This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/Osq7NSls-V_WRlR-W1mJHM_V258.roa
File:                     Osq7NSls-V_WRlR-W1mJHM_V258.roa (raw, json)
Hash identifier:          HWPLwgiyrG1kWVohZBZUZ7KBJwPuiTXg/nt8CEnDueU=
Subject key identifier:   3A:CA:BB:35:29:6C:F9:5F:D6:46:54:7E:5B:59:89:1C:CF:D5:DB:9F
Certificate issuer:       /CN=970ebd0469a5c69c1098971caab36fe032ece311
Certificate serial:       019B7A5B7DE5EF099BB5278DD1A6A312511F
Authority key identifier: 97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/Osq7NSls-V_WRlR-W1mJHM_V258.roa
Signing time:             Thu 01 Jan 2026 16:19:34 +0000
ROA not before:           Thu 01 Jan 2026 16:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1213
IP address blocks:        149.157.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:7d:e5:ef:09:9b:b5:27:8d:d1:a6:a3:12:51:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=970ebd0469a5c69c1098971caab36fe032ece311
        Validity
            Not Before: Jan  1 16:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3acabb35296cf95fd646547e5b59891ccfd5db9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:35:90:e6:19:08:53:74:ab:6a:22:30:69:fc:
                    0c:ce:39:27:a1:49:50:de:f0:79:cb:f4:ff:c5:ab:
                    31:a7:a0:23:26:75:fc:4a:f2:1e:17:b5:69:3d:20:
                    5e:5c:2a:e2:bd:5a:fd:aa:c9:fb:9c:5d:c7:3c:6d:
                    dd:fa:82:98:96:7c:fe:43:de:a9:6e:58:88:55:7a:
                    af:54:1a:0c:9d:90:0d:d4:c4:73:83:cd:ff:65:b7:
                    69:0c:80:7d:ba:3a:b9:5c:da:d7:23:c3:0d:03:51:
                    4e:f0:48:e0:db:61:ca:e5:18:31:2b:06:23:21:94:
                    7a:df:a7:13:49:4d:99:19:26:29:67:32:2d:4a:c1:
                    c9:99:5d:c8:68:c4:6f:02:cb:b6:ae:4e:ec:71:f3:
                    08:c7:a3:4b:c2:44:4d:9e:1c:ef:b0:a8:28:5b:bb:
                    a2:0c:fd:ac:4e:1a:7e:fd:73:f5:00:6b:27:9e:df:
                    bc:ff:27:5f:88:11:31:fd:0f:f4:e5:f2:dc:8f:0f:
                    85:7d:f7:e4:0b:ad:ac:ae:29:e5:c5:b1:1f:3a:8b:
                    d9:4d:56:30:3c:ff:ce:20:e2:1e:53:24:da:f6:11:
                    53:f1:b8:af:c9:8e:3c:85:70:0c:d2:23:a2:f8:49:
                    53:58:c6:71:52:ec:3e:71:98:75:92:3a:31:ec:e6:
                    d1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:CA:BB:35:29:6C:F9:5F:D6:46:54:7E:5B:59:89:1C:CF:D5:DB:9F
            X509v3 Authority Key Identifier:
                keyid:97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/Osq7NSls-V_WRlR-W1mJHM_V258.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b4:8c:fa:ba:b3:90:79:7f:ec:11:90:e0:ec:1e:07:60:ed:79:
         6d:d0:bc:d4:d3:11:e1:f0:e6:ea:7a:83:6e:46:b1:af:8b:36:
         4f:17:d5:7a:0d:c3:83:3e:1c:89:4f:8a:d3:da:c1:2c:dc:b6:
         02:e1:5e:da:d9:99:73:fe:ce:26:18:00:34:de:c4:2d:b0:cd:
         ef:7b:d8:d5:96:4c:d1:05:92:8c:f5:14:08:b8:62:95:e0:80:
         5e:35:31:43:5e:5a:5b:16:2e:d4:23:a6:f2:f2:47:56:51:62:
         58:91:7e:14:59:1b:da:29:03:7d:bc:cc:85:74:03:50:ae:1a:
         8f:70:07:d9:a4:1a:f4:f8:08:e2:67:ba:27:35:59:3d:f5:7c:
         1c:1f:a3:36:6b:53:c7:f9:27:04:b8:08:c2:20:d9:e0:eb:53:
         1c:85:ba:68:9f:6f:0c:3e:22:29:ec:34:78:f7:aa:a7:35:5c:
         66:8c:ca:70:3a:e0:b3:99:31:d5:54:c0:84:19:6c:00:5a:79:
         42:ff:5a:7d:f0:74:f5:71:dd:50:ce:d7:70:a4:0b:3f:44:05:
         c7:df:90:8d:b2:f4:d3:f1:bf:ab:bf:94:6f:3c:9b:8a:13:a5:
         d5:ea:95:8c:03:78:24:26:f5:c4:56:a1:27:ce:3a:57:6e:5d:
         03:16:18:e0
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt6W33l7wmbtSeN0aajElEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MGViZDA0NjlhNWM2OWMxMDk4OTcxY2FhYjM2ZmUwMzJl
Y2UzMTEwHhcNMjYwMTAxMTYxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWNhYmIzNTI5NmNmOTVmZDY0NjU0N2U1YjU5ODkxY2NmZDVkYjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7zWQ5hkIU3SraiIwafwMzjknoUlQ
3vB5y/T/xasxp6AjJnX8SvIeF7VpPSBeXCrivVr9qsn7nF3HPG3d+oKYlnz+Q96p
bliIVXqvVBoMnZAN1MRzg83/ZbdpDIB9ujq5XNrXI8MNA1FO8Ejg22HK5RgxKwYj
IZR636cTSU2ZGSYpZzItSsHJmV3IaMRvAsu2rk7scfMIx6NLwkRNnhzvsKgoW7ui
DP2sThp+/XP1AGsnnt+8/ydfiBEx/Q/05fLcjw+FfffkC62srinlxbEfOovZTVYw
PP/OIOIeUyTa9hFT8bivyY48hXAM0iOi+ElTWMZxUuw+cZh1kjox7ObRvQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDrKuzUpbPlf1kZUfltZiRzP1dufMB8GA1UdIwQY
MBaAFJcOvQRppcacEJiXHKqzb+Ay7OMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHc2OUJHbWx4cHdRbUpjY3FyTnY0RExzNHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82MjAwMWEtYTMxMy00ZTMzLWJiMDQt
OTE0YjRiMzRmOTgxLzEvT3NxN05TbHMtVl9XUmxSLVcxbUpITV9WMjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82MjAwMWEtYTMxMy00ZTMzLWJiMDQtOTE0YjRiMzRmOTgx
LzEvbHc2OUJHbWx4cHdRbUpjY3FyTnY0RExzNHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlZ0wDQYJ
KoZIhvcNAQELBQADggEBALSM+rqzkHl/7BGQ4OweB2DteW3QvNTTEeHw5up6g25G
sa+LNk8X1XoNw4M+HIlPitPawSzctgLhXtrZmXP+ziYYADTexC2wze972NWWTNEF
koz1FAi4YpXggF41MUNeWlsWLtQjpvLyR1ZRYliRfhRZG9opA328zIV0A1CuGo9w
B9mkGvT4COJnuic1WT31fBwfozZrU8f5JwS4CMIg2eDrUxyFumifbww+IinsNHj3
qqc1XGaMynA64LOZMdVUwIQZbABaeUL/Wn3wdPVx3VDO13CkCz9EBcffkI2y9NPx
v6u/lG88m4oTpdXqlYwDeCQm9cRWoSfOOlduXQMWGOA=
-----END CERTIFICATE-----