This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/OxW0-GOR5UDSFAaTt546TZUCBGE.roa
File:                     OxW0-GOR5UDSFAaTt546TZUCBGE.roa (raw, json)
Hash identifier:          W3m4nhGM+s38jO9bqJSFGDvsDRVYHQusEq/+6tiODt8=
Subject key identifier:   3B:15:B4:F8:63:91:E5:40:D2:14:06:93:B7:9E:3A:4D:95:02:04:61
Certificate issuer:       /CN=87b1396fd11c730ef20448129b282856ac504cb7
Certificate serial:       019A816B81CBFF02C168813DE7E1493B9C58
Authority key identifier: 87:B1:39:6F:D1:1C:73:0E:F2:04:48:12:9B:28:28:56:AC:50:4C:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/OxW0-GOR5UDSFAaTt546TZUCBGE.roa
Signing time:             Fri 14 Nov 2025 08:11:37 +0000
ROA not before:           Fri 14 Nov 2025 08:11:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        192.109.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Nov 2025 12:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:81:6b:81:cb:ff:02:c1:68:81:3d:e7:e1:49:3b:9c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87b1396fd11c730ef20448129b282856ac504cb7
        Validity
            Not Before: Nov 14 08:11:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b15b4f86391e540d2140693b79e3a4d95020461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:18:86:dd:ae:4f:d1:33:64:99:2f:98:7a:3f:
                    d1:e0:8c:23:31:51:dc:30:49:33:63:cc:4e:a2:24:
                    3c:95:0c:9a:d7:cc:7e:89:35:df:3e:e2:dd:6d:ad:
                    5d:24:76:f0:20:0c:40:42:14:a2:34:23:4f:48:9e:
                    69:c4:de:d6:5d:6c:05:a5:9c:23:24:36:b7:d5:b6:
                    b2:3c:7f:b5:81:91:46:62:10:0a:9d:19:8f:2c:8d:
                    a7:0b:97:0d:c0:d7:18:43:52:5a:26:2e:cd:83:9b:
                    55:24:a6:bd:06:2b:57:4f:3a:d2:97:83:56:c7:e7:
                    e9:d2:35:f3:97:bf:c2:14:4a:fc:5d:09:e7:83:b7:
                    1e:c6:7f:d4:29:e9:eb:04:35:32:23:42:58:03:af:
                    f9:8f:6f:26:d2:67:a0:4f:df:84:26:d8:7f:07:63:
                    f7:5e:96:ce:14:ae:10:74:53:9b:22:5e:f8:10:31:
                    90:0f:d8:57:d9:67:f7:30:53:d6:cb:e7:73:bb:43:
                    aa:b6:df:fd:66:9a:08:b9:1c:cb:0c:20:8d:a7:32:
                    45:a5:eb:18:4d:8b:6a:6b:29:df:11:6c:e0:0c:f0:
                    f4:72:da:ac:09:6f:2a:1f:7e:6f:d1:e5:25:4d:a9:
                    a1:55:83:72:9d:b5:d3:54:1e:d0:bb:20:f3:cb:b7:
                    cf:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:15:B4:F8:63:91:E5:40:D2:14:06:93:B7:9E:3A:4D:95:02:04:61
            X509v3 Authority Key Identifier:
                keyid:87:B1:39:6F:D1:1C:73:0E:F2:04:48:12:9B:28:28:56:AC:50:4C:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/OxW0-GOR5UDSFAaTt546TZUCBGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:07:d6:06:27:f9:8c:9a:b6:ba:53:fd:f4:17:f6:5b:f1:9b:
         40:1d:00:af:65:c3:b9:b4:52:60:bf:14:57:11:f3:41:b0:85:
         ae:09:92:ef:07:3a:33:5b:38:f0:57:80:e1:47:9e:51:b3:f8:
         aa:e7:e2:2f:47:f8:06:2e:90:7c:af:bb:b5:f4:5e:3d:12:d6:
         e3:64:99:c4:1e:45:fe:8a:4b:d0:b9:39:72:b9:74:07:3e:a8:
         46:c7:43:a2:f2:bb:22:cf:c8:45:9b:93:26:22:58:0c:d1:9c:
         95:0d:fe:70:7f:45:9d:27:03:e4:1e:0f:52:77:98:2c:23:ae:
         6d:fc:39:3b:90:a3:27:d2:b7:74:a1:3d:53:30:fe:17:a6:d1:
         7f:57:8d:ab:19:31:e7:08:28:dc:4d:1b:d1:6e:8e:52:74:74:
         2e:03:9a:65:ba:9b:6a:72:ae:36:d1:73:94:44:28:7f:4b:ac:
         3f:fd:06:2f:4d:65:7b:3a:cb:09:9a:fb:93:56:4f:11:d1:37:
         e5:2c:f5:82:05:52:ce:c3:31:a9:e1:bc:ba:73:40:3f:5d:c8:
         b5:e7:46:3a:8d:b7:3f:bd:47:4e:c7:fc:83:53:19:90:e7:8a:
         1c:fe:c8:5f:b9:d6:a9:40:8c:61:8b:da:2c:e8:c2:a4:21:23:
         9e:4f:38:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqBa4HL/wLBaIE95+FJO5xYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YjEzOTZmZDExYzczMGVmMjA0NDgxMjliMjgyODU2YWM1
MDRjYjcwHhcNMjUxMTE0MDgxMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE1YjRmODYzOTFlNTQwZDIxNDA2OTNiNzllM2E0ZDk1MDIwNDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBiG3a5P0TNkmS+Yej/R4IwjMVHc
MEkzY8xOoiQ8lQya18x+iTXfPuLdba1dJHbwIAxAQhSiNCNPSJ5pxN7WXWwFpZwj
JDa31bayPH+1gZFGYhAKnRmPLI2nC5cNwNcYQ1JaJi7Ng5tVJKa9BitXTzrSl4NW
x+fp0jXzl7/CFEr8XQnng7cexn/UKenrBDUyI0JYA6/5j28m0megT9+EJth/B2P3
XpbOFK4QdFObIl74EDGQD9hX2Wf3MFPWy+dzu0Oqtt/9ZpoIuRzLDCCNpzJFpesY
TYtqaynfEWzgDPD0ctqsCW8qH35v0eUlTamhVYNynbXTVB7QuyDzy7fP4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsVtPhjkeVA0hQGk7eeOk2VAgRhMB8GA1UdIwQY
MBaAFIexOW/RHHMO8gRIEpsoKFasUEy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDdFNWI5RWNjdzd5QkVnU215Z29WcXhRVExjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zOGJjOTAtMWQ1My00ZDQ3LWJiZGIt
ZjRlN2M5Y2M0M2ZmLzEvT3hXMC1HT1I1VURTRkFhVHQ1NDZUWlVDQkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zOGJjOTAtMWQ1My00ZDQ3LWJiZGItZjRlN2M5Y2M0M2Zm
LzEvaDdFNWI5RWNjdzd5QkVnU215Z29WcXhRVExjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3OMA0G
CSqGSIb3DQEBCwUAA4IBAQDIB9YGJ/mMmra6U/30F/Zb8ZtAHQCvZcO5tFJgvxRX
EfNBsIWuCZLvBzozWzjwV4DhR55Rs/iq5+IvR/gGLpB8r7u19F49EtbjZJnEHkX+
ikvQuTlyuXQHPqhGx0Oi8rsiz8hFm5MmIlgM0ZyVDf5wf0WdJwPkHg9Sd5gsI65t
/Dk7kKMn0rd0oT1TMP4XptF/V42rGTHnCCjcTRvRbo5SdHQuA5pluptqcq420XOU
RCh/S6w//QYvTWV7OssJmvuTVk8R0TflLPWCBVLOwzGp4by6c0A/Xci150Y6jbc/
vUdOx/yDUxmQ54oc/shfudapQIxhi9os6MKkISOeTzgo
-----END CERTIFICATE-----