This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/O8L6GJjsOxouXriRSrx-1jWIvR8.roa
File:                     O8L6GJjsOxouXriRSrx-1jWIvR8.roa (raw, json)
Hash identifier:          iGlNfMhFFvaOTektfwoF+pcR0Q1kGTaiLqGwrkaCz88=
Subject key identifier:   3B:C2:FA:18:98:EC:3B:1A:2E:5E:B8:91:4A:BC:7E:D6:35:88:BD:1F
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019B7F15914828FE2E7F4555A75B92174527
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/O8L6GJjsOxouXriRSrx-1jWIvR8.roa
Signing time:             Fri 02 Jan 2026 14:21:18 +0000
ROA not before:           Fri 02 Jan 2026 14:21:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1267
IP address blocks:        2.21.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 07:45:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:91:48:28:fe:2e:7f:45:55:a7:5b:92:17:45:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 14:21:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bc2fa1898ec3b1a2e5eb8914abc7ed63588bd1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:62:39:cb:14:ae:1f:91:aa:b6:ca:f3:0a:
                    b9:aa:ce:a7:d3:84:a6:59:db:2b:41:b6:bb:d5:7a:
                    68:33:71:b1:58:70:3e:3d:11:ef:e0:ff:46:16:00:
                    fa:fa:39:97:9f:45:32:81:4d:d3:db:9a:21:13:ff:
                    c3:9a:cb:2f:b6:f6:a0:60:d6:50:04:d3:d4:8d:f9:
                    7a:ab:27:49:16:76:84:81:a8:11:57:cd:30:ff:c9:
                    1d:32:b8:ed:6e:54:7d:4f:49:32:d4:c8:ab:21:0e:
                    2a:ad:51:2f:8d:fd:12:4a:91:f8:53:0b:5f:4b:ac:
                    8f:8e:49:23:d9:e5:9a:2e:1c:56:d6:73:eb:b9:72:
                    66:c1:fb:70:ab:16:b7:c8:f9:b9:2f:f0:6d:50:72:
                    ac:d1:da:c7:83:75:a8:3c:a5:8a:fc:5c:d1:0f:37:
                    15:ed:4d:a2:af:5f:19:6e:71:f3:a5:d7:1e:02:d8:
                    6c:53:9a:a2:14:d6:1a:d8:6f:d5:7d:50:12:d2:ed:
                    9b:b5:de:09:8b:01:7e:b8:c3:ce:ed:b9:4b:a9:e6:
                    8b:d5:a0:d0:e7:3c:9a:6c:9e:82:bc:c8:b6:c9:d2:
                    21:f5:29:44:ca:cb:f8:81:ad:48:27:22:25:15:2a:
                    28:fb:fe:cc:65:d1:85:cf:a2:01:e6:f5:02:10:7d:
                    44:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C2:FA:18:98:EC:3B:1A:2E:5E:B8:91:4A:BC:7E:D6:35:88:BD:1F
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/O8L6GJjsOxouXriRSrx-1jWIvR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.21.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:3d:94:e0:a6:c8:4b:cd:05:47:e3:4d:33:3c:d0:26:a2:8a:
         e4:01:a0:80:82:e7:98:4c:3a:96:e7:89:82:e0:d8:a7:3a:a9:
         9f:8c:32:cc:c3:26:44:45:80:a8:11:30:64:3e:9a:fb:cb:de:
         bb:16:a2:1a:86:3a:5b:c4:88:f5:67:16:76:5d:77:73:ef:c9:
         2c:46:a4:79:a8:b9:73:37:d7:78:70:a8:2e:27:52:1e:99:55:
         d1:00:6e:8d:9f:2f:4d:e0:91:b5:d7:25:48:b2:86:77:74:76:
         c3:91:26:68:af:04:01:1a:7b:f0:e4:ec:69:b3:ca:86:cc:c3:
         93:19:91:0e:16:b6:1e:f6:37:c6:82:9c:c1:36:5d:01:62:98:
         ed:ec:fc:11:11:c6:8c:e9:80:89:e3:50:1a:70:6d:0c:ec:ab:
         86:e4:1a:cd:6b:53:fd:3c:bd:92:b8:2d:b8:d0:5d:7c:a3:33:
         22:4a:2e:e3:f5:41:79:75:89:1e:56:89:e5:aa:07:8d:89:bd:
         51:0c:76:29:5d:6c:6e:73:11:39:74:30:c0:cf:c2:68:06:c4:
         52:34:60:10:9c:a6:fe:70:f8:77:bb:d4:2c:f0:d4:79:ac:8d:
         cd:e0:b9:e2:a8:34:9c:65:19:d1:19:0b:5a:78:7a:d1:40:85:
         1a:c1:a4:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FZFIKP4uf0VVp1uSF0UnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMTAyMTQyMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmMyZmExODk4ZWMzYjFhMmU1ZWI4OTE0YWJjN2VkNjM1ODhiZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdFiOcsUrh+RqrbK8wq5qs6n04Sm
WdsrQba71XpoM3GxWHA+PRHv4P9GFgD6+jmXn0UygU3T25ohE//DmssvtvagYNZQ
BNPUjfl6qydJFnaEgagRV80w/8kdMrjtblR9T0ky1MirIQ4qrVEvjf0SSpH4Uwtf
S6yPjkkj2eWaLhxW1nPruXJmwftwqxa3yPm5L/BtUHKs0drHg3WoPKWK/FzRDzcV
7U2ir18ZbnHzpdceAthsU5qiFNYa2G/VfVAS0u2btd4JiwF+uMPO7blLqeaL1aDQ
5zyabJ6CvMi2ydIh9SlEysv4ga1IJyIlFSoo+/7MZdGFz6IB5vUCEH1E0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvC+hiY7DsaLl64kUq8ftY1iL0fMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvTzhMNkdKanNPeG91WHJpUlNyeC0xaldJdlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhWkMA0G
CSqGSIb3DQEBCwUAA4IBAQB6PZTgpshLzQVH400zPNAmoorkAaCAgueYTDqW54mC
4NinOqmfjDLMwyZERYCoETBkPpr7y967FqIahjpbxIj1ZxZ2XXdz78ksRqR5qLlz
N9d4cKguJ1IemVXRAG6Nny9N4JG11yVIsoZ3dHbDkSZorwQBGnvw5Oxps8qGzMOT
GZEOFrYe9jfGgpzBNl0BYpjt7PwREcaM6YCJ41AacG0M7KuG5BrNa1P9PL2SuC24
0F18ozMiSi7j9UF5dYkeVonlqgeNib1RDHYpXWxucxE5dDDAz8JoBsRSNGAQnKb+
cPh3u9Qs8NR5rI3N4LniqDScZRnRGQtaeHrRQIUawaS2
-----END CERTIFICATE-----