This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OB85p2iqEDrI0sWgpRuKU263F6U.roa
File:                     OB85p2iqEDrI0sWgpRuKU263F6U.roa (raw, json)
Hash identifier:          Y0DZbVGoOWxrB/BBS7q4taYYoXdDGHQK8XIMvPRcYtI=
Subject key identifier:   38:1F:39:A7:68:AA:10:3A:C8:D2:C5:A0:A5:1B:8A:53:6E:B7:17:A5
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019B7C80A304843FA63928ACBD70D7485715
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OB85p2iqEDrI0sWgpRuKU263F6U.roa
Signing time:             Fri 02 Jan 2026 02:19:23 +0000
ROA not before:           Fri 02 Jan 2026 02:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47583
IP address blocks:        84.32.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a3:04:84:3f:a6:39:28:ac:bd:70:d7:48:57:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 02:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=381f39a768aa103ac8d2c5a0a51b8a536eb717a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d4:24:8c:d1:38:b9:9e:97:e9:29:12:b5:98:
                    ca:c5:20:9a:5f:40:1a:78:2b:2a:fc:92:78:f0:72:
                    62:cf:f9:a0:fb:64:9c:26:6b:04:48:18:2f:1b:64:
                    98:75:95:4b:c6:ae:b3:b5:3f:58:21:2d:f1:91:12:
                    0a:c4:67:4f:f4:b4:b4:7e:ac:f0:54:a4:01:2c:4d:
                    1c:d9:4b:57:e6:6c:65:63:64:6b:23:9a:4a:c2:88:
                    62:4b:a5:84:74:1e:fc:ec:d9:e3:0c:f5:73:eb:26:
                    38:aa:82:9f:dc:30:4f:ac:fb:3f:88:0e:95:eb:31:
                    8f:cb:58:07:40:42:9c:de:dd:e6:2b:32:7a:96:f6:
                    ca:80:27:5e:9a:db:3e:06:4d:a0:aa:12:76:01:52:
                    c2:0b:91:a0:cd:b5:54:74:06:7d:31:4b:c2:10:ca:
                    69:88:ff:86:cd:ae:9e:32:be:24:90:bd:c6:b7:54:
                    c5:4b:49:c6:c1:87:9b:ec:af:bd:4f:11:77:86:c4:
                    99:51:af:34:58:1d:ea:2f:17:c9:bc:bb:49:af:91:
                    bb:c1:3f:34:07:4b:0d:b6:40:2d:08:4f:c0:d4:62:
                    ed:cd:0e:72:ed:ed:17:fb:db:ef:e5:ef:96:a5:77:
                    91:cd:32:38:ed:b1:fc:24:a0:80:26:b7:08:d3:62:
                    98:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:1F:39:A7:68:AA:10:3A:C8:D2:C5:A0:A5:1B:8A:53:6E:B7:17:A5
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OB85p2iqEDrI0sWgpRuKU263F6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:04:94:c3:d2:64:66:a4:48:25:7a:c6:a6:1f:71:24:d7:28:
         95:3f:94:2e:f1:62:8f:ba:2a:60:f9:f8:a0:49:77:8a:80:8e:
         72:ad:38:cf:a0:79:d5:7b:52:92:05:1f:d1:29:e1:a4:a6:cf:
         c7:f2:94:5a:7b:bb:b0:80:11:22:d6:f4:3d:99:55:7d:75:2c:
         07:c3:4d:23:da:94:5d:7d:47:c9:f2:aa:20:64:fe:4b:9b:b3:
         fe:db:fb:81:34:06:82:94:f0:1e:f6:a8:3c:04:80:ef:b8:ac:
         d1:31:50:ab:ac:1e:22:eb:b1:9c:62:42:1e:ec:6a:1d:96:ba:
         e9:34:d6:02:0b:06:2f:f6:18:da:de:2b:26:b5:40:39:22:b1:
         b9:71:4e:6a:92:18:39:5d:ae:49:e1:8c:db:f4:ac:47:cc:39:
         73:40:ed:cc:06:7a:b6:6c:03:1a:93:0a:7b:33:0a:60:e0:63:
         af:44:04:a8:b3:97:f4:aa:a5:3c:d4:b2:27:db:42:2b:74:74:
         a3:58:c6:3c:cf:6f:f4:2e:dc:2e:b3:b1:a0:ea:6a:87:2f:29:
         44:9d:51:26:8a:06:d4:eb:1d:a2:bf:1d:b2:51:29:a2:39:22:
         38:83:9b:df:ad:a7:9b:29:d0:de:e5:6e:21:e4:01:42:b9:b6:
         f3:2a:55:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKMEhD+mOSisvXDXSFcVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMTAyMDIxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODFmMzlhNzY4YWExMDNhYzhkMmM1YTBhNTFiOGE1MzZlYjcxN2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotQkjNE4uZ6X6SkStZjKxSCaX0Aa
eCsq/JJ48HJiz/mg+2ScJmsESBgvG2SYdZVLxq6ztT9YIS3xkRIKxGdP9LS0fqzw
VKQBLE0c2UtX5mxlY2RrI5pKwohiS6WEdB787NnjDPVz6yY4qoKf3DBPrPs/iA6V
6zGPy1gHQEKc3t3mKzJ6lvbKgCdemts+Bk2gqhJ2AVLCC5GgzbVUdAZ9MUvCEMpp
iP+Gza6eMr4kkL3Gt1TFS0nGwYeb7K+9TxF3hsSZUa80WB3qLxfJvLtJr5G7wT80
B0sNtkAtCE/A1GLtzQ5y7e0X+9vv5e+WpXeRzTI47bH8JKCAJrcI02KY2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgfOadoqhA6yNLFoKUbilNutxelMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvT0I4NXAyaXFFRHJJMHNXZ3BSdUtVMjYzRjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBUMA0G
CSqGSIb3DQEBCwUAA4IBAQBOBJTD0mRmpEglesamH3Ek1yiVP5Qu8WKPuipg+fig
SXeKgI5yrTjPoHnVe1KSBR/RKeGkps/H8pRae7uwgBEi1vQ9mVV9dSwHw00j2pRd
fUfJ8qogZP5Lm7P+2/uBNAaClPAe9qg8BIDvuKzRMVCrrB4i67GcYkIe7Godlrrp
NNYCCwYv9hja3ismtUA5IrG5cU5qkhg5Xa5J4Yzb9KxHzDlzQO3MBnq2bAMakwp7
Mwpg4GOvRASos5f0qqU81LIn20IrdHSjWMY8z2/0Ltwus7Gg6mqHLylEnVEmigbU
6x2ivx2yUSmiOSI4g5vfraebKdDe5W4h5AFCubbzKlVv
-----END CERTIFICATE-----