This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/O7bg67y47ZOoPcbpikTEP53R8QM.roa
File:                     O7bg67y47ZOoPcbpikTEP53R8QM.roa (raw, json)
Hash identifier:          Lfq/GOAKrqu2i4mGWYwRqVulyDHvgcrRSspRO+BqJdg=
Subject key identifier:   3B:B6:E0:EB:BC:B8:ED:93:A8:3D:C6:E9:8A:44:C4:3F:9D:D1:F1:03
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019B9E667B344C25DBDCE7260D64AB573F81
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/O7bg67y47ZOoPcbpikTEP53R8QM.roa
Signing time:             Thu 08 Jan 2026 16:17:54 +0000
ROA not before:           Thu 08 Jan 2026 16:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215294
IP address blocks:        81.18.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:17:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:9e:66:7b:34:4c:25:db:dc:e7:26:0d:64:ab:57:3f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  8 16:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bb6e0ebbcb8ed93a83dc6e98a44c43f9dd1f103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:61:7e:b9:47:3d:dd:33:ae:42:b4:6c:66:8b:
                    25:46:93:dd:b2:28:07:0e:63:c7:2a:7a:f7:a3:a2:
                    d9:0e:83:12:5c:71:ce:ce:c0:46:36:a7:ef:10:0b:
                    87:95:ee:e6:18:ea:2e:c4:5f:82:41:5d:c1:a7:e6:
                    63:eb:9a:8d:33:48:5f:e9:8f:ed:74:e8:7d:83:e3:
                    99:8e:e7:c6:33:fe:c9:7f:14:82:83:ea:b6:71:a5:
                    58:e5:66:ac:ef:e5:33:42:eb:31:bc:68:f1:e0:27:
                    8b:2b:02:cd:1e:01:63:7e:0f:af:4d:bd:b4:5b:f5:
                    af:b4:6d:9d:97:96:fa:78:b1:69:05:ae:cd:a3:95:
                    68:fd:51:20:01:6f:e4:da:13:74:06:b2:7c:7d:6e:
                    3a:f4:ee:5d:32:ae:a1:36:f4:b3:8c:9d:38:50:d0:
                    dd:60:6c:e7:08:99:9a:de:ea:07:02:db:a6:d3:1f:
                    0b:9a:9c:dd:37:f1:4e:65:e1:bf:12:c6:d9:7f:96:
                    c4:26:6d:7e:4e:3f:92:f9:42:ca:66:c6:1a:db:eb:
                    21:00:e5:bf:d1:9e:65:67:9f:de:0a:c7:e3:78:cf:
                    80:37:ee:25:7f:49:83:fd:e8:d9:38:15:1d:bc:a7:
                    bf:aa:ae:34:c1:f2:c8:2b:b4:47:ec:62:a4:39:5d:
                    31:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B6:E0:EB:BC:B8:ED:93:A8:3D:C6:E9:8A:44:C4:3F:9D:D1:F1:03
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/O7bg67y47ZOoPcbpikTEP53R8QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:35:65:1d:13:f8:f0:f4:25:7a:f6:6a:66:0a:b7:6c:34:d4:
         37:0e:f8:b4:1a:17:c0:48:b2:f4:48:5d:74:5b:05:1d:b5:24:
         46:3d:a1:4c:b6:76:95:10:aa:b8:26:c9:0d:aa:d0:e9:91:c7:
         2a:d8:fa:51:0c:2c:c9:e2:24:92:dd:13:4e:f0:7f:20:f0:7a:
         0c:08:ed:c6:32:a3:8a:92:04:49:3a:36:23:80:66:d4:9b:80:
         6b:10:36:39:b8:bc:54:7b:1f:6e:ac:cd:6e:bf:36:9b:77:7f:
         d9:66:00:51:8a:66:5d:89:f3:5a:ff:7f:e0:5a:52:c6:67:fc:
         e0:01:71:8c:98:d0:41:f3:34:66:5d:5b:2a:0e:6c:d2:fd:31:
         7c:fa:42:0e:50:43:fa:57:88:43:57:ab:78:a0:db:f9:ce:b6:
         9e:e9:38:22:df:45:94:43:6e:13:98:16:86:44:ed:ab:7d:ed:
         14:8b:07:4d:fd:b1:aa:15:8d:a3:b4:91:95:6b:b4:55:06:76:
         11:79:6d:85:50:4c:eb:83:2b:0b:89:03:77:c5:4c:bd:f6:d9:
         7d:1e:59:22:9b:ce:e1:66:46:bb:26:25:3a:66:3c:f9:40:56:
         af:dc:77:9d:ff:d5:7a:ae:61:b5:f9:2b:55:88:a2:e5:10:17:
         b0:d0:9e:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZueZns0TCXb3OcmDWSrVz+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMTA4MTYxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmI2ZTBlYmJjYjhlZDkzYTgzZGM2ZTk4YTQ0YzQzZjlkZDFmMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGF+uUc93TOuQrRsZoslRpPdsigH
DmPHKnr3o6LZDoMSXHHOzsBGNqfvEAuHle7mGOouxF+CQV3Bp+Zj65qNM0hf6Y/t
dOh9g+OZjufGM/7JfxSCg+q2caVY5Was7+UzQusxvGjx4CeLKwLNHgFjfg+vTb20
W/WvtG2dl5b6eLFpBa7No5Vo/VEgAW/k2hN0BrJ8fW469O5dMq6hNvSzjJ04UNDd
YGznCJma3uoHAtum0x8LmpzdN/FOZeG/EsbZf5bEJm1+Tj+S+ULKZsYa2+shAOW/
0Z5lZ5/eCsfjeM+AN+4lf0mD/ejZOBUdvKe/qq40wfLIK7RH7GKkOV0xeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDu24Ou8uO2TqD3G6YpExD+d0fEDMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvTzdiZzY3eTQ3Wk9vUGNicGlrVEVQNTNSOFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURI/MA0G
CSqGSIb3DQEBCwUAA4IBAQAqNWUdE/jw9CV69mpmCrdsNNQ3Dvi0GhfASLL0SF10
WwUdtSRGPaFMtnaVEKq4JskNqtDpkccq2PpRDCzJ4iSS3RNO8H8g8HoMCO3GMqOK
kgRJOjYjgGbUm4BrEDY5uLxUex9urM1uvzabd3/ZZgBRimZdifNa/3/gWlLGZ/zg
AXGMmNBB8zRmXVsqDmzS/TF8+kIOUEP6V4hDV6t4oNv5zrae6Tgi30WUQ24TmBaG
RO2rfe0UiwdN/bGqFY2jtJGVa7RVBnYReW2FUEzrgysLiQN3xUy99tl9Hlkim87h
Zka7JiU6Zjz5QFav3Hed/9V6rmG1+StViKLlEBew0J6J
-----END CERTIFICATE-----