This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/olMuY2vLp-rTHiiG19684Hs0Obo.roa
File:                     olMuY2vLp-rTHiiG19684Hs0Obo.roa (raw, json)
Hash identifier:          AhrmX1s8Thh/vu90E8QqE/FwFFRmye+xTuyBpcZ+7RU=
Subject key identifier:   A2:53:2E:63:6B:CB:A7:EA:D3:1E:28:86:D7:DE:BC:E0:7B:34:39:BA
Certificate issuer:       /CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
Certificate serial:       019B7F14DFFFD4721D0C7F2F428EDD2F99B4
Authority key identifier: 12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/olMuY2vLp-rTHiiG19684Hs0Obo.roa
Signing time:             Fri 02 Jan 2026 14:20:33 +0000
ROA not before:           Fri 02 Jan 2026 14:20:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        185.88.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:df:ff:d4:72:1d:0c:7f:2f:42:8e:dd:2f:99:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
        Validity
            Not Before: Jan  2 14:20:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2532e636bcba7ead31e2886d7debce07b3439ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:32:d1:b0:55:16:26:f4:01:6b:b1:9c:b8:0f:
                    f6:80:ad:41:7d:7d:9a:a9:4b:01:0c:95:2d:7f:fb:
                    d6:50:a5:6c:58:51:eb:d0:ae:ab:97:fb:c4:98:f8:
                    28:89:f5:80:81:d8:49:a4:67:1d:4f:9c:38:0c:0f:
                    85:dd:4f:45:3b:3c:09:26:6f:b8:00:67:a3:a9:89:
                    76:9f:85:67:fa:5a:f5:a9:c1:83:f7:1a:6c:55:8d:
                    d9:f3:62:5c:db:5e:04:2e:5b:57:7b:f5:c5:5e:cc:
                    bd:d3:ea:81:91:b7:59:a5:96:a8:33:05:7c:38:b4:
                    b9:58:1a:bc:03:95:1c:c4:f5:cf:3e:2a:ee:1e:8d:
                    b1:cf:49:08:4a:28:64:5d:42:5e:c6:e3:75:81:47:
                    d2:32:77:e3:04:79:2a:e3:26:ae:30:8d:38:61:05:
                    b7:26:2b:9e:0c:b0:37:82:38:dd:de:61:ad:46:7e:
                    ef:b1:c4:d7:27:14:bb:16:c8:46:17:bc:88:89:18:
                    36:c6:3a:1f:23:a6:43:c4:c6:19:f7:52:f7:a1:f8:
                    02:86:93:c0:be:f9:6c:cc:de:67:c3:9e:54:35:1d:
                    0c:09:7a:56:ea:77:bb:53:64:22:91:2a:c2:fd:8d:
                    e6:fb:e8:c6:c6:45:9d:a2:78:0f:28:83:f7:02:e6:
                    71:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:53:2E:63:6B:CB:A7:EA:D3:1E:28:86:D7:DE:BC:E0:7B:34:39:BA
            X509v3 Authority Key Identifier:
                keyid:12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/olMuY2vLp-rTHiiG19684Hs0Obo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:9c:ec:56:f4:e9:66:86:22:c4:e5:b9:7e:e8:86:ad:12:98:
         17:d2:b5:78:af:38:f2:f3:2e:bb:de:82:01:2a:ab:d8:f6:87:
         60:df:f7:33:35:13:06:8a:bc:e4:61:78:44:60:3d:30:3a:3d:
         44:fa:c7:4e:4c:c6:70:18:95:8c:1c:ad:3c:f4:01:7c:dd:b4:
         25:8d:38:83:02:d9:a7:d7:37:7b:6f:dd:e7:cf:5d:f1:90:ee:
         1d:b8:fc:22:f5:59:6a:0d:90:e2:65:18:12:c9:38:63:b0:26:
         ed:b9:0a:88:8c:d6:13:b7:d6:8c:19:78:d4:b1:02:2c:2b:04:
         eb:60:21:55:ad:6c:ec:d0:3a:ff:0b:29:78:14:70:53:69:55:
         8f:66:a1:d6:6a:86:c5:87:82:b9:2e:cb:29:a9:eb:d6:37:55:
         f8:42:a4:3e:6a:3c:1b:9c:fe:a1:d6:55:71:7a:7f:76:cf:d8:
         8b:0e:60:56:ef:b2:a5:89:e0:f9:3b:49:e3:5c:dc:68:da:4e:
         5f:35:e1:01:5d:4d:3b:8d:dd:5a:93:fe:1b:0d:68:81:91:9c:
         b3:c7:73:11:09:ba:ce:07:a8:cb:5b:3a:fe:70:1c:2a:a8:db:
         8c:b2:61:4d:a6:82:64:5e:5f:fd:a9:18:0c:9d:86:a4:1b:21:
         45:f4:5f:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FN//1HIdDH8vQo7dL5m0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMzBjZDhlMTNjODZkOGVmODM1YzFhYWM3ZDVmOTUzNDU1
YzAzNWMwHhcNMjYwMTAyMTQyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjUzMmU2MzZiY2JhN2VhZDMxZTI4ODZkN2RlYmNlMDdiMzQzOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jLRsFUWJvQBa7GcuA/2gK1BfX2a
qUsBDJUtf/vWUKVsWFHr0K6rl/vEmPgoifWAgdhJpGcdT5w4DA+F3U9FOzwJJm+4
AGejqYl2n4Vn+lr1qcGD9xpsVY3Z82Jc214ELltXe/XFXsy90+qBkbdZpZaoMwV8
OLS5WBq8A5UcxPXPPiruHo2xz0kISihkXUJexuN1gUfSMnfjBHkq4yauMI04YQW3
JiueDLA3gjjd3mGtRn7vscTXJxS7FshGF7yIiRg2xjofI6ZDxMYZ91L3ofgChpPA
vvlszN5nw55UNR0MCXpW6ne7U2QikSrC/Y3m++jGxkWdongPKIP3AuZxRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJTLmNry6fq0x4ohtfevOB7NDm6MB8GA1UdIwQY
MBaAFBIwzY4TyG2O+DXBqsfV+VNFXANcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWpETmpoUEliWTc0TmNHcXg5WDVVMFZjQTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9kMWYzOTAtNGVjNS00YzQyLThlNTQt
MDFmYjQ2YTQzM2UxLzEvb2xNdVkydkxwLXJUSGlpRzE5Njg0SHMwT2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9kMWYzOTAtNGVjNS00YzQyLThlNTQtMDFmYjQ2YTQzM2Ux
LzEvRWpETmpoUEliWTc0TmNHcXg5WDVVMFZjQTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuViUMA0G
CSqGSIb3DQEBCwUAA4IBAQArnOxW9OlmhiLE5bl+6IatEpgX0rV4rzjy8y673oIB
KqvY9odg3/czNRMGirzkYXhEYD0wOj1E+sdOTMZwGJWMHK089AF83bQljTiDAtmn
1zd7b93nz13xkO4duPwi9VlqDZDiZRgSyThjsCbtuQqIjNYTt9aMGXjUsQIsKwTr
YCFVrWzs0Dr/Cyl4FHBTaVWPZqHWaobFh4K5LsspqevWN1X4QqQ+ajwbnP6h1lVx
en92z9iLDmBW77KlieD5O0njXNxo2k5fNeEBXU07jd1ak/4bDWiBkZyzx3MRCbrO
B6jLWzr+cBwqqNuMsmFNpoJkXl/9qRgMnYakGyFF9F9S
-----END CERTIFICATE-----