This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/72rogKEUs1fjFAjfM7Cy9UHe_kw.roa
File:                     72rogKEUs1fjFAjfM7Cy9UHe_kw.roa (raw, json)
Hash identifier:          Z8ZWpoeVc5I33UXwalFKXVV5S6etbriIYRPgHvGgfKI=
Subject key identifier:   EF:6A:E8:80:A1:14:B3:57:E3:14:08:DF:33:B0:B2:F5:41:DE:FE:4C
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       019B77C76D4BA33BF22496687EC062B6F50B
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/72rogKEUs1fjFAjfM7Cy9UHe_kw.roa
Signing time:             Thu 01 Jan 2026 04:18:36 +0000
ROA not before:           Thu 01 Jan 2026 04:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        212.116.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:6d:4b:a3:3b:f2:24:96:68:7e:c0:62:b6:f5:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jan  1 04:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef6ae880a114b357e31408df33b0b2f541defe4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:da:ae:24:cb:79:85:81:67:e9:fb:67:80:c5:
                    fd:69:44:a0:05:e2:f5:5c:f8:83:28:bf:78:29:b5:
                    ee:cd:a8:e6:91:c9:6d:b9:4b:8a:3b:4a:78:29:60:
                    03:59:49:1b:47:db:37:2c:3f:34:df:b6:4e:4a:82:
                    8b:e8:f1:0a:a0:e8:b8:28:0d:9b:8b:ad:21:1d:c8:
                    57:45:59:da:4f:0f:77:06:30:47:b6:6f:b3:f8:b1:
                    42:d4:73:e5:7f:07:0f:45:90:fb:65:5d:23:95:e6:
                    b4:11:51:50:b7:ac:a8:1e:14:fa:c5:c1:9e:34:27:
                    64:e5:91:6c:80:13:96:f6:d2:d5:80:62:a3:93:da:
                    05:47:97:3e:c4:a1:b0:54:b2:ff:38:dc:72:ed:00:
                    96:d7:71:cb:fc:c9:58:bb:4a:10:1c:ca:11:71:81:
                    27:fa:ef:51:c9:d4:f1:1d:31:ba:af:df:4b:5f:66:
                    c5:6c:01:8b:f4:eb:90:bc:20:cd:36:5c:0c:1e:30:
                    ed:ae:42:c4:8f:c1:2e:06:ac:5b:bd:79:e4:aa:76:
                    36:63:82:4a:21:4b:59:8a:a6:53:a2:44:ee:1d:f9:
                    c8:a2:3c:83:64:72:08:c7:33:e3:9a:1c:1e:90:4e:
                    6a:55:ba:f4:e5:93:04:17:70:fa:c5:6b:79:4a:51:
                    07:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:6A:E8:80:A1:14:B3:57:E3:14:08:DF:33:B0:B2:F5:41:DE:FE:4C
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/72rogKEUs1fjFAjfM7Cy9UHe_kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:e2:b5:46:f4:25:e2:13:cd:f7:32:9a:24:9b:22:3f:0e:7f:
         1c:a5:0d:4d:e0:96:07:ac:63:b5:9a:dd:d2:96:48:21:ca:18:
         e2:eb:eb:55:83:c7:2d:c4:0b:4f:a4:70:65:b9:ac:d8:7f:ff:
         f4:67:61:2e:b4:e2:80:3a:03:c2:2a:d1:ab:fe:fb:b2:7f:18:
         8a:8c:be:eb:80:c7:65:f2:cb:1a:29:f8:0c:5d:27:f7:89:44:
         99:5f:d9:90:48:e5:42:7e:4f:56:de:69:c1:52:ee:4b:30:d1:
         df:71:57:17:63:80:bf:6d:d6:9e:51:a8:49:d6:c1:d7:27:df:
         7c:f2:d5:39:13:8e:e4:55:ae:c5:78:7f:c9:a4:fb:a7:fa:6d:
         55:d2:d9:1a:99:6b:d5:b9:de:a1:dd:37:9f:bb:24:de:f1:d8:
         df:2a:61:1c:51:8a:23:be:5f:50:4a:c2:6a:92:4c:3b:1d:2b:
         21:5b:6e:1e:42:bc:cf:7f:fd:8a:7e:0e:1a:9b:20:64:b4:80:
         b3:46:f2:6c:99:5d:48:6a:87:6c:fa:24:3f:e5:a7:f2:9f:f7:
         cb:a0:26:82:6f:3a:b4:ef:65:8e:3d:89:d5:08:2a:a1:a3:20:
         ce:bb:a3:aa:07:77:ef:c2:d9:ea:b1:92:32:d3:fa:54:30:74:
         e1:d2:29:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x21LozvyJJZofsBitvULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjYwMTAxMDQxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjZhZTg4MGExMTRiMzU3ZTMxNDA4ZGYzM2IwYjJmNTQxZGVmZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49quJMt5hYFn6ftngMX9aUSgBeL1
XPiDKL94KbXuzajmkcltuUuKO0p4KWADWUkbR9s3LD8037ZOSoKL6PEKoOi4KA2b
i60hHchXRVnaTw93BjBHtm+z+LFC1HPlfwcPRZD7ZV0jlea0EVFQt6yoHhT6xcGe
NCdk5ZFsgBOW9tLVgGKjk9oFR5c+xKGwVLL/ONxy7QCW13HL/MlYu0oQHMoRcYEn
+u9RydTxHTG6r99LX2bFbAGL9OuQvCDNNlwMHjDtrkLEj8EuBqxbvXnkqnY2Y4JK
IUtZiqZTokTuHfnIojyDZHIIxzPjmhwekE5qVbr05ZMEF3D6xWt5SlEHqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9q6IChFLNX4xQI3zOwsvVB3v5MMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvNzJyb2dLRVVzMWZqRkFqZk03Q3k5VUhlX2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HT8MA0G
CSqGSIb3DQEBCwUAA4IBAQCh4rVG9CXiE833MpokmyI/Dn8cpQ1N4JYHrGO1mt3S
lkghyhji6+tVg8ctxAtPpHBluazYf//0Z2EutOKAOgPCKtGr/vuyfxiKjL7rgMdl
8ssaKfgMXSf3iUSZX9mQSOVCfk9W3mnBUu5LMNHfcVcXY4C/bdaeUahJ1sHXJ998
8tU5E47kVa7FeH/JpPun+m1V0tkamWvVud6h3TefuyTe8djfKmEcUYojvl9QSsJq
kkw7HSshW24eQrzPf/2Kfg4amyBktICzRvJsmV1Iaods+iQ/5afyn/fLoCaCbzq0
72WOPYnVCCqhoyDOu6OqB3fvwtnqsZIy0/pUMHTh0ikR
-----END CERTIFICATE-----