This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/onUcHcMkvFv3eRd2HH3aPRf6vhg.roa
File:                     onUcHcMkvFv3eRd2HH3aPRf6vhg.roa (raw, json)
Hash identifier:          FMvdGW8G/i8Ujn/8ecIl88xpPzK27z5df59EqMBKxi8=
Subject key identifier:   A2:75:1C:1D:C3:24:BC:5B:F7:79:17:76:1C:7D:DA:3D:17:FA:BE:18
Certificate issuer:       /CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
Certificate serial:       019B7F8404A3A67ACD033D29420769DF7525
Authority key identifier: 5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/onUcHcMkvFv3eRd2HH3aPRf6vhg.roa
Signing time:             Fri 02 Jan 2026 16:21:56 +0000
ROA not before:           Fri 02 Jan 2026 16:21:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        37.224.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:04:a3:a6:7a:cd:03:3d:29:42:07:69:df:75:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
        Validity
            Not Before: Jan  2 16:21:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2751c1dc324bc5bf77917761c7dda3d17fabe18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:63:8a:1a:db:2d:f8:c5:c0:ee:c5:03:e7:34:
                    a4:da:2f:2e:b7:07:f1:8a:a8:26:c0:5b:34:e7:ae:
                    d1:c1:67:95:46:54:65:8d:69:63:3c:d6:db:9d:5a:
                    2b:d0:e7:56:ae:b5:6f:f3:e5:06:a2:72:37:ae:f6:
                    d0:50:a5:8c:ae:eb:c8:f2:e7:7b:a6:ff:77:08:b0:
                    6a:d1:e5:58:51:3e:92:44:a2:ca:bb:ad:bb:73:c7:
                    f1:ca:1c:e6:95:7a:5b:86:50:fd:19:e2:0a:3c:9c:
                    52:88:c3:ca:af:e5:ad:8c:eb:a7:59:36:75:a4:23:
                    d3:a8:25:8d:a5:8d:a6:ec:bf:c8:c8:76:8c:48:38:
                    e6:b5:27:ac:df:e9:56:99:81:3d:23:8d:10:24:b9:
                    c6:56:e0:54:c0:7c:5f:6a:f9:3f:3e:8d:4b:77:12:
                    b4:18:82:59:0d:d4:5f:94:57:74:60:58:83:85:05:
                    98:06:c6:31:e8:2f:09:eb:18:a3:19:87:a3:ff:df:
                    6e:d1:83:d4:f0:3d:72:93:ab:a5:29:de:54:a0:b6:
                    d2:1e:76:50:a7:1d:94:51:e0:60:a9:64:4d:2b:55:
                    8d:11:a3:fa:4f:ca:60:c3:2e:e5:64:02:9f:ef:5e:
                    06:53:23:f5:62:64:c0:03:4b:40:45:7f:c0:44:8e:
                    ee:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:75:1C:1D:C3:24:BC:5B:F7:79:17:76:1C:7D:DA:3D:17:FA:BE:18
            X509v3 Authority Key Identifier:
                keyid:5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/onUcHcMkvFv3eRd2HH3aPRf6vhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.224.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:cc:f3:c8:54:31:09:f1:e2:95:5e:22:09:01:96:40:b3:e5:
         83:da:fa:4a:09:ec:22:e7:66:1c:41:9d:a3:2c:07:6b:38:a8:
         10:c3:21:02:64:bf:4a:5f:8b:aa:c8:1b:cd:9b:cb:28:1d:38:
         04:b0:33:f6:4f:cb:c9:60:3e:f0:0c:ed:4b:a2:81:e1:75:ed:
         2a:09:85:43:b8:31:11:1b:fb:de:d6:66:55:72:64:56:68:91:
         90:66:2a:60:00:cf:62:00:a6:fa:c1:f9:60:d4:f8:9b:75:38:
         e4:76:89:86:55:97:cf:38:5f:a0:e6:d1:e4:41:ae:db:a6:6a:
         9a:e4:ca:ba:e3:1c:39:3e:30:f7:01:f1:e5:14:af:b0:76:f8:
         52:9d:f7:65:ef:96:0b:47:b7:21:48:8c:4b:3b:84:b0:28:e5:
         00:63:0b:3c:25:5f:bf:c8:fe:58:62:57:87:d2:1c:5a:5f:a5:
         e6:c0:d4:62:60:95:a9:47:b2:b9:24:6d:b5:2c:06:f2:d6:42:
         3c:71:b4:5f:5e:40:6e:77:6b:05:c4:90:d9:0c:03:3c:5c:b0:
         b4:ee:5a:6b:8b:6d:87:4c:18:38:68:a6:37:24:ea:cc:29:6b:
         48:d5:50:72:cf:ec:96:b2:a9:b9:1d:25:c6:d1:57:25:69:fa:
         73:8c:18:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hASjpnrNAz0pQgdp33UlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMWJmNmEzMTlkYTI0ODk4MTZhZWRiYTFiNGZkMGNjN2Rk
ZjNlMWUwHhcNMjYwMTAyMTYyMTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjc1MWMxZGMzMjRiYzViZjc3OTE3NzYxYzdkZGEzZDE3ZmFiZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWOKGtst+MXA7sUD5zSk2i8utwfx
iqgmwFs0567RwWeVRlRljWljPNbbnVor0OdWrrVv8+UGonI3rvbQUKWMruvI8ud7
pv93CLBq0eVYUT6SRKLKu627c8fxyhzmlXpbhlD9GeIKPJxSiMPKr+WtjOunWTZ1
pCPTqCWNpY2m7L/IyHaMSDjmtSes3+lWmYE9I40QJLnGVuBUwHxfavk/Po1LdxK0
GIJZDdRflFd0YFiDhQWYBsYx6C8J6xijGYej/99u0YPU8D1yk6ulKd5UoLbSHnZQ
px2UUeBgqWRNK1WNEaP6T8pgwy7lZAKf714GUyP1YmTAA0tARX/ARI7u1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJ1HB3DJLxb93kXdhx92j0X+r4YMB8GA1UdIwQY
MBaAFF4b9qMZ2iSJgWrtuhtP0Mx93z4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYt
YjU5MDk1N2Q5NDE1LzEvb25VY0hjTWt2RnYzZVJkMkhIM2FQUmY2dmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYtYjU5MDk1N2Q5NDE1
LzEvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeBNMA0G
CSqGSIb3DQEBCwUAA4IBAQCmzPPIVDEJ8eKVXiIJAZZAs+WD2vpKCewi52YcQZ2j
LAdrOKgQwyECZL9KX4uqyBvNm8soHTgEsDP2T8vJYD7wDO1LooHhde0qCYVDuDER
G/ve1mZVcmRWaJGQZipgAM9iAKb6wflg1PibdTjkdomGVZfPOF+g5tHkQa7bpmqa
5Mq64xw5PjD3AfHlFK+wdvhSnfdl75YLR7chSIxLO4SwKOUAYws8JV+/yP5YYleH
0hxaX6XmwNRiYJWpR7K5JG21LAby1kI8cbRfXkBud2sFxJDZDAM8XLC07lpri22H
TBg4aKY3JOrMKWtI1VByz+yWsqm5HSXG0VclafpzjBg6
-----END CERTIFICATE-----