This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/CrO8u8Oq5BkBEcatDjBKbWW3E7M.roa
File:                     CrO8u8Oq5BkBEcatDjBKbWW3E7M.roa (raw, json)
Hash identifier:          imrBuoJmOz69UhOC1sn6VQqSOK7SozDwdVoRAOrOv0g=
Subject key identifier:   0A:B3:BC:BB:C3:AA:E4:19:01:11:C6:AD:0E:30:4A:6D:65:B7:13:B3
Certificate issuer:       /CN=d31af2872c3f5503073866dffef488b71783dab6
Certificate serial:       019B79113B649E3FAAC4272F9A915167E304
Authority key identifier: D3:1A:F2:87:2C:3F:55:03:07:38:66:DF:FE:F4:88:B7:17:83:DA:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0xryhyw_VQMHOGbf_vSItxeD2rY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/CrO8u8Oq5BkBEcatDjBKbWW3E7M.roa
Signing time:             Thu 01 Jan 2026 10:18:50 +0000
ROA not before:           Thu 01 Jan 2026 10:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198076
IP address blocks:        176.123.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/0xryhyw_VQMHOGbf_vSItxeD2rY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/0xryhyw_VQMHOGbf_vSItxeD2rY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0xryhyw_VQMHOGbf_vSItxeD2rY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 19:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:3b:64:9e:3f:aa:c4:27:2f:9a:91:51:67:e3:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31af2872c3f5503073866dffef488b71783dab6
        Validity
            Not Before: Jan  1 10:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ab3bcbbc3aae4190111c6ad0e304a6d65b713b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:92:d3:86:cd:ac:21:6c:f9:ee:77:05:bf:8f:
                    e5:fe:18:f9:7a:1d:0f:9e:12:02:55:ff:ae:bb:3e:
                    3a:de:fc:5a:7d:f6:60:7a:83:78:97:9e:8b:c7:52:
                    2d:91:b1:e3:25:3c:b3:5a:ab:66:5d:3d:06:9f:e5:
                    66:89:72:ab:81:cc:a5:ed:32:fa:e1:7b:cc:94:2c:
                    ee:8d:30:04:d2:5e:03:3f:51:28:f9:67:a8:ce:e6:
                    a3:b6:63:08:20:fd:a2:e0:af:1f:ec:0b:95:16:c8:
                    d7:d1:c1:96:d7:6f:9f:5e:d8:2c:e5:27:91:22:2a:
                    98:57:b0:db:28:b7:d5:7a:5d:b2:7b:18:fc:41:c9:
                    ac:ee:9f:97:f6:68:84:f7:ee:9b:a7:98:9b:f0:e9:
                    f0:59:f5:53:98:0f:b2:8f:12:2d:5c:7d:8d:99:aa:
                    6e:c9:56:69:cf:bc:53:f1:d2:d4:35:ec:1f:2c:65:
                    4e:fe:1b:be:35:c0:85:45:28:3e:e5:7d:eb:3f:03:
                    b9:15:a5:eb:b1:b5:1c:3f:bd:60:ee:e3:71:45:3c:
                    e8:2e:65:c9:ba:4c:46:b6:8e:c7:e7:6d:90:a0:5a:
                    dd:77:b6:44:c1:d3:5e:21:4e:c7:b6:6f:e4:78:cf:
                    47:92:ff:b3:94:48:c6:e6:cd:63:f3:66:1c:be:33:
                    f7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B3:BC:BB:C3:AA:E4:19:01:11:C6:AD:0E:30:4A:6D:65:B7:13:B3
            X509v3 Authority Key Identifier:
                keyid:D3:1A:F2:87:2C:3F:55:03:07:38:66:DF:FE:F4:88:B7:17:83:DA:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0xryhyw_VQMHOGbf_vSItxeD2rY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/CrO8u8Oq5BkBEcatDjBKbWW3E7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/0xryhyw_VQMHOGbf_vSItxeD2rY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:9d:35:98:07:51:ec:98:2a:56:e1:c3:75:87:a0:cf:09:99:
         2c:41:fb:26:5a:6f:d8:8a:29:66:bf:32:25:ba:52:a3:99:e4:
         93:80:b1:64:9b:74:45:cb:53:b8:c4:e5:42:a9:cb:36:82:5f:
         82:e1:4e:a8:f5:3f:f2:89:4c:e2:01:cc:85:60:06:13:0e:50:
         08:32:f6:de:8c:d1:56:17:17:ce:fe:12:40:e9:0a:7f:cd:cb:
         c9:cd:29:11:a0:a6:ad:1c:24:a8:e5:6d:02:c1:a1:a2:68:d3:
         e7:6a:a7:d1:b2:5b:22:be:56:0c:8f:2b:61:5e:d4:15:a7:bc:
         2d:7e:16:f9:3b:ba:bc:90:3d:ea:3b:ac:c7:d6:4d:b2:87:e8:
         96:22:5a:aa:4c:07:5a:6c:57:dd:26:55:66:4c:d0:d2:9c:92:
         52:11:b9:4e:a0:a6:0f:e1:ac:12:3c:8e:38:96:74:14:4f:6b:
         23:79:c6:a0:99:09:12:56:71:66:a0:c9:e7:05:c7:f3:aa:41:
         de:4b:db:2c:df:14:aa:0e:6c:80:ec:a8:3c:4b:8a:1b:cf:a1:
         0f:d3:08:be:1c:c7:78:63:0d:81:17:8b:28:09:4a:bc:6f:f1:
         e6:41:11:33:d7:a5:01:f4:50:68:e8:90:6e:97:85:1f:07:62:
         90:83:38:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ETtknj+qxCcvmpFRZ+MEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWFmMjg3MmMzZjU1MDMwNzM4NjZkZmZlZjQ4OGI3MTc4
M2RhYjYwHhcNMjYwMTAxMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWIzYmNiYmMzYWFlNDE5MDExMWM2YWQwZTMwNGE2ZDY1YjcxM2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5LThs2sIWz57ncFv4/l/hj5eh0P
nhICVf+uuz463vxaffZgeoN4l56Lx1ItkbHjJTyzWqtmXT0Gn+VmiXKrgcyl7TL6
4XvMlCzujTAE0l4DP1Eo+WeozuajtmMIIP2i4K8f7AuVFsjX0cGW12+fXtgs5SeR
IiqYV7DbKLfVel2yexj8Qcms7p+X9miE9+6bp5ib8OnwWfVTmA+yjxItXH2Nmapu
yVZpz7xT8dLUNewfLGVO/hu+NcCFRSg+5X3rPwO5FaXrsbUcP71g7uNxRTzoLmXJ
ukxGto7H522QoFrdd7ZEwdNeIU7Htm/keM9Hkv+zlEjG5s1j82YcvjP3aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqzvLvDquQZARHGrQ4wSm1ltxOzMB8GA1UdIwQY
MBaAFNMa8ocsP1UDBzhm3/70iLcXg9q2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHhyeWh5d19WUU1IT0diZl92U0l0eGVEMnJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82OGI3NWMtODNkZi00NzRlLWE5ZmUt
MDFiZjFmMTQ1YzI2LzEvQ3JPOHU4T3E1QmtCRWNhdERqQktiV1czRTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82OGI3NWMtODNkZi00NzRlLWE5ZmUtMDFiZjFmMTQ1YzI2
LzEvMHhyeWh5d19WUU1IT0diZl92U0l0eGVEMnJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHsxMA0G
CSqGSIb3DQEBCwUAA4IBAQBZnTWYB1HsmCpW4cN1h6DPCZksQfsmWm/YiilmvzIl
ulKjmeSTgLFkm3RFy1O4xOVCqcs2gl+C4U6o9T/yiUziAcyFYAYTDlAIMvbejNFW
FxfO/hJA6Qp/zcvJzSkRoKatHCSo5W0CwaGiaNPnaqfRslsivlYMjythXtQVp7wt
fhb5O7q8kD3qO6zH1k2yh+iWIlqqTAdabFfdJlVmTNDSnJJSEblOoKYP4awSPI44
lnQUT2sjecagmQkSVnFmoMnnBcfzqkHeS9ss3xSqDmyA7Kg8S4obz6EP0wi+HMd4
Yw2BF4soCUq8b/HmQREz16UB9FBo6JBul4UfB2KQgzgz
-----END CERTIFICATE-----