This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/Oz2typdgzDQc0ctUseKKMFhx06Q.roa
File:                     Oz2typdgzDQc0ctUseKKMFhx06Q.roa (raw, json)
Hash identifier:          syifUOQ+Jq/Hybnjzbf9hzjzGqX0Taf7r/ZLA0VrpP0=
Subject key identifier:   3B:3D:AD:CA:97:60:CC:34:1C:D1:CB:54:B1:E2:8A:30:58:71:D3:A4
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019B7F83FA1E39EB6CAB215C398240F60FEF
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/Oz2typdgzDQc0ctUseKKMFhx06Q.roa
Signing time:             Fri 02 Jan 2026 16:21:54 +0000
ROA not before:           Fri 02 Jan 2026 16:21:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57604
IP address blocks:        139.28.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 08:27:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:fa:1e:39:eb:6c:ab:21:5c:39:82:40:f6:0f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  2 16:21:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b3dadca9760cc341cd1cb54b1e28a305871d3a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:af:f8:25:00:72:ba:ff:1a:33:91:c6:59:32:
                    ec:03:ed:f8:b1:e4:19:45:29:18:c5:6e:4e:4d:fa:
                    b3:13:ba:3e:a8:6d:a9:0e:6c:5b:ae:e2:65:12:57:
                    23:32:6e:2f:7f:1b:02:83:42:b5:cb:f8:bf:53:9b:
                    14:18:0d:02:4f:ac:2a:98:43:c9:07:71:d6:42:d0:
                    ca:0c:e9:f9:02:ce:b4:77:7f:7e:47:c5:3d:77:d2:
                    be:52:c3:28:6c:69:4f:ba:44:f4:02:76:7b:cc:7c:
                    d8:79:bd:6a:d7:ab:ad:3d:73:ad:a5:e8:b4:d9:6d:
                    f4:82:28:27:61:78:28:fd:f7:97:ce:1f:c0:84:2e:
                    04:80:4c:c1:00:4a:e3:9e:3f:ca:08:bc:67:09:2a:
                    85:65:8b:78:ff:cb:9b:03:60:4e:cb:ee:cf:14:0e:
                    f5:18:0f:33:4c:51:49:e6:03:60:61:03:10:2c:64:
                    b3:4c:77:aa:64:ba:7c:95:58:cc:68:4d:2f:90:6e:
                    e0:e9:63:23:cf:28:a5:a7:45:cf:92:e3:3f:6e:63:
                    c1:e3:da:18:8f:24:ef:0b:01:16:e9:de:cd:78:ee:
                    fa:18:0d:15:84:1f:ab:26:77:7b:89:01:76:7f:84:
                    15:b6:82:1d:c7:de:a9:b9:eb:f9:1b:12:7c:a9:74:
                    34:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:3D:AD:CA:97:60:CC:34:1C:D1:CB:54:B1:E2:8A:30:58:71:D3:A4
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/Oz2typdgzDQc0ctUseKKMFhx06Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:9a:91:88:15:1b:da:11:91:08:31:64:93:cb:6b:42:b4:fc:
         40:71:99:ac:ee:88:fd:19:29:5a:4a:c3:ce:40:1d:cf:44:2e:
         57:c3:be:da:bd:41:1f:31:70:80:5b:c4:45:94:a2:5c:09:87:
         e2:76:a9:da:f1:e3:51:07:0d:72:c7:34:78:6c:3b:d6:20:53:
         7e:6c:1b:e5:77:a8:06:91:79:66:50:f4:58:91:96:43:e4:9c:
         74:5e:b2:55:07:58:51:d9:2a:03:69:b6:3d:25:a4:d7:5f:1b:
         88:46:f9:1e:51:e1:1a:95:37:68:72:9f:4f:9f:9f:31:20:ac:
         fe:cf:53:4f:ee:76:bb:28:58:1c:18:3d:b5:93:8e:93:d7:72:
         47:e9:5b:76:9b:a0:d0:01:4d:17:30:16:9e:ec:6b:22:e7:3e:
         83:f8:16:58:67:fc:b3:2e:1b:9c:e5:ff:ad:0d:b0:40:00:97:
         91:97:0f:6f:db:0c:50:09:b1:3f:2b:ed:0c:16:71:47:98:fe:
         33:b4:db:ef:e7:2d:f8:ad:b7:cb:d0:e7:ea:5f:00:80:a2:0e:
         e3:4a:7a:52:4b:93:87:8c:2f:60:91:c3:38:4a:dd:ed:8e:13:
         7e:e8:f4:a2:a7:cb:b2:e0:ee:17:1a:97:e2:42:14:73:92:e1:
         00:45:aa:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g/oeOetsqyFcOYJA9g/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjYwMTAyMTYyMTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjNkYWRjYTk3NjBjYzM0MWNkMWNiNTRiMWUyOGEzMDU4NzFkM2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK/4JQByuv8aM5HGWTLsA+34seQZ
RSkYxW5OTfqzE7o+qG2pDmxbruJlElcjMm4vfxsCg0K1y/i/U5sUGA0CT6wqmEPJ
B3HWQtDKDOn5As60d39+R8U9d9K+UsMobGlPukT0AnZ7zHzYeb1q16utPXOtpei0
2W30gignYXgo/feXzh/AhC4EgEzBAErjnj/KCLxnCSqFZYt4/8ubA2BOy+7PFA71
GA8zTFFJ5gNgYQMQLGSzTHeqZLp8lVjMaE0vkG7g6WMjzyilp0XPkuM/bmPB49oY
jyTvCwEW6d7NeO76GA0VhB+rJnd7iQF2f4QVtoIdx96puev5GxJ8qXQ0OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDs9rcqXYMw0HNHLVLHiijBYcdOkMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvT3oydHlwZGd6RFFjMGN0VXNlS0tNRmh4MDZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyoMA0G
CSqGSIb3DQEBCwUAA4IBAQApmpGIFRvaEZEIMWSTy2tCtPxAcZms7oj9GSlaSsPO
QB3PRC5Xw77avUEfMXCAW8RFlKJcCYfidqna8eNRBw1yxzR4bDvWIFN+bBvld6gG
kXlmUPRYkZZD5Jx0XrJVB1hR2SoDabY9JaTXXxuIRvkeUeEalTdocp9Pn58xIKz+
z1NP7na7KFgcGD21k46T13JH6Vt2m6DQAU0XMBae7Gsi5z6D+BZYZ/yzLhuc5f+t
DbBAAJeRlw9v2wxQCbE/K+0MFnFHmP4ztNvv5y34rbfL0OfqXwCAog7jSnpSS5OH
jC9gkcM4St3tjhN+6PSip8uy4O4XGpfiQhRzkuEARaqB
-----END CERTIFICATE-----