This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/O7Gej2bS_5hKcBi8mcz3JmNEOSw.roa
File:                     O7Gej2bS_5hKcBi8mcz3JmNEOSw.roa (raw, json)
Hash identifier:          h9gK6E3GHEkt+S79YiKfgPJlXrJcrfRQGLu5O6pt61U=
Subject key identifier:   3B:B1:9E:8F:66:D2:FF:98:4A:70:18:BC:99:CC:F7:26:63:44:39:2C
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       019B7C12BBE3270119FE13B057EE591F0FEF
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/O7Gej2bS_5hKcBi8mcz3JmNEOSw.roa
Signing time:             Fri 02 Jan 2026 00:19:21 +0000
ROA not before:           Fri 02 Jan 2026 00:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210645
IP address blocks:        2a0a:280:1900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:bb:e3:27:01:19:fe:13:b0:57:ee:59:1f:0f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 00:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bb19e8f66d2ff984a7018bc99ccf7266344392c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:61:ae:7b:bf:c2:ce:1d:e6:ce:b0:a4:5a:76:
                    54:7f:20:09:c1:32:28:22:28:5c:12:69:47:9c:e5:
                    e6:82:37:e5:34:3f:3b:91:33:e5:6f:79:77:98:a8:
                    c0:f5:99:d6:e8:64:89:77:06:0a:f8:c0:75:d0:70:
                    7d:bc:29:36:dc:52:49:24:5e:c5:ad:c6:5f:d9:da:
                    33:7f:75:21:88:7b:93:08:7c:71:2d:d4:50:eb:cd:
                    8c:44:96:c1:e9:85:88:16:21:b7:f9:03:42:01:5d:
                    6f:24:b2:b4:1d:e7:08:95:f5:ec:09:4d:19:fb:8f:
                    02:6a:e9:22:8b:4f:ac:16:c2:10:dc:11:3c:c1:fc:
                    0a:4c:38:db:bf:2b:0a:fd:1f:7f:26:99:06:e4:ef:
                    e3:3b:b4:24:e9:d6:a1:da:1a:07:c6:8e:b7:4e:ea:
                    b2:da:94:b1:f3:d4:dc:b9:40:a4:b6:2f:5c:25:70:
                    94:e9:c0:9e:a7:93:4c:bd:97:98:f4:9f:5e:64:2f:
                    02:9b:58:f0:54:5f:74:a2:16:82:a6:98:c2:1c:39:
                    e2:47:01:84:90:84:d9:1d:c1:e2:dc:aa:e3:6d:73:
                    60:43:d9:c0:c2:b9:cb:d2:5d:d1:73:81:3e:d1:48:
                    c9:17:97:c1:e8:96:56:b6:05:2f:4b:33:62:92:30:
                    5f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B1:9E:8F:66:D2:FF:98:4A:70:18:BC:99:CC:F7:26:63:44:39:2C
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/O7Gej2bS_5hKcBi8mcz3JmNEOSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         13:c1:07:76:2e:de:43:81:66:02:0c:9d:ee:4b:b3:8c:09:c6:
         74:76:4e:19:88:32:42:76:d4:5b:2c:34:77:a8:88:07:2d:0a:
         7a:fa:95:51:21:80:13:83:10:08:ab:8d:d7:ec:76:2d:72:e8:
         db:e6:b9:03:d6:4f:01:de:96:71:3d:16:ac:c7:b0:3c:d1:e3:
         8c:08:9d:cb:cd:c0:2d:f2:03:b3:39:54:b9:b6:7b:43:62:29:
         c4:fc:fd:94:9b:af:02:55:6d:bc:9d:6f:73:81:00:d4:61:09:
         56:b7:5d:3b:38:34:8d:e3:ee:40:41:ae:07:53:6f:97:cd:62:
         6f:3f:28:1d:a4:2e:bf:54:dc:f7:f7:d7:ad:b2:65:69:05:ec:
         17:81:5a:63:a5:f8:7c:66:1a:8c:db:81:57:6e:86:f3:5b:22:
         66:92:d7:ca:00:bd:e0:0f:bc:c0:cb:7e:56:de:65:ef:01:17:
         71:17:48:9f:50:ca:87:30:37:bb:6c:56:01:f1:6f:a4:40:ea:
         b5:91:fa:73:54:68:ad:bd:a7:6e:de:bc:76:f1:ef:2c:18:43:
         9c:ef:a0:47:62:7f:aa:34:b9:ac:e2:be:5b:da:ed:b1:bb:ec:
         3e:b2:0e:04:a2:75:62:a8:6b:11:19:3c:de:07:f4:51:da:8a:
         5b:09:86:a0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt8ErvjJwEZ/hOwV+5ZHw/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjYwMTAyMDAxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmIxOWU4ZjY2ZDJmZjk4NGE3MDE4YmM5OWNjZjcyNjYzNDQzOTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmGue7/Czh3mzrCkWnZUfyAJwTIo
IihcEmlHnOXmgjflND87kTPlb3l3mKjA9ZnW6GSJdwYK+MB10HB9vCk23FJJJF7F
rcZf2dozf3UhiHuTCHxxLdRQ682MRJbB6YWIFiG3+QNCAV1vJLK0HecIlfXsCU0Z
+48Caukii0+sFsIQ3BE8wfwKTDjbvysK/R9/JpkG5O/jO7Qk6dah2hoHxo63Tuqy
2pSx89TcuUCkti9cJXCU6cCep5NMvZeY9J9eZC8Cm1jwVF90ohaCppjCHDniRwGE
kITZHcHi3KrjbXNgQ9nAwrnL0l3Rc4E+0UjJF5fB6JZWtgUvSzNikjBfZwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDuxno9m0v+YSnAYvJnM9yZjRDksMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvTzdHZWoyYlNfNWhLY0JpOG1jejNKbU5FT1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBkw
DQYJKoZIhvcNAQELBQADggEBABPBB3Yu3kOBZgIMne5Ls4wJxnR2ThmIMkJ21Fss
NHeoiActCnr6lVEhgBODEAirjdfsdi1y6NvmuQPWTwHelnE9FqzHsDzR44wIncvN
wC3yA7M5VLm2e0NiKcT8/ZSbrwJVbbydb3OBANRhCVa3XTs4NI3j7kBBrgdTb5fN
Ym8/KB2kLr9U3Pf3162yZWkF7BeBWmOl+HxmGozbgVduhvNbImaS18oAveAPvMDL
flbeZe8BF3EXSJ9QyocwN7tsVgHxb6RA6rWR+nNUaK29p27evHbx7ywYQ5zvoEdi
f6o0uazivlva7bG77D6yDgSidWKoaxEZPN4H9FHailsJhqA=
-----END CERTIFICATE-----