This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/oXTYdClCAvrbQ-B5AY02ud7SwGM.roa
File:                     oXTYdClCAvrbQ-B5AY02ud7SwGM.roa (raw, json)
Hash identifier:          Kl9/UDkXKYx9xJjJkDuIAR+3wCrxIZ3u8NbLrdRq+lY=
Subject key identifier:   A1:74:D8:74:29:42:02:FA:DB:43:E0:79:01:8D:36:B9:DE:D2:C0:63
Certificate issuer:       /CN=acd6be97bcfe12becbe82b7841047f57972a935a
Certificate serial:       019B78352F1EE2925AD25563FA1179D1C09F
Authority key identifier: AC:D6:BE:97:BC:FE:12:BE:CB:E8:2B:78:41:04:7F:57:97:2A:93:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/oXTYdClCAvrbQ-B5AY02ud7SwGM.roa
Signing time:             Thu 01 Jan 2026 06:18:29 +0000
ROA not before:           Thu 01 Jan 2026 06:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395793
IP address blocks:        185.176.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 18:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:2f:1e:e2:92:5a:d2:55:63:fa:11:79:d1:c0:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acd6be97bcfe12becbe82b7841047f57972a935a
        Validity
            Not Before: Jan  1 06:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a174d874294202fadb43e079018d36b9ded2c063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9d:c6:a0:b9:55:2e:9b:61:a9:b4:4d:07:15:
                    39:ad:4c:97:81:0f:25:49:e9:95:a1:f5:c9:23:0a:
                    0c:46:43:8c:f3:18:69:46:e1:a8:2f:1b:93:49:c7:
                    92:e8:21:6d:57:66:e0:09:db:51:e8:3b:2e:36:d2:
                    87:d3:ea:40:c4:c7:fd:d4:48:81:b6:4a:64:e8:9a:
                    be:8a:81:6d:5f:23:59:7d:10:c5:d2:54:de:4f:fd:
                    ae:46:47:52:6b:c7:7b:a1:cb:80:fc:a6:3b:03:7f:
                    dd:13:48:f2:f1:62:55:7d:ba:e4:aa:4a:64:9c:6a:
                    d2:f5:70:62:8f:32:7f:a2:78:15:f9:92:2e:5f:80:
                    4f:19:fe:bf:3b:81:e7:8f:7c:b7:ea:4d:c9:36:77:
                    53:aa:8d:9d:e9:1e:99:df:71:da:13:cc:e3:54:d1:
                    9e:9d:ac:7a:ec:08:dd:81:a1:f6:fc:8e:30:d0:8b:
                    20:23:98:78:c7:cb:60:98:5b:60:84:21:83:f8:b5:
                    f9:ae:63:8d:91:6a:73:53:28:cb:f2:8f:cf:dd:4d:
                    f4:84:ec:35:9d:a1:c7:1b:7a:ea:88:9d:e5:b0:99:
                    5a:4d:7a:f2:8d:f7:ed:a4:d6:62:25:1e:39:72:e1:
                    a0:d5:16:38:4e:37:f5:f5:02:f9:ba:c9:c6:28:85:
                    4b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:74:D8:74:29:42:02:FA:DB:43:E0:79:01:8D:36:B9:DE:D2:C0:63
            X509v3 Authority Key Identifier:
                keyid:AC:D6:BE:97:BC:FE:12:BE:CB:E8:2B:78:41:04:7F:57:97:2A:93:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/oXTYdClCAvrbQ-B5AY02ud7SwGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/4b7c2e-089f-4708-9184-2a84acbe07ee/1/rNa-l7z-Er7L6Ct4QQR_V5cqk1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:4f:19:3c:9c:79:ab:54:ff:8d:2c:9b:bc:1e:fa:47:50:df:
         31:ea:ac:df:09:50:df:d4:a8:59:22:b5:43:79:8e:05:c1:73:
         b0:3a:14:61:86:bb:4c:d4:34:74:9b:6b:32:e9:f9:5f:f2:89:
         c0:bb:f7:94:06:75:83:e7:f2:5d:8f:ea:a9:7a:f0:2e:7c:fb:
         9b:9d:f5:97:14:af:52:09:1d:44:38:16:70:6e:0b:45:7f:a6:
         d6:7b:54:dd:e3:84:8f:23:38:4e:d5:a6:3d:91:2d:3d:d1:fc:
         3a:19:2c:ff:54:f1:b7:45:68:91:a3:f6:e6:fb:20:92:9a:0c:
         f0:2d:3b:f9:cc:e1:82:a7:df:ba:09:16:47:f1:cb:18:cc:aa:
         76:5b:31:c8:07:92:f4:bb:15:0e:3e:e1:d2:08:ea:24:b9:46:
         74:fb:2c:c0:db:91:7a:e1:91:5b:98:ce:6b:e0:a9:bc:34:dc:
         36:57:e1:90:db:b2:4a:6e:a6:b6:ea:9c:a2:83:2e:43:0e:f4:
         ec:51:23:16:80:54:55:53:94:98:b3:7e:9e:37:7e:cf:88:9d:
         92:65:33:e9:2b:1a:fc:89:f0:0c:1f:12:38:73:7e:1e:09:23:
         5e:0a:a7:de:d6:7f:c1:64:f0:fb:b6:a7:0b:5f:41:10:bc:bf:
         61:5b:c6:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NS8e4pJa0lVj+hF50cCfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZDZiZTk3YmNmZTEyYmVjYmU4MmI3ODQxMDQ3ZjU3OTcy
YTkzNWEwHhcNMjYwMTAxMDYxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTc0ZDg3NDI5NDIwMmZhZGI0M2UwNzkwMThkMzZiOWRlZDJjMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs53GoLlVLpthqbRNBxU5rUyXgQ8l
SemVofXJIwoMRkOM8xhpRuGoLxuTSceS6CFtV2bgCdtR6DsuNtKH0+pAxMf91EiB
tkpk6Jq+ioFtXyNZfRDF0lTeT/2uRkdSa8d7ocuA/KY7A3/dE0jy8WJVfbrkqkpk
nGrS9XBijzJ/ongV+ZIuX4BPGf6/O4Hnj3y36k3JNndTqo2d6R6Z33HaE8zjVNGe
nax67AjdgaH2/I4w0IsgI5h4x8tgmFtghCGD+LX5rmONkWpzUyjL8o/P3U30hOw1
naHHG3rqiJ3lsJlaTXryjfftpNZiJR45cuGg1RY4Tjf19QL5usnGKIVLowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKF02HQpQgL620PgeQGNNrne0sBjMB8GA1UdIwQY
MBaAFKzWvpe8/hK+y+greEEEf1eXKpNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck5hLWw3ei1FcjdMNkN0NFFRUl9WNWNxazFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC80YjdjMmUtMDg5Zi00NzA4LTkxODQt
MmE4NGFjYmUwN2VlLzEvb1hUWWRDbENBdnJiUS1CNUFZMDJ1ZDdTd0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC80YjdjMmUtMDg5Zi00NzA4LTkxODQtMmE4NGFjYmUwN2Vl
LzEvck5hLWw3ei1FcjdMNkN0NFFRUl9WNWNxazFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubCGMA0G
CSqGSIb3DQEBCwUAA4IBAQB6Txk8nHmrVP+NLJu8HvpHUN8x6qzfCVDf1KhZIrVD
eY4FwXOwOhRhhrtM1DR0m2sy6flf8onAu/eUBnWD5/Jdj+qpevAufPubnfWXFK9S
CR1EOBZwbgtFf6bWe1Td44SPIzhO1aY9kS090fw6GSz/VPG3RWiRo/bm+yCSmgzw
LTv5zOGCp9+6CRZH8csYzKp2WzHIB5L0uxUOPuHSCOokuUZ0+yzA25F64ZFbmM5r
4Km8NNw2V+GQ27JKbqa26pyigy5DDvTsUSMWgFRVU5SYs36eN37PiJ2SZTPpKxr8
ifAMHxI4c34eCSNeCqfe1n/BZPD7tqcLX0EQvL9hW8bQ
-----END CERTIFICATE-----