This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2O9TGTN4uACGpwjmpYQ79Bi2As4.roa
File:                     2O9TGTN4uACGpwjmpYQ79Bi2As4.roa (raw, json)
Hash identifier:          o16thm9joK40D8CsbIXE4Ah02EmxPh+6HQC0QAMVb24=
Subject key identifier:   D8:EF:53:19:33:78:B8:00:86:A7:08:E6:A5:84:3B:F4:18:B6:02:CE
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019BC0E348EC3CBE07091CA3E53C1409FD34
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2O9TGTN4uACGpwjmpYQ79Bi2As4.roa
Signing time:             Thu 15 Jan 2026 09:01:19 +0000
ROA not before:           Thu 15 Jan 2026 09:01:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        212.135.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c0:e3:48:ec:3c:be:07:09:1c:a3:e5:3c:14:09:fd:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jan 15 09:01:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8ef53193378b80086a708e6a5843bf418b602ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e7:e6:ae:74:11:99:45:3e:c8:3f:8a:b1:ec:
                    ed:1a:4a:c1:a2:2e:c0:58:28:95:97:21:99:da:68:
                    f6:1c:df:1a:6e:ce:34:ad:8e:db:2c:a7:b3:98:71:
                    7b:bd:ce:2a:b0:ea:47:c5:b8:be:58:e7:74:b0:7c:
                    20:31:c0:c0:77:e6:8d:3d:43:6f:5c:a2:22:7d:fd:
                    20:81:45:da:5e:3e:89:9f:51:36:69:25:1b:17:be:
                    9e:42:8a:dd:73:99:87:03:d5:0a:06:4c:a4:fd:f2:
                    77:1b:cf:42:4e:3e:ac:a3:a3:7a:2d:99:73:a9:90:
                    2c:98:73:e4:76:97:26:b6:95:2c:a7:7d:6b:6a:11:
                    13:72:7c:67:27:b6:23:25:93:e0:bb:81:d6:04:0c:
                    be:86:45:b2:78:33:49:b6:ee:32:f3:70:16:6c:c5:
                    81:b0:4a:0e:26:ff:28:da:69:ce:4c:19:d9:4d:1b:
                    86:89:74:45:cb:d0:06:82:75:22:df:5e:ed:8b:a0:
                    a2:28:fb:d4:d9:f8:c1:91:c9:56:b9:4f:88:23:a7:
                    c6:b8:b6:2b:c0:0f:fe:30:34:bf:df:8e:d7:4b:09:
                    3e:a2:28:d0:02:74:83:4b:24:82:68:35:f0:79:0a:
                    30:74:64:43:14:73:f8:75:5b:2e:8f:1a:d1:c3:97:
                    eb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:EF:53:19:33:78:B8:00:86:A7:08:E6:A5:84:3B:F4:18:B6:02:CE
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2O9TGTN4uACGpwjmpYQ79Bi2As4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:37:fb:79:8f:e7:27:2b:56:32:93:0f:20:87:ee:bf:d8:86:
         f2:e8:05:13:8b:5e:1f:60:1f:95:e4:e2:95:4f:75:bc:13:9f:
         a0:27:59:fc:0d:57:3c:87:98:a7:fa:20:3e:dc:9a:09:ca:90:
         99:b4:ea:52:c6:32:8f:aa:8f:6e:d4:c4:fb:df:42:e9:4e:1d:
         d2:e1:8c:9d:66:81:52:87:e0:55:ed:b3:97:49:be:5c:b2:19:
         d0:bf:05:46:ab:7d:20:82:4c:50:94:9d:3f:a0:25:fe:ed:1a:
         85:c8:86:c2:11:62:cf:b8:7e:a4:15:84:48:76:15:35:64:1c:
         92:ee:6f:4a:00:e3:a8:46:bb:d3:da:03:1a:6d:1d:01:f8:7c:
         74:4b:06:4e:de:74:c4:80:f1:fc:56:91:bf:cd:23:42:7a:67:
         78:95:4b:24:e9:22:29:01:a1:00:d2:87:a5:72:82:df:c9:1b:
         f6:8d:46:a5:a5:93:f2:58:62:0b:23:bb:50:55:c2:2e:d8:3f:
         22:b7:8a:f4:00:4b:cb:85:cd:9b:15:c5:b8:74:3c:eb:36:dc:
         90:8c:87:10:99:9b:eb:f6:e2:13:20:1a:78:b7:39:27:a4:cd:
         ef:cf:86:dc:6c:68:99:16:5e:e8:f1:92:f7:4b:16:be:41:89:
         52:54:de:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvA40jsPL4HCRyj5TwUCf00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMTE1MDkwMTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGVmNTMxOTMzNzhiODAwODZhNzA4ZTZhNTg0M2JmNDE4YjYwMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvefmrnQRmUU+yD+KseztGkrBoi7A
WCiVlyGZ2mj2HN8abs40rY7bLKezmHF7vc4qsOpHxbi+WOd0sHwgMcDAd+aNPUNv
XKIiff0ggUXaXj6Jn1E2aSUbF76eQordc5mHA9UKBkyk/fJ3G89CTj6so6N6LZlz
qZAsmHPkdpcmtpUsp31rahETcnxnJ7YjJZPgu4HWBAy+hkWyeDNJtu4y83AWbMWB
sEoOJv8o2mnOTBnZTRuGiXRFy9AGgnUi317ti6CiKPvU2fjBkclWuU+II6fGuLYr
wA/+MDS/347XSwk+oijQAnSDSySCaDXweQowdGRDFHP4dVsujxrRw5fr+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjvUxkzeLgAhqcI5qWEO/QYtgLOMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvMk85VEdUTjR1QUNHcHdqbXBZUTc5QmkyQXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IcYMA0G
CSqGSIb3DQEBCwUAA4IBAQCxN/t5j+cnK1Yykw8gh+6/2Iby6AUTi14fYB+V5OKV
T3W8E5+gJ1n8DVc8h5in+iA+3JoJypCZtOpSxjKPqo9u1MT730LpTh3S4YydZoFS
h+BV7bOXSb5cshnQvwVGq30ggkxQlJ0/oCX+7RqFyIbCEWLPuH6kFYRIdhU1ZByS
7m9KAOOoRrvT2gMabR0B+Hx0SwZO3nTEgPH8VpG/zSNCemd4lUsk6SIpAaEA0oel
coLfyRv2jUalpZPyWGILI7tQVcIu2D8it4r0AEvLhc2bFcW4dDzrNtyQjIcQmZvr
9uITIBp4tzknpM3vz4bcbGiZFl7o8ZL3Sxa+QYlSVN7j
-----END CERTIFICATE-----