69:ee:56:cc:c4:48:9e:b8:38:
         d0:e4:c1:fb:77:ae:e2:ad:a8:bb:55:85:e2:dc:f9:14:41:98:
         f4:d3:16:24:ea:14:db:2d:77:1c:10:d8:bb:64:24:bd:e6:0a:
         a6:9c:2d:42:93:3b:21:92:9c:ce:81:dd:de:bc:67:d0:10:8d:
         6b:0f:e7:2f:5d:8a:87:fe:10:33:de:e7:3b:77:32:f7:76:8c:
         ef:18:d0:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ftzZ00/ekcxT75k2MLU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZWYxMjkwY2YzOGI0ZjZlMDE4M2U3ZTRiZjg3YWM2N2Ex
MmQ3YWIwHhcNMjYwMTAxMTIxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWY4MWMwNDkyZjkyMjRiOWMyM2ZiNzY0ZGJjM2NlYzNiOTU1MjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MD9VxVrAbH5/4HW+TJR8Z3jBEA9
hZEbG1nLFyzGqwwXZZh374MsYj0QgSuVHD3LZX9/l9OPgXKWYCKiI/SFdlh1Cny2
6GI7Y7AeS2k+ZDu/CpIpiw6wASzIUCeZG8Q/YQcLA5cq1+WmS1siHNfLM+mlDyxu
R+ddSzvbVxEEaghWwVF3lq2ZVpaa5LHZNIqhPOfJYWM+lf7Pq+LVRbdEe+O5+kj/
/vK+SLsydDgzsAmK1bexMNKxphSC89AH01ZW9j59xSi2vbq/WAODQCw0Vha5jJxg
g7wO+eJON15D8SMX6LDO+Vex/3pnoOU5kMTSHctbEJGrcV0r8hl5JqrsbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKH4HASS+SJLnCP7dk28POw7lVJYMB8GA1UdIwQY
MBaAFNjvEpDPOLT24Bg+fkv4esZ6EterMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk84U2tNODR0UGJnR0Q1LVNfaDZ4bm9TMTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8zMzA4ZjUtMjdlMy00Yzk0LWE0NmIt
NDhlNmYyNjBmYmE1LzEvb2ZnY0JKTDVJa3VjSV90MlRidzg3RHVWVWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8zMzA4ZjUtMjdlMy00Yzk0LWE0NmItNDhlNmYyNjBmYmE1
LzEvMk84U2tNODR0UGJnR0Q1LVNfaDZ4bm9TMTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVRFMA0G
CSqGSIb3DQEBCwUAA4IBAQA6yEMOOX2HsoyXWGBu+FeSJh6vcZXZQ2swbAQsqqtx
PZ8tX1R73NgppIEb61/aWo1h//WRvMtF+1G+qn/c8qM/9EZV+cGtU0HVjQEcb24U
mtAw41jeWDvTQQIUmso05gZa3RGdIdHXlxCAJs+KOSrv4HV1+ydw0VP+EoGq6I5M
Ks1F166sxiZurknRyML4b9SIHBeO+DFb8qLuk/JgBmjVfdc+8B5yil643s9p7lbM
xEieuDjQ5MH7d67irai7VYXi3PkUQZj00xYk6hTbLXccENi7ZCS95gqmnC1Ckzsh
kpzOgd3evGfQEI1rD+cvXYqH/hAz3uc7dzL3dozvGNAy
-----END CERTIFICATE-----