This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/OZy02Cq16jIMB_FoJZn64VS22JA.roa
File:                     OZy02Cq16jIMB_FoJZn64VS22JA.roa (raw, json)
Hash identifier:          nKj4XdLVyOxWe/dNxJ4EoTYTSII+Va1gBKibKO7YLnU=
Subject key identifier:   39:9C:B4:D8:2A:B5:EA:32:0C:07:F1:68:25:99:FA:E1:54:B6:D8:90
Certificate issuer:       /CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
Certificate serial:       019B79ECD75B4138F190F0590F6391D75A45
Authority key identifier: EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/OZy02Cq16jIMB_FoJZn64VS22JA.roa
Signing time:             Thu 01 Jan 2026 14:18:43 +0000
ROA not before:           Thu 01 Jan 2026 14:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198977
IP address blocks:        5.104.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:d7:5b:41:38:f1:90:f0:59:0f:63:91:d7:5a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
        Validity
            Not Before: Jan  1 14:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=399cb4d82ab5ea320c07f1682599fae154b6d890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:44:f7:2c:46:78:ec:b3:4e:b5:c3:e6:5f:66:
                    c4:4b:57:94:a6:be:39:18:96:14:cc:76:be:12:78:
                    d8:14:da:8e:74:b6:23:12:a7:4d:a4:32:ed:21:4c:
                    15:9f:49:24:dc:98:37:53:8f:6d:ed:19:90:46:0f:
                    0f:08:c6:27:07:66:61:41:42:ee:b3:2c:e5:a3:e2:
                    e0:62:cd:3e:b3:a5:16:e6:91:4b:21:64:de:0c:60:
                    c0:f4:6d:83:67:6b:9d:01:9f:7b:63:46:c5:d4:a5:
                    04:e4:af:71:2e:22:f3:7f:3f:cc:b4:35:39:c4:c5:
                    3b:5d:45:dc:c0:c8:b7:01:7f:6e:73:55:47:9f:8b:
                    78:29:e0:79:2a:d0:ea:a4:e7:97:66:5b:91:0b:1a:
                    a3:f3:1d:a1:fd:9c:55:30:e1:b3:4c:f2:f1:fd:dc:
                    fc:2f:7e:9a:7a:35:af:54:44:45:3e:fa:ba:ae:13:
                    ad:6b:82:74:d8:ea:17:09:4d:e4:7a:16:63:1e:0c:
                    cf:7d:de:aa:c8:02:6c:14:f2:74:4f:ee:cf:dc:56:
                    23:d8:d0:a9:df:67:cc:f9:2d:c1:52:9a:68:cb:a7:
                    6b:4a:6c:bf:44:67:73:31:42:ab:c2:8a:d6:16:b5:
                    12:ff:dc:cb:98:1f:41:dd:2e:80:d9:ee:53:65:02:
                    b9:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:9C:B4:D8:2A:B5:EA:32:0C:07:F1:68:25:99:FA:E1:54:B6:D8:90
            X509v3 Authority Key Identifier:
                keyid:EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/OZy02Cq16jIMB_FoJZn64VS22JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2d:a8:7f:32:c8:c1:d0:49:d2:12:75:a4:1a:95:31:dc:db:e9:
         2f:05:9f:15:bf:0a:a4:b4:ee:67:c9:6e:8c:ca:04:08:0e:1a:
         02:c5:4f:8f:44:3f:fb:ff:c1:5f:6a:c4:e0:0e:48:21:92:3d:
         52:88:24:67:88:fe:f0:71:41:54:08:7a:3d:99:cb:e9:8a:5e:
         f7:f9:34:0c:3c:f5:34:eb:50:68:53:77:10:9a:8f:43:1a:f2:
         e7:ac:d6:24:71:7f:d6:25:2a:84:b8:db:39:bc:db:3c:1d:92:
         02:3a:84:d7:e2:e8:f1:5d:87:c8:5e:32:9f:a6:22:3e:57:bf:
         e5:59:ff:62:8a:21:cb:2f:0d:d2:83:ff:5d:c7:a2:bd:30:8b:
         e0:6f:07:e8:ed:4e:98:f6:13:e9:a2:f7:10:9e:06:89:1f:f4:
         6c:f7:29:3c:7d:20:8d:4b:56:aa:ac:4e:b2:1c:d4:60:c3:31:
         db:3d:62:b5:21:55:5c:54:bd:68:5b:d0:be:4f:cd:3c:d5:61:
         23:78:9b:a8:4b:03:6e:f4:c4:ee:7e:c7:78:dc:fb:a1:4b:64:
         2b:7c:dd:ca:aa:bc:95:a6:b9:61:90:fa:76:4a:76:3a:32:56:
         8a:60:72:6e:f8:94:6f:f7:5c:68:6a:5f:97:64:96:e0:f0:6d:
         cc:9a:8e:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57NdbQTjxkPBZD2OR11pFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTA4MmQzN2ZiYzgxOTk4YmZjZjk0OGE1YmJkZGE2M2Vk
ZmRlZTAwHhcNMjYwMTAxMTQxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTljYjRkODJhYjVlYTMyMGMwN2YxNjgyNTk5ZmFlMTU0YjZkODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqET3LEZ47LNOtcPmX2bES1eUpr45
GJYUzHa+EnjYFNqOdLYjEqdNpDLtIUwVn0kk3Jg3U49t7RmQRg8PCMYnB2ZhQULu
syzlo+LgYs0+s6UW5pFLIWTeDGDA9G2DZ2udAZ97Y0bF1KUE5K9xLiLzfz/MtDU5
xMU7XUXcwMi3AX9uc1VHn4t4KeB5KtDqpOeXZluRCxqj8x2h/ZxVMOGzTPLx/dz8
L36aejWvVERFPvq6rhOta4J02OoXCU3kehZjHgzPfd6qyAJsFPJ0T+7P3FYj2NCp
32fM+S3BUppoy6drSmy/RGdzMUKrworWFrUS/9zLmB9B3S6A2e5TZQK5IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmctNgqteoyDAfxaCWZ+uFUttiQMB8GA1UdIwQY
MBaAFO9QgtN/vIGZi/z5SKW73aY+397gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFDQzAzLThnWm1MX1BsSXBidmRwajdmM3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wYzNjNGQtMDFkMi00NDBhLWE1MWYt
OTE5NWQwMmRlZDU1LzEvT1p5MDJDcTE2aklNQl9Gb0pabjY0VlMyMkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wYzNjNGQtMDFkMi00NDBhLWE1MWYtOTE5NWQwMmRlZDU1
LzEvNzFDQzAzLThnWm1MX1BsSXBidmRwajdmM3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBWgQMA0G
CSqGSIb3DQEBCwUAA4IBAQAtqH8yyMHQSdISdaQalTHc2+kvBZ8VvwqktO5nyW6M
ygQIDhoCxU+PRD/7/8FfasTgDkghkj1SiCRniP7wcUFUCHo9mcvpil73+TQMPPU0
61BoU3cQmo9DGvLnrNYkcX/WJSqEuNs5vNs8HZICOoTX4ujxXYfIXjKfpiI+V7/l
Wf9iiiHLLw3Sg/9dx6K9MIvgbwfo7U6Y9hPpovcQngaJH/Rs9yk8fSCNS1aqrE6y
HNRgwzHbPWK1IVVcVL1oW9C+T8081WEjeJuoSwNu9MTufsd43PuhS2QrfN3KqryV
prlhkPp2SnY6MlaKYHJu+JRv91xoal+XZJbg8G3Mmo60
-----END CERTIFICATE-----