This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/O1kpwtflKFENDMxtFw4AMwXy_Eg.roa
File:                     O1kpwtflKFENDMxtFw4AMwXy_Eg.roa (raw, json)
Hash identifier:          bFGH8x7w1VMHVR7CRYJvYNDIa0FPd2nWUvLigwhxhc4=
Subject key identifier:   3B:59:29:C2:D7:E5:28:51:0D:0C:CC:6D:17:0E:00:33:05:F2:FC:48
Certificate issuer:       /CN=7a938a935f8baf9cd933906416590d782e7287c7
Certificate serial:       019B7BA35C90BD82E62CF25F8CE1DF8CDD80
Authority key identifier: 7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/O1kpwtflKFENDMxtFw4AMwXy_Eg.roa
Signing time:             Thu 01 Jan 2026 22:17:42 +0000
ROA not before:           Thu 01 Jan 2026 22:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        192.195.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 10:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:5c:90:bd:82:e6:2c:f2:5f:8c:e1:df:8c:dd:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a938a935f8baf9cd933906416590d782e7287c7
        Validity
            Not Before: Jan  1 22:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b5929c2d7e528510d0ccc6d170e003305f2fc48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d4:f3:d9:4d:24:59:6f:14:e0:54:87:ff:35:
                    a3:d0:8f:99:47:82:c8:11:f9:bc:e6:d0:93:c9:bc:
                    03:0e:b5:f8:8c:98:33:cf:18:2a:22:21:dd:9a:d0:
                    4c:27:51:93:6c:a0:f1:b7:5c:70:54:31:d3:b0:d4:
                    60:3d:07:b1:1c:c1:f8:0a:a7:d9:92:89:8a:40:ad:
                    ac:e3:36:0a:79:2b:4b:f9:06:32:14:bf:e4:37:a5:
                    cc:91:56:59:75:5a:b2:1e:b4:73:da:e0:69:e6:10:
                    b1:8f:c6:e1:99:fc:62:c3:21:a0:46:79:6c:b0:d2:
                    c3:cf:30:6e:f0:52:ff:2b:24:4e:45:a3:fc:80:d4:
                    68:46:20:85:a8:89:22:ec:ab:39:69:4d:65:df:bf:
                    c2:e0:5b:4d:a1:4e:43:0e:e9:bd:c0:48:6d:f1:d2:
                    11:c4:ac:d1:fe:86:15:93:0b:57:49:a7:20:96:8f:
                    a0:a7:c0:72:00:de:65:d4:53:fa:16:1d:0d:ca:1d:
                    63:b1:55:f7:eb:57:6e:f3:96:0b:b2:6d:34:59:ab:
                    d0:3f:2b:76:04:14:05:64:f9:fa:22:d3:ea:7b:2c:
                    49:0f:1e:cc:4b:d4:07:fa:41:53:f9:15:be:36:e4:
                    72:49:df:cc:eb:33:8c:0b:e9:15:70:96:73:7d:80:
                    da:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:59:29:C2:D7:E5:28:51:0D:0C:CC:6D:17:0E:00:33:05:F2:FC:48
            X509v3 Authority Key Identifier:
                keyid:7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/O1kpwtflKFENDMxtFw4AMwXy_Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.195.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a1:36:65:4e:fa:7c:dd:6b:bd:0d:37:dc:37:ae:91:7b:97:
         e9:5b:31:70:26:70:b0:7e:52:bf:05:75:53:09:dd:4f:9f:3b:
         27:18:67:96:3f:7f:1e:9f:f6:65:2c:bd:b2:c3:7c:9b:34:4e:
         58:33:8a:f5:9e:88:fe:4c:42:58:62:10:90:b4:15:fa:88:a1:
         0b:ae:b7:7f:2d:b1:1c:7c:30:bd:0f:6f:78:24:4e:16:4f:73:
         ea:74:b5:8f:b4:0a:3b:91:7e:13:5d:b7:6c:40:06:b4:e0:b5:
         15:bf:39:81:67:d3:53:c7:aa:33:74:cc:89:fe:d6:da:ff:8a:
         58:75:77:51:4a:76:b3:3a:8a:83:36:d1:5c:c5:dd:f1:f0:aa:
         aa:58:10:09:b6:34:fe:2d:51:d2:57:c0:35:82:9c:ff:64:2c:
         a0:fe:7b:19:b5:4f:9d:d7:04:1c:8c:cd:14:ef:b7:ab:bd:6d:
         75:49:9e:1c:3a:f4:be:4f:86:09:13:39:a5:cf:a0:f3:b1:f4:
         28:38:12:c1:a3:b2:f1:48:7e:70:f7:87:c1:27:89:64:75:4d:
         1d:d9:0c:9e:f2:91:fb:32:58:13:18:a2:a5:bb:39:57:19:ca:
         b1:4f:fe:6b:25:00:6d:e5:28:5a:95:59:98:cd:3d:b3:e7:bb:
         d7:73:44:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o1yQvYLmLPJfjOHfjN2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOTM4YTkzNWY4YmFmOWNkOTMzOTA2NDE2NTkwZDc4MmU3
Mjg3YzcwHhcNMjYwMTAxMjIxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjU5MjljMmQ3ZTUyODUxMGQwY2NjNmQxNzBlMDAzMzA1ZjJmYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9Tz2U0kWW8U4FSH/zWj0I+ZR4LI
Efm85tCTybwDDrX4jJgzzxgqIiHdmtBMJ1GTbKDxt1xwVDHTsNRgPQexHMH4CqfZ
komKQK2s4zYKeStL+QYyFL/kN6XMkVZZdVqyHrRz2uBp5hCxj8bhmfxiwyGgRnls
sNLDzzBu8FL/KyRORaP8gNRoRiCFqIki7Ks5aU1l37/C4FtNoU5DDum9wEht8dIR
xKzR/oYVkwtXSacglo+gp8ByAN5l1FP6Fh0Nyh1jsVX361du85YLsm00WavQPyt2
BBQFZPn6ItPqeyxJDx7MS9QH+kFT+RW+NuRySd/M6zOMC+kVcJZzfYDaKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtZKcLX5ShRDQzMbRcOADMF8vxIMB8GA1UdIwQY
MBaAFHqTipNfi6+c2TOQZBZZDXgucofHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzIt
MzE5OTlmM2FkZDM2LzEvTzFrcHd0ZmxLRkVORE14dEZ3NEFNd1h5X0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzItMzE5OTlmM2FkZDM2
LzEvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwMNiMA0G
CSqGSIb3DQEBCwUAA4IBAQA8oTZlTvp83Wu9DTfcN66Re5fpWzFwJnCwflK/BXVT
Cd1PnzsnGGeWP38en/ZlLL2yw3ybNE5YM4r1noj+TEJYYhCQtBX6iKELrrd/LbEc
fDC9D294JE4WT3PqdLWPtAo7kX4TXbdsQAa04LUVvzmBZ9NTx6ozdMyJ/tba/4pY
dXdRSnazOoqDNtFcxd3x8KqqWBAJtjT+LVHSV8A1gpz/ZCyg/nsZtU+d1wQcjM0U
77ervW11SZ4cOvS+T4YJEzmlz6DzsfQoOBLBo7LxSH5w94fBJ4lkdU0d2Qye8pH7
MlgTGKKluzlXGcqxT/5rJQBt5ShalVmYzT2z57vXc0TX
-----END CERTIFICATE-----