This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/og_3NkCcBQ0oU8RRrSWYxb27Fds.roa
File:                     og_3NkCcBQ0oU8RRrSWYxb27Fds.roa (raw, json)
Hash identifier:          wOJ++TjkHyH6m97Cjc42HJh2+OZY1t57lzlz/LkoCjA=
Subject key identifier:   A2:0F:F7:36:40:9C:05:0D:28:53:C4:51:AD:25:98:C5:BD:BB:15:DB
Certificate issuer:       /CN=388e962840cd3168dd2ea396fe68127628aeac27
Certificate serial:       019B7BA544DCAE26A58BC30F18371677E040
Authority key identifier: 38:8E:96:28:40:CD:31:68:DD:2E:A3:96:FE:68:12:76:28:AE:AC:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OI6WKEDNMWjdLqOW_mgSdiiurCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/og_3NkCcBQ0oU8RRrSWYxb27Fds.roa
Signing time:             Thu 01 Jan 2026 22:19:47 +0000
ROA not before:           Thu 01 Jan 2026 22:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.144.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/OI6WKEDNMWjdLqOW_mgSdiiurCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/OI6WKEDNMWjdLqOW_mgSdiiurCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OI6WKEDNMWjdLqOW_mgSdiiurCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 13:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:44:dc:ae:26:a5:8b:c3:0f:18:37:16:77:e0:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=388e962840cd3168dd2ea396fe68127628aeac27
        Validity
            Not Before: Jan  1 22:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a20ff736409c050d2853c451ad2598c5bdbb15db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:74:85:b9:25:80:0b:89:39:14:39:82:d2:e4:
                    37:9f:c9:9b:da:10:e2:f5:1b:9e:cf:86:41:16:90:
                    27:ec:54:20:4a:7b:bb:fb:31:df:5e:cf:04:81:a0:
                    25:20:4b:a8:4d:c0:10:64:ba:b4:8e:c9:8c:11:3e:
                    9f:75:46:1c:d7:97:48:a5:9b:ec:0d:65:e8:f6:d3:
                    a4:23:6f:df:33:a1:7b:6f:5c:42:1a:47:ef:67:3f:
                    ac:31:87:ec:c9:23:c8:b3:a7:dc:74:1a:5f:5f:73:
                    51:f8:83:8b:c1:08:d6:3a:fe:fd:e4:b0:a5:cb:3c:
                    b7:30:cf:a3:8d:bf:e3:3a:11:b2:a7:2a:4d:5b:2d:
                    90:2b:17:f6:f3:22:ea:27:48:a9:ea:74:c5:df:e8:
                    27:c5:54:11:dd:64:06:04:eb:ba:14:31:5d:9b:c4:
                    91:99:87:01:f8:89:76:4c:76:7f:b4:be:22:23:12:
                    c3:25:e8:d5:88:c0:36:23:7f:be:1c:2c:6d:13:ca:
                    10:24:cd:08:f2:e2:fc:59:fb:fc:d8:2c:55:53:28:
                    bd:d9:a2:b1:32:04:79:38:d3:97:09:fc:cc:40:7e:
                    32:78:75:78:41:b4:34:95:6f:b5:02:f9:32:58:8c:
                    aa:f2:83:ec:27:cd:50:ca:25:56:f0:8b:82:95:74:
                    27:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0F:F7:36:40:9C:05:0D:28:53:C4:51:AD:25:98:C5:BD:BB:15:DB
            X509v3 Authority Key Identifier:
                keyid:38:8E:96:28:40:CD:31:68:DD:2E:A3:96:FE:68:12:76:28:AE:AC:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OI6WKEDNMWjdLqOW_mgSdiiurCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/og_3NkCcBQ0oU8RRrSWYxb27Fds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/OI6WKEDNMWjdLqOW_mgSdiiurCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:45:fe:99:32:b8:90:45:78:df:06:3b:c0:ac:22:37:b0:ef:
         37:0f:c6:77:24:5b:0b:1d:8b:51:ae:e4:81:c7:ac:5d:ae:90:
         6e:a7:f3:b2:ed:8d:ac:4b:49:5e:50:df:7a:c8:b9:07:99:54:
         12:b5:b5:28:2d:8f:62:74:d8:b0:3c:e4:73:f2:bb:d1:5e:cf:
         78:3f:99:97:5f:9e:c3:84:92:5a:eb:19:8b:cc:26:1e:fb:da:
         3e:d2:c9:c7:b0:0b:23:71:d4:ba:8f:35:e2:68:ae:eb:6a:97:
         42:6e:a1:2f:06:81:78:9d:94:66:82:a3:1c:43:25:1f:b7:74:
         ca:e0:ec:7d:05:c3:94:6d:b0:87:80:54:ea:04:9d:ec:6b:66:
         f3:6a:35:f7:1a:62:9a:8b:59:0f:47:4c:0d:dd:bf:13:bd:4e:
         7e:35:d0:35:98:1d:93:e3:25:ca:33:df:2e:e0:4a:93:0f:ce:
         5e:a0:f0:4e:91:6a:d6:e4:33:3b:73:e4:1c:29:ae:60:94:8f:
         07:5e:66:37:74:41:cf:66:51:b7:ec:e0:35:2d:1b:21:65:d3:
         0f:31:4f:0e:8d:7c:a6:2b:52:6a:16:28:04:ce:cc:89:c1:fb:
         a7:d0:ff:8c:a8:7f:cd:4d:c5:8d:a9:d3:2e:45:c8:49:3e:83:
         bf:70:45:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUTcriali8MPGDcWd+BAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OGU5NjI4NDBjZDMxNjhkZDJlYTM5NmZlNjgxMjc2Mjhh
ZWFjMjcwHhcNMjYwMTAxMjIxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBmZjczNjQwOWMwNTBkMjg1M2M0NTFhZDI1OThjNWJkYmIxNWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnSFuSWAC4k5FDmC0uQ3n8mb2hDi
9Ruez4ZBFpAn7FQgSnu7+zHfXs8EgaAlIEuoTcAQZLq0jsmMET6fdUYc15dIpZvs
DWXo9tOkI2/fM6F7b1xCGkfvZz+sMYfsySPIs6fcdBpfX3NR+IOLwQjWOv795LCl
yzy3MM+jjb/jOhGypypNWy2QKxf28yLqJ0ip6nTF3+gnxVQR3WQGBOu6FDFdm8SR
mYcB+Il2THZ/tL4iIxLDJejViMA2I3++HCxtE8oQJM0I8uL8Wfv82CxVUyi92aKx
MgR5ONOXCfzMQH4yeHV4QbQ0lW+1AvkyWIyq8oPsJ81QyiVW8IuClXQnLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIP9zZAnAUNKFPEUa0lmMW9uxXbMB8GA1UdIwQY
MBaAFDiOlihAzTFo3S6jlv5oEnYorqwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0k2V0tFRE5NV2pkTHFPV19tZ1NkaWl1ckNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81NWVhM2UtZDdlMi00MzBjLWFmOGEt
YzMyMTg0MGMxZmFhLzEvb2dfM05rQ2NCUTBvVThSUnJTV1l4YjI3RmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81NWVhM2UtZDdlMi00MzBjLWFmOGEtYzMyMTg0MGMxZmFh
LzEvT0k2V0tFRE5NV2pkTHFPV19tZ1NkaWl1ckNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZDwMA0G
CSqGSIb3DQEBCwUAA4IBAQBdRf6ZMriQRXjfBjvArCI3sO83D8Z3JFsLHYtRruSB
x6xdrpBup/Oy7Y2sS0leUN96yLkHmVQStbUoLY9idNiwPORz8rvRXs94P5mXX57D
hJJa6xmLzCYe+9o+0snHsAsjcdS6jzXiaK7rapdCbqEvBoF4nZRmgqMcQyUft3TK
4Ox9BcOUbbCHgFTqBJ3sa2bzajX3GmKai1kPR0wN3b8TvU5+NdA1mB2T4yXKM98u
4EqTD85eoPBOkWrW5DM7c+QcKa5glI8HXmY3dEHPZlG37OA1LRshZdMPMU8OjXym
K1JqFigEzsyJwfun0P+MqH/NTcWNqdMuRchJPoO/cEVy
-----END CERTIFICATE-----