This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/OanOJuK9CZ_mb2tpFiyRDvcrz5U.roa
File:                     OanOJuK9CZ_mb2tpFiyRDvcrz5U.roa (raw, json)
Hash identifier:          RvtNKgA+zQQgPu+BNKHT0hit3/vh/z6l5c5kWO+Jb0g=
Subject key identifier:   39:A9:CE:26:E2:BD:09:9F:E6:6F:6B:69:16:2C:91:0E:F7:2B:CF:95
Certificate issuer:       /CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
Certificate serial:       019B7BA374A8DD9F191989A411700A46FC83
Authority key identifier: 29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/OanOJuK9CZ_mb2tpFiyRDvcrz5U.roa
Signing time:             Thu 01 Jan 2026 22:17:48 +0000
ROA not before:           Thu 01 Jan 2026 22:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30367
IP address blocks:        91.213.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 16:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:74:a8:dd:9f:19:19:89:a4:11:70:0a:46:fc:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
        Validity
            Not Before: Jan  1 22:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39a9ce26e2bd099fe66f6b69162c910ef72bcf95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:60:0f:83:53:21:ff:a8:2d:80:ce:99:cb:fc:
                    66:ec:c5:3f:ad:2b:2f:00:c7:8b:f8:21:3e:1d:1b:
                    8f:a3:2e:09:fc:39:a3:06:60:70:22:8a:81:eb:19:
                    65:5d:fb:6e:fb:43:64:d6:a3:54:69:de:d0:0b:f9:
                    c4:2c:84:ff:e5:6d:8f:8f:27:6c:06:06:90:ae:ab:
                    18:5e:42:c0:48:82:8e:45:db:03:a1:9f:a4:a2:30:
                    fb:8c:c9:d6:b7:7c:98:98:93:d6:18:96:e6:31:e6:
                    c8:a1:ac:1d:9b:45:5a:ad:be:53:08:f9:df:05:4a:
                    e9:23:30:6a:9e:5e:0f:f7:a5:f8:6c:7f:f6:3f:75:
                    77:a1:45:84:06:24:38:fc:37:62:27:c6:b2:63:e0:
                    02:b9:b9:d1:87:2c:e7:af:84:33:c2:c1:6b:e2:f4:
                    4d:77:86:96:51:db:9f:64:55:de:05:d4:e4:c3:b8:
                    dc:76:8d:06:12:5a:f0:fe:92:29:6b:21:f2:62:b9:
                    5f:2c:b9:17:99:00:3e:cd:68:21:fa:b8:d0:0b:e2:
                    c6:e0:81:2e:21:29:3e:49:0a:ed:2c:49:dc:d3:0d:
                    72:89:9c:43:e2:a9:f1:5d:42:f4:0d:f3:a8:33:10:
                    44:48:bd:6e:3c:6c:a3:69:43:17:5c:81:a9:73:1a:
                    5c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:A9:CE:26:E2:BD:09:9F:E6:6F:6B:69:16:2C:91:0E:F7:2B:CF:95
            X509v3 Authority Key Identifier:
                keyid:29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/OanOJuK9CZ_mb2tpFiyRDvcrz5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:b2:20:94:76:ae:85:37:60:18:16:53:39:2f:c5:70:0b:5f:
         12:62:2a:ed:2b:69:f1:45:4c:ef:d4:b8:aa:c7:df:20:43:14:
         35:1f:82:f0:3d:ab:46:d6:24:92:49:64:ee:ce:ef:79:96:d6:
         4f:47:02:7d:24:91:7c:1f:61:b9:d9:d7:96:d5:f0:b8:47:80:
         0c:a3:cc:12:a3:a9:43:a4:80:50:27:97:da:df:b7:15:8f:73:
         10:aa:05:fe:97:44:2f:4a:d1:a7:d9:21:44:dd:29:fe:b6:9d:
         08:9f:62:6b:b0:a4:b5:95:e9:bb:9c:c6:a6:2e:52:09:86:78:
         e2:dc:69:a6:51:f2:80:64:37:81:97:5a:94:4d:e5:68:e6:42:
         5b:f4:d1:ba:36:30:c0:eb:24:fa:64:4a:6c:94:9e:c7:8c:83:
         a0:34:5f:88:46:58:44:3c:01:ea:1f:a3:58:ee:0a:61:3c:14:
         2a:68:52:36:fa:1e:85:7a:58:f7:84:7e:23:55:aa:c7:f3:df:
         b9:6b:50:25:80:5a:6b:77:16:0b:57:db:67:62:97:d3:93:6d:
         22:1a:88:be:f6:f5:5d:16:4c:d9:a1:9b:7c:43:e7:03:c3:36:
         f4:f3:1f:27:cf:f8:4c:8a:86:9b:28:f2:85:97:61:2c:a3:c5:
         05:1a:b3:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o3So3Z8ZGYmkEXAKRvyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWQ4M2MzZjRiODc3Y2Y3ZDA4NGNiNTMwYzRhOWUzNmZj
ZjdhZDAwHhcNMjYwMTAxMjIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWE5Y2UyNmUyYmQwOTlmZTY2ZjZiNjkxNjJjOTEwZWY3MmJjZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmAPg1Mh/6gtgM6Zy/xm7MU/rSsv
AMeL+CE+HRuPoy4J/DmjBmBwIoqB6xllXftu+0Nk1qNUad7QC/nELIT/5W2Pjyds
BgaQrqsYXkLASIKORdsDoZ+kojD7jMnWt3yYmJPWGJbmMebIoawdm0Varb5TCPnf
BUrpIzBqnl4P96X4bH/2P3V3oUWEBiQ4/DdiJ8ayY+ACubnRhyznr4QzwsFr4vRN
d4aWUdufZFXeBdTkw7jcdo0GElrw/pIpayHyYrlfLLkXmQA+zWgh+rjQC+LG4IEu
ISk+SQrtLEnc0w1yiZxD4qnxXUL0DfOoMxBESL1uPGyjaUMXXIGpcxpcUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmpzibivQmf5m9raRYskQ73K8+VMB8GA1UdIwQY
MBaAFCkdg8P0uHfPfQhMtTDEqeNvz3rQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1IyRHdfUzRkODk5Q0V5MU1NU3A0Ml9QZXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81OTQ1NjktNmYxOC00NjBhLWExOTYt
ZmZjZDQ3NzM0OWZjLzEvT2FuT0p1SzlDWl9tYjJ0cEZpeVJEdmNyejVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81OTQ1NjktNmYxOC00NjBhLWExOTYtZmZjZDQ3NzM0OWZj
LzEvS1IyRHdfUzRkODk5Q0V5MU1NU3A0Ml9QZXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UDMA0G
CSqGSIb3DQEBCwUAA4IBAQA/siCUdq6FN2AYFlM5L8VwC18SYirtK2nxRUzv1Liq
x98gQxQ1H4LwPatG1iSSSWTuzu95ltZPRwJ9JJF8H2G52deW1fC4R4AMo8wSo6lD
pIBQJ5fa37cVj3MQqgX+l0QvStGn2SFE3Sn+tp0In2JrsKS1lem7nMamLlIJhnji
3GmmUfKAZDeBl1qUTeVo5kJb9NG6NjDA6yT6ZEpslJ7HjIOgNF+IRlhEPAHqH6NY
7gphPBQqaFI2+h6Felj3hH4jVarH89+5a1AlgFprdxYLV9tnYpfTk20iGoi+9vVd
FkzZoZt8Q+cDwzb08x8nz/hMioabKPKFl2Eso8UFGrNt
-----END CERTIFICATE-----