This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/OGNMh9luEfhWYSfkuTxUdvEw3T0.roa
File:                     OGNMh9luEfhWYSfkuTxUdvEw3T0.roa (raw, json)
Hash identifier:          W+Y0DYRWsQtmVscqd/FelKkUl50HuhEP05K5AvhVU6w=
Subject key identifier:   38:63:4C:87:D9:6E:11:F8:56:61:27:E4:B9:3C:54:76:F1:30:DD:3D
Certificate issuer:       /CN=7d2a01224b1da86480cfecbcb6c52df9812968e8
Certificate serial:       019B7F157E2EB53A497279B67D6072FB9D4F
Authority key identifier: 7D:2A:01:22:4B:1D:A8:64:80:CF:EC:BC:B6:C5:2D:F9:81:29:68:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fSoBIksdqGSAz-y8tsUt-YEpaOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/OGNMh9luEfhWYSfkuTxUdvEw3T0.roa
Signing time:             Fri 02 Jan 2026 14:21:13 +0000
ROA not before:           Fri 02 Jan 2026 14:21:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43023
IP address blocks:        185.187.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/fSoBIksdqGSAz-y8tsUt-YEpaOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/fSoBIksdqGSAz-y8tsUt-YEpaOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fSoBIksdqGSAz-y8tsUt-YEpaOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:7e:2e:b5:3a:49:72:79:b6:7d:60:72:fb:9d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d2a01224b1da86480cfecbcb6c52df9812968e8
        Validity
            Not Before: Jan  2 14:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38634c87d96e11f8566127e4b93c5476f130dd3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:41:35:9c:ac:f4:6d:96:eb:71:98:b6:5d:76:
                    84:be:db:c3:cd:e0:0d:78:ab:62:e7:a8:dc:34:c6:
                    ab:7c:1d:66:fa:a9:80:a4:39:24:d4:90:c2:42:1b:
                    e9:ba:e6:43:32:af:cc:f0:ca:c3:28:0f:19:17:10:
                    dd:92:12:c9:4a:9c:0f:1a:dd:b9:c9:e5:fc:7d:d6:
                    34:0b:0a:e1:4a:d8:5d:ef:5c:64:19:e8:ef:3f:e3:
                    ec:15:c1:b9:78:6e:39:07:a9:8b:a5:c8:ce:42:f5:
                    24:6c:27:4e:f6:99:f2:51:9e:a4:52:71:09:7a:f2:
                    ce:54:6b:7b:63:ab:e0:58:0c:3a:6a:9a:f9:83:66:
                    68:cb:06:60:61:fa:c6:79:2f:f0:f4:44:cf:f3:f3:
                    31:f9:45:18:29:a9:be:05:d3:f8:6c:c6:6e:50:1b:
                    07:fc:e5:21:cc:1b:c5:40:9c:a5:b5:39:a9:f6:38:
                    25:5f:a4:6d:60:db:49:fa:b0:2c:31:e1:02:b0:0d:
                    63:0a:6e:8f:ff:e2:aa:35:80:d4:1e:d8:75:8f:32:
                    7b:b7:59:4f:3e:c1:39:b4:e0:5c:9d:86:45:81:82:
                    64:dd:31:c4:dc:62:8f:3c:22:fc:03:64:b6:f2:7d:
                    50:6d:6b:88:0f:2f:a2:83:48:3e:dd:45:84:f0:86:
                    d8:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:63:4C:87:D9:6E:11:F8:56:61:27:E4:B9:3C:54:76:F1:30:DD:3D
            X509v3 Authority Key Identifier:
                keyid:7D:2A:01:22:4B:1D:A8:64:80:CF:EC:BC:B6:C5:2D:F9:81:29:68:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fSoBIksdqGSAz-y8tsUt-YEpaOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/OGNMh9luEfhWYSfkuTxUdvEw3T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/fSoBIksdqGSAz-y8tsUt-YEpaOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:91:de:42:f0:9a:b2:ed:a0:b0:c8:57:a9:56:e1:64:fd:9d:
         35:7c:be:e3:f0:d2:d5:2e:1c:ad:10:6a:fc:6e:f9:fd:c1:78:
         40:77:3e:ba:d9:ec:dc:85:69:12:3f:16:e6:12:f7:13:82:75:
         16:dc:1b:63:2e:be:f5:51:6e:aa:b9:77:5f:24:91:53:91:73:
         03:3d:68:6f:a9:86:85:8c:be:27:17:e3:9c:32:af:76:65:56:
         33:ea:b4:5a:7e:61:2a:f0:13:6c:11:ea:07:0f:a4:0c:58:0e:
         5f:52:ba:49:34:a5:ab:55:d7:18:45:f6:74:4e:c3:47:2a:58:
         74:1d:b2:99:f0:98:d3:54:7d:fb:1b:59:6e:5a:a4:f2:99:de:
         eb:af:86:5d:e0:88:d2:ee:23:32:d6:0d:74:30:3f:b9:82:89:
         84:e4:c9:36:72:d3:25:81:1c:81:f4:a5:2d:21:5d:e7:df:0b:
         00:5a:87:59:bf:d1:b3:da:81:47:11:da:1f:f7:26:75:e9:80:
         2d:af:26:b4:62:54:ba:64:4c:1a:33:83:98:77:5b:00:4c:23:
         52:08:2e:ea:10:98:ac:07:b2:31:f2:dc:1c:a9:68:a0:bc:75:
         b0:fd:28:28:b8:87:a1:c7:d3:5a:e9:de:b7:07:7c:96:bf:19:
         e3:42:99:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FX4utTpJcnm2fWBy+51PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMmEwMTIyNGIxZGE4NjQ4MGNmZWNiY2I2YzUyZGY5ODEy
OTY4ZTgwHhcNMjYwMTAyMTQyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODYzNGM4N2Q5NmUxMWY4NTY2MTI3ZTRiOTNjNTQ3NmYxMzBkZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkE1nKz0bZbrcZi2XXaEvtvDzeAN
eKti56jcNMarfB1m+qmApDkk1JDCQhvpuuZDMq/M8MrDKA8ZFxDdkhLJSpwPGt25
yeX8fdY0CwrhSthd71xkGejvP+PsFcG5eG45B6mLpcjOQvUkbCdO9pnyUZ6kUnEJ
evLOVGt7Y6vgWAw6apr5g2ZoywZgYfrGeS/w9ETP8/Mx+UUYKam+BdP4bMZuUBsH
/OUhzBvFQJyltTmp9jglX6RtYNtJ+rAsMeECsA1jCm6P/+KqNYDUHth1jzJ7t1lP
PsE5tOBcnYZFgYJk3THE3GKPPCL8A2S28n1QbWuIDy+ig0g+3UWE8IbYiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhjTIfZbhH4VmEn5Lk8VHbxMN09MB8GA1UdIwQY
MBaAFH0qASJLHahkgM/svLbFLfmBKWjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlNvQklrc2RxR1NBei15OHRzVXQtWUVwYU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9jNDFmNzctYjZhMi00NDk0LWEwNzQt
NGZhZTg0ZmExNThlLzEvT0dOTWg5bHVFZmhXWVNma3VUeFVkdkV3M1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9jNDFmNzctYjZhMi00NDk0LWEwNzQtNGZhZTg0ZmExNThl
LzEvZlNvQklrc2RxR1NBei15OHRzVXQtWUVwYU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubuKMA0G
CSqGSIb3DQEBCwUAA4IBAQAukd5C8Jqy7aCwyFepVuFk/Z01fL7j8NLVLhytEGr8
bvn9wXhAdz662ezchWkSPxbmEvcTgnUW3BtjLr71UW6quXdfJJFTkXMDPWhvqYaF
jL4nF+OcMq92ZVYz6rRafmEq8BNsEeoHD6QMWA5fUrpJNKWrVdcYRfZ0TsNHKlh0
HbKZ8JjTVH37G1luWqTymd7rr4Zd4IjS7iMy1g10MD+5gomE5Mk2ctMlgRyB9KUt
IV3n3wsAWodZv9Gz2oFHEdof9yZ16YAtrya0YlS6ZEwaM4OYd1sATCNSCC7qEJis
B7Ix8twcqWigvHWw/SgouIehx9Na6d63B3yWvxnjQpnP
-----END CERTIFICATE-----