This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/OOHuoxQHwcTPw0lmXeoWsx3MPDs.roa
File:                     OOHuoxQHwcTPw0lmXeoWsx3MPDs.roa (raw, json)
Hash identifier:          0adogDb33iNZDpARqzB5nWTOkYnidB5h7S3awTSepJY=
Subject key identifier:   38:E1:EE:A3:14:07:C1:C4:CF:C3:49:66:5D:EA:16:B3:1D:CC:3C:3B
Certificate issuer:       /CN=5afd8667cce95be0ae96058c4550d7088035312f
Certificate serial:       019B7FF1374BED717D81DBC0BC2DD59CAB73
Authority key identifier: 5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/OOHuoxQHwcTPw0lmXeoWsx3MPDs.roa
Signing time:             Fri 02 Jan 2026 18:21:13 +0000
ROA not before:           Fri 02 Jan 2026 18:21:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212158
IP address blocks:        195.246.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:37:4b:ed:71:7d:81:db:c0:bc:2d:d5:9c:ab:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5afd8667cce95be0ae96058c4550d7088035312f
        Validity
            Not Before: Jan  2 18:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38e1eea31407c1c4cfc349665dea16b31dcc3c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a8:bf:0c:e3:fd:d5:95:fa:72:58:11:b2:a4:
                    ab:e4:27:d7:cd:d9:87:d6:2a:26:15:da:45:e8:5a:
                    f3:b4:4b:4f:51:72:57:f3:8f:c6:9c:8d:55:2e:d9:
                    f7:29:bb:be:e4:c4:36:a7:e7:4d:6a:30:30:66:35:
                    79:e8:e5:4e:49:bd:d2:5f:78:5c:1e:f7:aa:3a:f1:
                    47:03:45:bc:9b:27:50:6e:7c:89:9c:ca:10:d9:b8:
                    af:73:12:f6:7f:e8:f4:a7:47:1d:60:2f:5c:30:71:
                    1c:88:a8:b4:af:45:70:66:4f:d2:a6:08:64:9b:35:
                    7c:fd:dd:7e:9a:9d:20:5c:b6:0d:8f:f1:a7:9f:10:
                    e1:4f:40:26:b6:17:bd:05:3c:72:de:8d:d9:44:97:
                    57:02:38:1a:9b:2f:38:b5:e4:ea:bd:c6:bb:f4:6e:
                    b3:34:39:a1:a0:e4:6b:fe:de:9f:d7:75:ce:b4:7b:
                    c4:3b:04:b1:c5:40:6f:b8:9f:b1:aa:29:6e:40:a4:
                    b3:54:f5:d0:7f:91:83:84:61:9f:e0:08:5b:64:df:
                    df:84:5e:32:f0:3f:eb:8b:ca:68:f9:f9:1a:5a:db:
                    03:d7:17:36:18:87:1b:1d:47:fe:d9:2f:8e:31:de:
                    3e:e8:43:08:87:88:1c:f8:7a:f9:80:4c:4b:92:d3:
                    0d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:E1:EE:A3:14:07:C1:C4:CF:C3:49:66:5D:EA:16:B3:1D:CC:3C:3B
            X509v3 Authority Key Identifier:
                keyid:5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/OOHuoxQHwcTPw0lmXeoWsx3MPDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:9d:fd:95:0c:57:fd:84:50:70:9a:32:8d:01:1a:5f:f4:4c:
         f4:93:d7:5b:bb:41:11:ea:f1:25:c2:03:f9:89:a9:1c:4c:9c:
         dd:07:13:1c:c0:a2:b8:b4:70:ca:7b:37:61:6d:4f:e0:5b:5b:
         f5:c1:12:f0:e9:bd:e3:a4:80:7a:22:33:43:9b:be:04:a8:49:
         f5:16:e0:c4:5d:2b:5b:0b:53:73:a6:51:21:3b:56:15:08:30:
         13:c4:65:9f:fe:d8:28:d3:83:45:2f:2d:d7:7f:72:de:54:29:
         f1:cb:a4:d8:58:d1:5b:e4:8a:8c:26:78:f7:88:fb:60:54:71:
         da:3e:ca:28:fc:b6:33:dc:f1:01:e5:cc:e3:7b:b7:af:f3:b4:
         15:d3:72:d9:1c:ee:7a:76:d7:54:54:a1:32:be:4c:69:40:10:
         46:f6:07:d3:24:57:fa:fb:22:a7:4b:13:d5:8b:b0:e9:07:3f:
         ba:11:2a:12:6b:33:66:31:54:e3:83:40:70:f0:58:4f:1b:73:
         73:89:ca:6a:36:1a:bf:2f:d9:0d:17:b4:39:07:30:e1:ca:09:
         7d:91:58:b3:b6:d3:f7:ef:9e:4e:25:a9:78:f7:aa:2e:b9:4d:
         f5:fb:09:be:0c:b8:53:18:45:76:79:2c:61:a8:cc:11:51:6c:
         13:4b:df:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8TdL7XF9gdvAvC3VnKtzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZmQ4NjY3Y2NlOTViZTBhZTk2MDU4YzQ1NTBkNzA4ODAz
NTMxMmYwHhcNMjYwMTAyMTgyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGUxZWVhMzE0MDdjMWM0Y2ZjMzQ5NjY1ZGVhMTZiMzFkY2MzYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKi/DOP91ZX6clgRsqSr5CfXzdmH
1iomFdpF6FrztEtPUXJX84/GnI1VLtn3Kbu+5MQ2p+dNajAwZjV56OVOSb3SX3hc
HveqOvFHA0W8mydQbnyJnMoQ2bivcxL2f+j0p0cdYC9cMHEciKi0r0VwZk/Spghk
mzV8/d1+mp0gXLYNj/GnnxDhT0Amthe9BTxy3o3ZRJdXAjgamy84teTqvca79G6z
NDmhoORr/t6f13XOtHvEOwSxxUBvuJ+xqiluQKSzVPXQf5GDhGGf4AhbZN/fhF4y
8D/ri8po+fkaWtsD1xc2GIcbHUf+2S+OMd4+6EMIh4gc+Hr5gExLktMNQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjh7qMUB8HEz8NJZl3qFrMdzDw7MB8GA1UdIwQY
MBaAFFr9hmfM6VvgrpYFjEVQ1wiANTEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYt
MjQ5YWM3NzNjMjgyLzEvT09IdW94UUh3Y1RQdzBsbVhlb1dzeDNNUERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYtMjQ5YWM3NzNjMjgy
LzEvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/ZjMA0G
CSqGSIb3DQEBCwUAA4IBAQAfnf2VDFf9hFBwmjKNARpf9Ez0k9dbu0ER6vElwgP5
iakcTJzdBxMcwKK4tHDKezdhbU/gW1v1wRLw6b3jpIB6IjNDm74EqEn1FuDEXStb
C1NzplEhO1YVCDATxGWf/tgo04NFLy3Xf3LeVCnxy6TYWNFb5IqMJnj3iPtgVHHa
Psoo/LYz3PEB5czje7ev87QV03LZHO56dtdUVKEyvkxpQBBG9gfTJFf6+yKnSxPV
i7DpBz+6ESoSazNmMVTjg0Bw8FhPG3NzicpqNhq/L9kNF7Q5BzDhygl9kVizttP3
755OJal496ouuU31+wm+DLhTGEV2eSxhqMwRUWwTS9/3
-----END CERTIFICATE-----