This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/Ogeb0NIuZiUzdbJ2L0IQMwR8aKE.roa
File:                     Ogeb0NIuZiUzdbJ2L0IQMwR8aKE.roa (raw, json)
Hash identifier:          pgk407tpVqJOpRBfZ29H20iPf3oWY6NCHEs/wV2vLyg=
Subject key identifier:   3A:07:9B:D0:D2:2E:66:25:33:75:B2:76:2F:42:10:33:04:7C:68:A1
Certificate issuer:       /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial:       019B77C666E364A62E1E40444D7C0DC8209E
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/Ogeb0NIuZiUzdbJ2L0IQMwR8aKE.roa
Signing time:             Thu 01 Jan 2026 04:17:29 +0000
ROA not before:           Thu 01 Jan 2026 04:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42651
IP address blocks:        45.88.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:66:e3:64:a6:2e:1e:40:44:4d:7c:0d:c8:20:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
        Validity
            Not Before: Jan  1 04:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a079bd0d22e66253375b2762f421033047c68a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:26:c3:2c:99:eb:3d:f3:79:54:38:7d:70:0b:
                    97:6f:04:a4:e3:ce:88:61:f7:df:13:d4:19:5d:37:
                    59:f3:29:87:30:75:8f:df:1e:12:b0:8e:f6:88:be:
                    97:25:b5:70:84:dd:31:d8:22:c2:81:c8:ac:ce:ba:
                    00:39:c3:1c:84:6c:af:49:93:1e:50:25:08:3f:fd:
                    e0:13:a8:a3:15:73:21:1e:1e:06:e0:c1:f7:80:5f:
                    c4:5b:8a:00:83:69:85:73:58:19:6f:28:11:04:54:
                    b9:fe:83:67:f0:72:18:84:6c:56:d9:5b:92:e9:fa:
                    79:d3:35:95:8a:41:00:03:7a:a6:10:0f:f0:b1:61:
                    b3:45:8a:83:d8:87:00:6e:4b:e0:76:8d:ad:c7:39:
                    99:50:fb:0c:1f:66:94:94:87:7d:71:92:74:df:c4:
                    c9:7e:c3:e8:d8:95:e0:3f:1b:86:93:c0:ad:79:9d:
                    67:d6:94:fc:82:3f:bc:a1:0f:77:a5:7b:c7:12:f0:
                    cd:20:0f:f2:2c:84:3c:48:d7:ea:2c:d3:ad:2e:3e:
                    01:81:79:10:c2:e1:9b:69:43:94:8c:e2:5d:94:ef:
                    2b:dc:55:67:95:fe:15:a1:6f:e4:a6:7c:d2:da:26:
                    86:99:86:88:38:5e:11:f0:dc:d5:24:e8:f6:75:16:
                    8a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:07:9B:D0:D2:2E:66:25:33:75:B2:76:2F:42:10:33:04:7C:68:A1
            X509v3 Authority Key Identifier:
                keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/Ogeb0NIuZiUzdbJ2L0IQMwR8aKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:98:a6:b0:66:b4:94:6d:9b:ac:21:94:e9:55:fa:b1:a7:3b:
         60:20:b9:73:24:13:27:7e:3f:ed:d8:76:33:3c:63:15:ad:dd:
         98:c9:ce:ba:f8:ba:8f:26:ea:13:de:e7:b8:3f:1a:59:4e:3b:
         63:58:e0:f3:97:38:70:c9:32:0d:25:d3:e8:2d:a6:e1:ce:1c:
         8c:c6:87:f0:83:11:d1:a2:a6:76:42:30:bc:04:2d:bf:5c:8c:
         09:f5:ef:6c:12:3e:b9:92:aa:46:26:ea:80:e6:3e:87:1c:1f:
         0e:0d:c9:31:d5:57:15:c6:ad:b7:85:07:87:67:0f:b4:17:78:
         73:aa:2c:00:34:62:4c:35:71:5b:eb:9d:77:cd:20:ba:80:f4:
         a7:ee:22:02:f7:ae:f9:15:9a:3c:ea:07:bf:d3:a8:88:8a:2f:
         d7:8f:c6:a4:d6:b8:ef:c6:1d:3b:cd:a5:d3:7b:d6:1a:47:aa:
         54:a4:57:f2:58:bf:53:1e:77:03:54:86:c3:82:5d:0e:7e:62:
         69:94:61:50:9b:a5:d3:87:b4:8a:f7:3d:a5:79:71:f4:1b:e6:
         0a:a1:8b:78:20:b2:a9:fb:8c:b8:65:e1:46:f5:5a:8c:c3:0a:
         bf:59:28:3f:32:a3:ec:0c:1e:24:07:02:46:d1:3d:ad:f6:c8:
         80:bc:18:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xmbjZKYuHkBETXwNyCCeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjYwMTAxMDQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTA3OWJkMGQyMmU2NjI1MzM3NWIyNzYyZjQyMTAzMzA0N2M2OGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjybDLJnrPfN5VDh9cAuXbwSk486I
YfffE9QZXTdZ8ymHMHWP3x4SsI72iL6XJbVwhN0x2CLCgciszroAOcMchGyvSZMe
UCUIP/3gE6ijFXMhHh4G4MH3gF/EW4oAg2mFc1gZbygRBFS5/oNn8HIYhGxW2VuS
6fp50zWVikEAA3qmEA/wsWGzRYqD2IcAbkvgdo2txzmZUPsMH2aUlId9cZJ038TJ
fsPo2JXgPxuGk8CteZ1n1pT8gj+8oQ93pXvHEvDNIA/yLIQ8SNfqLNOtLj4BgXkQ
wuGbaUOUjOJdlO8r3FVnlf4VoW/kpnzS2iaGmYaIOF4R8NzVJOj2dRaK5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoHm9DSLmYlM3Wydi9CEDMEfGihMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvT2dlYjBOSXVaaVV6ZGJKMkwwSVFNd1I4YUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVjLMA0G
CSqGSIb3DQEBCwUAA4IBAQCymKawZrSUbZusIZTpVfqxpztgILlzJBMnfj/t2HYz
PGMVrd2Yyc66+LqPJuoT3ue4PxpZTjtjWODzlzhwyTINJdPoLabhzhyMxofwgxHR
oqZ2QjC8BC2/XIwJ9e9sEj65kqpGJuqA5j6HHB8ODckx1VcVxq23hQeHZw+0F3hz
qiwANGJMNXFb6513zSC6gPSn7iIC9675FZo86ge/06iIii/Xj8ak1rjvxh07zaXT
e9YaR6pUpFfyWL9THncDVIbDgl0OfmJplGFQm6XTh7SK9z2leXH0G+YKoYt4ILKp
+4y4ZeFG9VqMwwq/WSg/MqPsDB4kBwJG0T2t9siAvBgV
-----END CERTIFICATE-----