This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/402d43-e99c-4112-a038-ecbb9442f589/1/ocDruih2yibbf6CAeSAG3oeE1I4.roa
File:                     ocDruih2yibbf6CAeSAG3oeE1I4.roa (raw, json)
Hash identifier:          OFqknVm6G0kk+aIE7XbTQXvAldWSJ1pjOrT88QpbMe4=
Subject key identifier:   A1:C0:EB:BA:28:76:CA:26:DB:7F:A0:80:79:20:06:DE:87:84:D4:8E
Certificate issuer:       /CN=8f5ea8379bca44f4f6a7f4b69864cd9b02a27b12
Certificate serial:       019B7E377DB4C3D77ADC207F6380471C3E89
Authority key identifier: 8F:5E:A8:37:9B:CA:44:F4:F6:A7:F4:B6:98:64:CD:9B:02:A2:7B:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j16oN5vKRPT2p_S2mGTNmwKiexI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/402d43-e99c-4112-a038-ecbb9442f589/1/ocDruih2yibbf6CAeSAG3oeE1I4.roa
Signing time:             Fri 02 Jan 2026 10:18:44 +0000
ROA not before:           Fri 02 Jan 2026 10:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43395
IP address blocks:        185.46.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/402d43-e99c-4112-a038-ecbb9442f589/1/j16oN5vKRPT2p_S2mGTNmwKiexI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/402d43-e99c-4112-a038-ecbb9442f589/1/j16oN5vKRPT2p_S2mGTNmwKiexI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j16oN5vKRPT2p_S2mGTNmwKiexI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:7d:b4:c3:d7:7a:dc:20:7f:63:80:47:1c:3e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f5ea8379bca44f4f6a7f4b69864cd9b02a27b12
        Validity
            Not Before: Jan  2 10:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1c0ebba2876ca26db7fa080792006de8784d48e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5a:48:08:db:95:32:c9:c3:b2:e6:d0:0d:04:
                    99:99:82:de:74:e5:4f:b4:66:31:76:05:e9:d6:89:
                    7b:ff:f4:2b:e8:63:9f:62:1b:63:2b:84:a0:d7:32:
                    5b:e3:be:84:84:26:af:a9:06:94:2f:69:5a:bd:a2:
                    c9:4d:83:64:f6:7f:85:29:37:4c:07:5f:51:55:4f:
                    4b:a8:f3:96:e0:71:a8:9e:39:38:5e:ce:ee:fc:65:
                    86:a4:79:25:e1:ae:6b:82:bc:e1:68:3f:cb:04:c1:
                    50:24:ee:5f:69:54:9d:79:7d:cc:9b:77:b0:db:7a:
                    27:ac:aa:91:21:db:37:73:ca:e6:b2:d7:3f:a4:78:
                    9d:10:34:50:91:c8:f6:dc:45:a2:01:a5:31:13:cb:
                    10:d4:a5:06:79:92:d7:33:df:a3:34:c4:3e:f6:71:
                    2e:ee:05:7d:96:f2:90:17:8d:a8:29:62:e6:b4:da:
                    2d:b3:87:2b:59:04:83:f9:bf:de:8a:7e:f8:7d:94:
                    49:6b:4b:45:65:f0:4a:38:c4:46:c0:f4:ca:85:25:
                    c2:a9:c9:7b:db:bc:a2:14:b0:b0:9d:4a:1e:23:2f:
                    61:20:98:06:3f:37:c4:37:ca:72:82:36:20:76:e8:
                    22:5b:c9:c2:e3:6a:f5:a5:2e:4d:f0:c0:71:ca:24:
                    bc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C0:EB:BA:28:76:CA:26:DB:7F:A0:80:79:20:06:DE:87:84:D4:8E
            X509v3 Authority Key Identifier:
                keyid:8F:5E:A8:37:9B:CA:44:F4:F6:A7:F4:B6:98:64:CD:9B:02:A2:7B:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j16oN5vKRPT2p_S2mGTNmwKiexI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/402d43-e99c-4112-a038-ecbb9442f589/1/ocDruih2yibbf6CAeSAG3oeE1I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/402d43-e99c-4112-a038-ecbb9442f589/1/j16oN5vKRPT2p_S2mGTNmwKiexI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:12:8e:53:12:fa:6d:ac:d8:c8:d2:2f:da:1e:f3:cb:3c:05:
         d7:97:46:18:f2:8e:19:b6:22:0c:29:e9:59:3b:56:30:34:87:
         e5:2a:87:07:ac:cc:66:56:0d:a7:40:a6:0c:e3:08:82:a6:79:
         d4:10:52:52:7c:14:a3:86:e1:7b:29:39:7b:c6:15:77:37:6a:
         a6:02:67:41:3f:2e:f0:e6:05:98:54:4d:b4:30:e0:c5:4b:7b:
         80:a0:24:8a:26:3e:db:13:91:04:32:4a:7e:90:dc:27:de:bc:
         9b:6b:69:38:3e:67:33:17:19:74:6a:4d:95:25:89:66:b7:f1:
         7f:61:2e:7b:7b:1e:66:7e:39:2a:06:27:83:89:f5:1c:67:b8:
         25:91:42:9d:3f:b4:b8:5e:35:38:06:23:a2:c1:da:28:a1:a4:
         c3:ed:5e:39:2e:9d:ed:e6:bc:4d:32:a5:b7:0f:81:17:4d:d3:
         92:62:e4:52:d0:d8:29:27:fc:49:41:30:34:9a:6d:89:1e:74:
         bb:08:a4:12:36:a5:9d:40:36:c5:70:a0:66:ec:44:37:87:4c:
         e5:04:44:07:33:31:11:0c:3d:ea:32:a6:5f:34:b8:49:6f:b0:
         08:b1:d0:78:aa:d5:90:51:fd:0a:14:0d:85:2a:62:3d:9b:d1:
         0c:c3:41:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N320w9d63CB/Y4BHHD6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNWVhODM3OWJjYTQ0ZjRmNmE3ZjRiNjk4NjRjZDliMDJh
MjdiMTIwHhcNMjYwMTAyMTAxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWMwZWJiYTI4NzZjYTI2ZGI3ZmEwODA3OTIwMDZkZTg3ODRkNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1pICNuVMsnDsubQDQSZmYLedOVP
tGYxdgXp1ol7//Qr6GOfYhtjK4Sg1zJb476EhCavqQaUL2lavaLJTYNk9n+FKTdM
B19RVU9LqPOW4HGonjk4Xs7u/GWGpHkl4a5rgrzhaD/LBMFQJO5faVSdeX3Mm3ew
23onrKqRIds3c8rmstc/pHidEDRQkcj23EWiAaUxE8sQ1KUGeZLXM9+jNMQ+9nEu
7gV9lvKQF42oKWLmtNots4crWQSD+b/ein74fZRJa0tFZfBKOMRGwPTKhSXCqcl7
27yiFLCwnUoeIy9hIJgGPzfEN8pygjYgdugiW8nC42r1pS5N8MBxyiS8dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHA67oodsom23+ggHkgBt6HhNSOMB8GA1UdIwQY
MBaAFI9eqDebykT09qf0tphkzZsConsSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajE2b041dktSUFQycF9TMm1HVE5td0tpZXhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny80MDJkNDMtZTk5Yy00MTEyLWEwMzgt
ZWNiYjk0NDJmNTg5LzEvb2NEcnVpaDJ5aWJiZjZDQWVTQUczb2VFMUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny80MDJkNDMtZTk5Yy00MTEyLWEwMzgtZWNiYjk0NDJmNTg5
LzEvajE2b041dktSUFQycF9TMm1HVE5td0tpZXhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS5sMA0G
CSqGSIb3DQEBCwUAA4IBAQAAEo5TEvptrNjI0i/aHvPLPAXXl0YY8o4ZtiIMKelZ
O1YwNIflKocHrMxmVg2nQKYM4wiCpnnUEFJSfBSjhuF7KTl7xhV3N2qmAmdBPy7w
5gWYVE20MODFS3uAoCSKJj7bE5EEMkp+kNwn3ryba2k4PmczFxl0ak2VJYlmt/F/
YS57ex5mfjkqBieDifUcZ7glkUKdP7S4XjU4BiOiwdoooaTD7V45Lp3t5rxNMqW3
D4EXTdOSYuRS0NgpJ/xJQTA0mm2JHnS7CKQSNqWdQDbFcKBm7EQ3h0zlBEQHMzER
DD3qMqZfNLhJb7AIsdB4qtWQUf0KFA2FKmI9m9EMw0E9
-----END CERTIFICATE-----