This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/o0ZTmIyo246teAF6LIA-IKUGio0.roa
File:                     o0ZTmIyo246teAF6LIA-IKUGio0.roa (raw, json)
Hash identifier:          5qd8JhzBjH0+Q5/Hur+OrtxTRYYnTe3YzSnXB2WUutA=
Subject key identifier:   A3:46:53:98:8C:A8:DB:8E:AD:78:01:7A:2C:80:3E:20:A5:06:8A:8D
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C12FCAEF876F9287BF8B65AC581073A
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/o0ZTmIyo246teAF6LIA-IKUGio0.roa
Signing time:             Fri 02 Jan 2026 00:19:37 +0000
ROA not before:           Fri 02 Jan 2026 00:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61042
IP address blocks:        194.209.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:fc:ae:f8:76:f9:28:7b:f8:b6:5a:c5:81:07:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a34653988ca8db8ead78017a2c803e20a5068a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:15:11:eb:4a:02:d6:a2:26:cb:27:8a:73:fd:
                    6b:61:97:c3:24:55:2d:bc:61:1f:f1:b4:cd:df:95:
                    75:c1:cc:00:72:dd:03:d0:ea:24:02:0a:89:5a:5c:
                    42:65:41:6f:9b:15:9e:6b:44:d4:fc:84:d3:2a:30:
                    8f:3d:71:5a:13:07:06:0d:d4:99:5e:b3:2a:07:1e:
                    95:ed:83:20:b1:ee:98:b4:cd:3f:12:0e:dd:8c:0e:
                    5e:d3:dc:98:6f:21:15:fb:78:ae:cb:e6:de:2d:e9:
                    af:f1:5e:66:5f:c0:f7:d2:af:d8:42:f4:87:29:0d:
                    0f:e2:ae:07:e9:96:23:8c:fc:77:01:7c:8d:c0:a3:
                    86:13:31:75:2b:cc:75:b5:46:e0:2f:1e:09:c7:d2:
                    86:d1:bd:40:2c:55:54:0a:cc:bc:37:ae:6d:f1:db:
                    12:78:5e:1e:ae:71:b5:2d:f2:9c:54:3f:ab:cd:d7:
                    1a:6a:ea:1b:ab:b1:c2:28:88:e2:4d:9c:7e:b0:c2:
                    f7:f3:d8:a5:11:20:68:73:89:9e:77:9e:84:c4:8e:
                    78:fc:fe:87:59:91:b9:36:d2:36:3b:4c:9e:61:71:
                    2a:10:81:7f:6e:b8:92:e3:5b:bb:a7:41:a5:43:d9:
                    5d:3c:28:a4:9b:0a:16:d1:30:2d:60:c2:42:6b:cf:
                    fd:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:46:53:98:8C:A8:DB:8E:AD:78:01:7A:2C:80:3E:20:A5:06:8A:8D
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/o0ZTmIyo246teAF6LIA-IKUGio0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:2b:4b:75:97:4e:b4:33:a7:32:9a:cb:53:d2:8d:f5:f8:ba:
         46:e2:68:bc:cb:39:fe:e5:81:66:77:a8:31:c6:6f:8b:f7:a8:
         9a:a1:75:50:56:37:98:76:59:bc:47:11:e2:d0:c6:aa:63:29:
         f7:78:9e:78:5f:d2:06:07:d9:77:2f:bc:f3:19:8a:6a:9b:cf:
         03:c8:51:2f:fb:24:e3:77:62:bd:e0:32:f2:eb:12:72:ce:2e:
         7a:f6:bd:41:6b:45:e0:4b:21:c9:0e:24:7f:dc:c3:2f:1b:b9:
         7f:37:22:ac:2d:b2:26:e5:81:67:b9:d4:a2:30:1a:98:5c:a7:
         16:56:4e:fa:66:b0:e2:7a:18:dc:20:e2:0d:b7:9c:20:04:36:
         a3:91:51:63:a6:9f:9a:8f:67:47:79:eb:80:30:73:00:e6:42:
         66:6e:82:f5:33:08:a5:1c:bb:ba:14:2c:13:81:37:61:a0:1e:
         b8:1f:26:e6:c8:1b:4e:b0:ad:1c:63:82:91:8d:32:98:48:ae:
         61:61:bb:c7:09:8d:5b:71:e3:ec:78:80:a7:90:14:fd:15:a6:
         91:2c:91:c9:b4:71:54:a6:12:8a:d4:f8:aa:10:fa:7a:9f:5b:
         d8:cf:d6:25:17:c7:c6:d5:4d:cd:46:6c:c9:33:04:01:f2:d0:
         b2:fa:85:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Evyu+Hb5KHv4tlrFgQc6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQ2NTM5ODhjYThkYjhlYWQ3ODAxN2EyYzgwM2UyMGE1MDY4YThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRUR60oC1qImyyeKc/1rYZfDJFUt
vGEf8bTN35V1wcwAct0D0OokAgqJWlxCZUFvmxWea0TU/ITTKjCPPXFaEwcGDdSZ
XrMqBx6V7YMgse6YtM0/Eg7djA5e09yYbyEV+3iuy+beLemv8V5mX8D30q/YQvSH
KQ0P4q4H6ZYjjPx3AXyNwKOGEzF1K8x1tUbgLx4Jx9KG0b1ALFVUCsy8N65t8dsS
eF4ernG1LfKcVD+rzdcaauobq7HCKIjiTZx+sML389ilESBoc4med56ExI54/P6H
WZG5NtI2O0yeYXEqEIF/briS41u7p0GlQ9ldPCikmwoW0TAtYMJCa8/9tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNGU5iMqNuOrXgBeiyAPiClBoqNMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvbzBaVG1JeW8yNDZ0ZUFGNkxJQS1JS1VHaW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtEpMA0G
CSqGSIb3DQEBCwUAA4IBAQB9K0t1l060M6cymstT0o31+LpG4mi8yzn+5YFmd6gx
xm+L96iaoXVQVjeYdlm8RxHi0MaqYyn3eJ54X9IGB9l3L7zzGYpqm88DyFEv+yTj
d2K94DLy6xJyzi569r1Ba0XgSyHJDiR/3MMvG7l/NyKsLbIm5YFnudSiMBqYXKcW
Vk76ZrDiehjcIOINt5wgBDajkVFjpp+aj2dHeeuAMHMA5kJmboL1MwilHLu6FCwT
gTdhoB64HybmyBtOsK0cY4KRjTKYSK5hYbvHCY1bcePseICnkBT9FaaRLJHJtHFU
phKK1PiqEPp6n1vYz9YlF8fG1U3NRmzJMwQB8tCy+oUl
-----END CERTIFICATE-----