This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OqGg8fjpiZc-d4TtoBVNXF3vjTI.roa
File:                     OqGg8fjpiZc-d4TtoBVNXF3vjTI.roa (raw, json)
Hash identifier:          f+4y+loXdxxJswQLeoycX+oGVQBfWC0KAgLdXSVhfR8=
Subject key identifier:   3A:A1:A0:F1:F8:E9:89:97:3E:77:84:ED:A0:15:4D:5C:5D:EF:8D:32
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F84A5676A82F39A46F4785FA880E5C1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OqGg8fjpiZc-d4TtoBVNXF3vjTI.roa
Signing time:             Fri 02 Jan 2026 16:22:38 +0000
ROA not before:           Fri 02 Jan 2026 16:22:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210448
IP address blocks:        217.60.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:a5:67:6a:82:f3:9a:46:f4:78:5f:a8:80:e5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3aa1a0f1f8e989973e7784eda0154d5c5def8d32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2a:38:e8:59:f9:e2:66:fe:80:73:69:35:37:
                    ef:af:fc:29:f4:82:90:09:31:01:53:e8:b3:15:cd:
                    71:2b:1f:ee:35:f0:b3:1d:cb:3e:90:c3:39:03:1d:
                    3b:6a:23:cf:5f:ea:7f:b6:02:67:6e:af:b3:68:65:
                    7f:31:82:20:d3:3e:b4:85:1f:86:32:b1:28:e7:db:
                    d4:7e:5d:df:e0:f5:28:c4:b8:a1:ea:24:31:7d:6e:
                    5c:47:ff:b9:4e:ad:02:c4:f7:9b:e3:08:85:4f:cf:
                    a4:07:40:25:3e:56:e5:a6:b3:95:2b:fe:b1:d4:67:
                    c4:6f:3f:1a:c4:dd:67:46:39:8d:46:71:a3:75:05:
                    45:fe:c5:92:8d:e8:2c:09:fe:7f:be:24:85:fa:cf:
                    d9:b4:af:3f:f1:f1:ea:4e:42:3e:18:93:28:c4:5b:
                    e1:39:9e:38:eb:66:f6:5a:00:c0:74:47:48:fb:39:
                    5d:45:a4:5f:55:4d:ac:45:06:9c:99:69:bd:60:df:
                    58:c9:d9:1c:aa:21:7f:1b:66:e2:ab:01:36:6b:8f:
                    6c:06:e7:cd:b3:49:bd:10:a1:cd:ea:28:77:5c:43:
                    9c:5e:fe:d7:fe:f6:a1:17:0a:52:61:3b:c4:ec:80:
                    cc:40:be:e9:1c:f0:c5:dd:3c:46:1c:c9:fa:54:4f:
                    1c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:A1:A0:F1:F8:E9:89:97:3E:77:84:ED:A0:15:4D:5C:5D:EF:8D:32
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OqGg8fjpiZc-d4TtoBVNXF3vjTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:b7:39:d1:85:2c:52:be:9a:14:0a:38:02:ca:dd:75:0f:54:
         f9:d7:9a:97:a1:4c:b6:d5:47:b0:20:bb:f5:5f:cb:95:5a:5f:
         3d:fa:63:ed:36:2c:70:d9:08:81:a3:6c:35:aa:2a:55:83:6e:
         a1:e2:8f:b4:ce:cc:af:e9:82:ee:87:9b:70:f6:ef:e7:32:13:
         ef:a3:17:b5:fe:42:9e:59:49:d9:77:d4:4b:58:1a:8e:d1:e8:
         cd:0d:46:1c:37:b9:d0:ee:34:fc:db:3a:d4:d8:a1:c9:10:b4:
         04:95:1b:26:53:17:20:61:93:95:94:66:d8:85:60:e9:18:86:
         2a:2e:61:0d:6b:ee:6b:5f:bb:9e:01:2c:de:1e:ec:0b:57:fc:
         67:8e:8e:04:c9:68:43:c9:6f:4f:9a:62:b9:9b:27:8e:76:08:
         12:d3:ba:a3:bd:c1:57:d8:55:ee:83:3a:ce:2a:01:f2:1c:3d:
         55:8a:4f:9f:ee:99:72:fc:f0:09:70:07:e9:b9:91:6a:b7:03:
         2b:24:6c:39:42:28:f7:ba:6e:29:f2:c2:3e:4a:81:07:9a:7b:
         2f:b2:7e:c5:b8:3a:36:f2:dc:cf:51:bc:c3:1c:4d:d2:e7:68:
         50:d2:f4:86:54:97:32:d5:32:d4:df:49:08:20:67:5d:4e:fd:
         fc:7d:15:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hKVnaoLzmkb0eF+ogOXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWExYTBmMWY4ZTk4OTk3M2U3Nzg0ZWRhMDE1NGQ1YzVkZWY4ZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSo46Fn54mb+gHNpNTfvr/wp9IKQ
CTEBU+izFc1xKx/uNfCzHcs+kMM5Ax07aiPPX+p/tgJnbq+zaGV/MYIg0z60hR+G
MrEo59vUfl3f4PUoxLih6iQxfW5cR/+5Tq0CxPeb4wiFT8+kB0AlPlblprOVK/6x
1GfEbz8axN1nRjmNRnGjdQVF/sWSjegsCf5/viSF+s/ZtK8/8fHqTkI+GJMoxFvh
OZ4462b2WgDAdEdI+zldRaRfVU2sRQacmWm9YN9YydkcqiF/G2biqwE2a49sBufN
s0m9EKHN6ih3XEOcXv7X/vahFwpSYTvE7IDMQL7pHPDF3TxGHMn6VE8cOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqhoPH46YmXPneE7aAVTVxd740yMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvT3FHZzhmanBpWmMtZDRUdG9CVk5YRjN2alRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TwNMA0G
CSqGSIb3DQEBCwUAA4IBAQCbtznRhSxSvpoUCjgCyt11D1T515qXoUy21UewILv1
X8uVWl89+mPtNixw2QiBo2w1qipVg26h4o+0zsyv6YLuh5tw9u/nMhPvoxe1/kKe
WUnZd9RLWBqO0ejNDUYcN7nQ7jT82zrU2KHJELQElRsmUxcgYZOVlGbYhWDpGIYq
LmENa+5rX7ueASzeHuwLV/xnjo4EyWhDyW9PmmK5myeOdggS07qjvcFX2FXugzrO
KgHyHD1Vik+f7ply/PAJcAfpuZFqtwMrJGw5Qij3um4p8sI+SoEHmnsvsn7FuDo2
8tzPUbzDHE3S52hQ0vSGVJcy1TLU30kIIGddTv38fRX3
-----END CERTIFICATE-----