This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/OGAXzzyKvK93UOJ2eRElJ2xX8l0.roa
File:                     OGAXzzyKvK93UOJ2eRElJ2xX8l0.roa (raw, json)
Hash identifier:          81TYUiFkSE2RjmGLoS2LgzUIcK9S/4W9PHKeS9kyvh0=
Subject key identifier:   38:60:17:CF:3C:8A:BC:AF:77:50:E2:76:79:11:25:27:6C:57:F2:5D
Certificate issuer:       /CN=29db7ca4eee1e453d26fab99c8201adf894612be
Certificate serial:       019B7B36A7675FED5E3DAB38E10FBE304EF2
Authority key identifier: 29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/OGAXzzyKvK93UOJ2eRElJ2xX8l0.roa
Signing time:             Thu 01 Jan 2026 20:18:57 +0000
ROA not before:           Thu 01 Jan 2026 20:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207339
IP address blocks:        37.123.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a7:67:5f:ed:5e:3d:ab:38:e1:0f:be:30:4e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29db7ca4eee1e453d26fab99c8201adf894612be
        Validity
            Not Before: Jan  1 20:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=386017cf3c8abcaf7750e276791125276c57f25d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f8:d8:f6:44:74:d8:4f:0b:02:eb:77:d3:03:
                    95:23:de:ce:51:2b:1e:13:16:23:c9:d5:79:3d:73:
                    21:ec:07:aa:69:dd:26:37:63:2b:1e:0f:9b:e0:38:
                    a7:a5:c2:98:ba:ac:4c:aa:f9:ae:f0:f6:4f:f7:d5:
                    2d:3c:d2:f4:13:65:2a:94:4a:96:7f:e7:9b:9a:7e:
                    25:2a:bc:34:a0:11:3a:1c:41:e6:07:86:99:a3:01:
                    50:2a:5a:8a:8a:09:19:08:24:a2:b9:9e:62:fd:0d:
                    8c:7c:80:11:1f:b7:3a:eb:e7:3f:51:19:d6:83:87:
                    7c:45:c7:74:74:3a:04:50:a8:24:7a:e6:d2:72:1c:
                    4f:f4:a1:37:42:57:28:8f:2f:c6:40:47:19:99:1c:
                    d0:b1:7a:a1:8d:57:a8:42:09:1c:5f:1a:36:a5:c1:
                    f8:a6:fd:7f:01:a6:a9:92:6c:5c:f5:94:dd:da:24:
                    b0:7f:06:ff:b0:29:a1:51:7a:b8:5b:24:28:83:54:
                    d0:06:f0:48:a2:93:ab:fd:b5:d1:af:99:1d:af:d9:
                    08:4e:0a:be:26:a5:d3:14:45:18:87:75:97:ae:5b:
                    58:de:1e:eb:95:f8:cd:ec:aa:bf:1c:f1:1f:29:5c:
                    81:4f:6f:4d:1b:21:d7:f7:3e:10:43:cd:34:46:db:
                    92:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:60:17:CF:3C:8A:BC:AF:77:50:E2:76:79:11:25:27:6C:57:F2:5D
            X509v3 Authority Key Identifier:
                keyid:29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/OGAXzzyKvK93UOJ2eRElJ2xX8l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.123.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:8f:da:c2:4a:9a:69:51:ba:0a:87:78:4c:a7:00:c0:4a:7a:
         2f:25:b8:28:c8:96:85:09:e6:03:69:6e:af:57:55:b6:8e:79:
         7d:94:93:b2:d0:ec:1f:8a:c0:c9:07:5e:33:08:64:78:3b:af:
         24:9f:a7:70:83:33:6c:6e:e2:4d:24:8b:ba:57:29:4d:33:a0:
         58:41:c3:38:69:0e:6e:8c:48:2c:92:cf:4d:3d:79:90:da:d3:
         15:d9:19:88:57:6f:a4:a7:28:e3:7e:00:33:5e:96:aa:36:5b:
         4a:dc:9a:72:94:04:e3:72:49:da:5e:e3:2f:27:43:2e:5c:bd:
         09:6c:fe:b3:6f:22:17:20:01:a3:5d:c8:e7:38:f3:41:ce:b9:
         08:a0:66:dc:a6:88:62:b7:67:56:44:8c:e3:94:8d:81:8b:c3:
         8a:d5:97:f0:d6:6c:eb:52:06:14:81:27:3f:f4:14:63:0a:da:
         82:58:16:af:5c:1b:1d:01:f3:77:20:fa:20:9c:d6:00:ae:74:
         b6:0c:61:7e:31:a6:38:1b:42:1b:0f:22:1e:11:4f:62:44:3c:
         7e:8d:24:05:ab:2e:ba:7a:24:bb:ce:c2:b8:fe:18:b6:24:0e:
         1e:9d:a8:87:9d:8a:e6:86:49:8c:61:24:77:bd:08:16:ce:b0:
         87:12:d7:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NqdnX+1ePas44Q++ME7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZGI3Y2E0ZWVlMWU0NTNkMjZmYWI5OWM4MjAxYWRmODk0
NjEyYmUwHhcNMjYwMTAxMjAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODYwMTdjZjNjOGFiY2FmNzc1MGUyNzY3OTExMjUyNzZjNTdmMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufjY9kR02E8LAut30wOVI97OUSse
ExYjydV5PXMh7Aeqad0mN2MrHg+b4DinpcKYuqxMqvmu8PZP99UtPNL0E2UqlEqW
f+ebmn4lKrw0oBE6HEHmB4aZowFQKlqKigkZCCSiuZ5i/Q2MfIARH7c66+c/URnW
g4d8Rcd0dDoEUKgkeubSchxP9KE3Qlcojy/GQEcZmRzQsXqhjVeoQgkcXxo2pcH4
pv1/Aaapkmxc9ZTd2iSwfwb/sCmhUXq4WyQog1TQBvBIopOr/bXRr5kdr9kITgq+
JqXTFEUYh3WXrltY3h7rlfjN7Kq/HPEfKVyBT29NGyHX9z4QQ800RtuS9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhgF888iryvd1DidnkRJSdsV/JdMB8GA1UdIwQY
MBaAFCnbfKTu4eRT0m+rmcggGt+JRhK+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2Yt
ZDMzZmExNjA1YWUxLzEvT0dBWHp6eUt2SzkzVU9KMmVSRWxKMnhYOGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2YtZDMzZmExNjA1YWUx
LzEvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXv+MA0G
CSqGSIb3DQEBCwUAA4IBAQBJj9rCSpppUboKh3hMpwDASnovJbgoyJaFCeYDaW6v
V1W2jnl9lJOy0OwfisDJB14zCGR4O68kn6dwgzNsbuJNJIu6VylNM6BYQcM4aQ5u
jEgsks9NPXmQ2tMV2RmIV2+kpyjjfgAzXpaqNltK3JpylATjcknaXuMvJ0MuXL0J
bP6zbyIXIAGjXcjnOPNBzrkIoGbcpohit2dWRIzjlI2Bi8OK1Zfw1mzrUgYUgSc/
9BRjCtqCWBavXBsdAfN3IPognNYArnS2DGF+MaY4G0IbDyIeEU9iRDx+jSQFqy66
eiS7zsK4/hi2JA4enaiHnYrmhkmMYSR3vQgWzrCHEtfE
-----END CERTIFICATE-----