This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/OJDcnZKMbzW_ndCn_Y8xeVCn05o.roa
File:                     OJDcnZKMbzW_ndCn_Y8xeVCn05o.roa (raw, json)
Hash identifier:          soAxA3YCjbh3KJriK0iGluXyH4QMgs1fmaVz0A3jO4Q=
Subject key identifier:   38:90:DC:9D:92:8C:6F:35:BF:9D:D0:A7:FD:8F:31:79:50:A7:D3:9A
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019B7758B0C93CC6954F0620CF0EF5E393F5
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/OJDcnZKMbzW_ndCn_Y8xeVCn05o.roa
Signing time:             Thu 01 Jan 2026 02:17:39 +0000
ROA not before:           Thu 01 Jan 2026 02:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60446
IP address blocks:        185.254.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:b0:c9:3c:c6:95:4f:06:20:cf:0e:f5:e3:93:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 02:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3890dc9d928c6f35bf9dd0a7fd8f317950a7d39a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cd:44:60:54:7a:24:e6:83:1b:6f:38:91:5d:
                    76:2c:76:b6:52:8b:13:f2:99:1f:03:31:02:e3:32:
                    b7:aa:40:a5:37:41:5e:9d:f2:be:79:8e:aa:37:12:
                    b7:a6:1c:bb:86:0a:72:0e:f4:80:11:13:da:6f:ec:
                    f2:5c:10:0a:19:a6:0e:81:39:f9:71:d7:7e:4b:b3:
                    79:09:a5:2c:35:20:58:18:38:42:8a:0c:2f:c9:fd:
                    a7:06:3f:69:e5:3b:dc:de:cd:eb:77:dc:6e:a1:af:
                    8c:cb:c4:2c:48:17:ce:52:5d:65:66:05:a0:72:da:
                    00:89:2e:ec:bc:ec:4a:d1:85:fa:d9:af:36:ac:07:
                    9b:9c:e6:c9:be:7e:08:4a:e3:25:97:25:18:b4:0d:
                    60:89:1f:13:00:2d:a5:26:52:f9:7e:66:33:7a:4b:
                    22:e7:e1:8a:48:79:f2:9a:3b:06:47:83:47:81:86:
                    45:69:4c:d0:18:ab:68:10:95:0b:b6:e6:82:68:50:
                    db:31:b3:99:a9:11:fa:b4:4b:7d:77:bb:d6:28:30:
                    02:02:d8:e4:8d:c5:86:f7:96:81:24:d0:01:d0:86:
                    fe:bc:5e:d6:f4:be:04:dd:46:80:bc:d8:cf:01:b9:
                    34:60:88:ab:f2:b8:46:79:d4:56:46:db:90:56:b7:
                    12:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:90:DC:9D:92:8C:6F:35:BF:9D:D0:A7:FD:8F:31:79:50:A7:D3:9A
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/OJDcnZKMbzW_ndCn_Y8xeVCn05o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:18:c0:c2:dd:1a:3f:dd:47:16:72:ed:93:d9:35:6c:b9:87:
         94:ce:71:85:1c:eb:63:92:90:3f:9d:dd:9a:c4:67:5a:e7:7e:
         40:95:6b:6f:18:34:45:a1:42:6d:03:6c:63:39:be:66:b8:e0:
         fa:4e:b0:02:84:ea:6f:b7:b4:22:32:1d:d1:9f:50:77:cd:31:
         9f:dc:74:5c:23:75:15:c3:eb:ee:2d:07:d6:b3:a1:b6:ab:3e:
         d6:3f:c1:97:e3:36:8c:a2:14:10:eb:30:94:38:6a:05:08:91:
         e6:f8:da:23:2b:73:b3:89:37:0c:23:9a:c6:bd:bf:c3:46:a4:
         ed:19:d1:c3:69:8e:63:47:08:7d:a9:6b:26:1b:11:68:8e:9b:
         58:6d:ab:73:3a:55:e1:64:03:17:da:ed:16:8c:1e:3a:67:dd:
         86:c4:21:fd:54:d4:58:36:58:b5:9f:ee:19:11:cc:e1:01:37:
         0a:a5:ce:11:2a:75:46:18:87:21:92:40:43:7c:31:55:ec:6d:
         f4:d4:ab:e8:f3:fc:41:2c:5c:4e:7c:f6:a6:5e:a1:4e:bd:24:
         89:48:0a:89:f0:a4:74:78:6b:8b:cc:71:04:86:9a:e0:25:18:
         17:eb:17:d4:8f:fb:38:d5:cb:59:8c:00:a1:a8:16:17:02:af:
         4a:91:53:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WLDJPMaVTwYgzw7145P1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMTAxMDIxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODkwZGM5ZDkyOGM2ZjM1YmY5ZGQwYTdmZDhmMzE3OTUwYTdkMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts1EYFR6JOaDG284kV12LHa2UosT
8pkfAzEC4zK3qkClN0FenfK+eY6qNxK3phy7hgpyDvSAERPab+zyXBAKGaYOgTn5
cdd+S7N5CaUsNSBYGDhCigwvyf2nBj9p5Tvc3s3rd9xuoa+My8QsSBfOUl1lZgWg
ctoAiS7svOxK0YX62a82rAebnObJvn4ISuMllyUYtA1giR8TAC2lJlL5fmYzeksi
5+GKSHnymjsGR4NHgYZFaUzQGKtoEJULtuaCaFDbMbOZqRH6tEt9d7vWKDACAtjk
jcWG95aBJNAB0Ib+vF7W9L4E3UaAvNjPAbk0YIir8rhGedRWRtuQVrcStQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiQ3J2SjG81v53Qp/2PMXlQp9OaMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvT0pEY25aS01ieldfbmRDbl9ZOHhlVkNuMDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf4eMA0G
CSqGSIb3DQEBCwUAA4IBAQB0GMDC3Ro/3UcWcu2T2TVsuYeUznGFHOtjkpA/nd2a
xGda535AlWtvGDRFoUJtA2xjOb5muOD6TrAChOpvt7QiMh3Rn1B3zTGf3HRcI3UV
w+vuLQfWs6G2qz7WP8GX4zaMohQQ6zCUOGoFCJHm+NojK3OziTcMI5rGvb/DRqTt
GdHDaY5jRwh9qWsmGxFojptYbatzOlXhZAMX2u0WjB46Z92GxCH9VNRYNli1n+4Z
EczhATcKpc4RKnVGGIchkkBDfDFV7G301Kvo8/xBLFxOfPamXqFOvSSJSAqJ8KR0
eGuLzHEEhprgJRgX6xfUj/s41ctZjAChqBYXAq9KkVPV
-----END CERTIFICATE-----