This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/d7c16a-9330-47f0-912c-87e36184c0b5/1/OM4KLQmzyd_Wm52APVHhgRe4ToE.roa
File:                     OM4KLQmzyd_Wm52APVHhgRe4ToE.roa (raw, json)
Hash identifier:          yWOF8Zx5ObpIqx5RDQmGc/nckpLK3IVHrsfnnr9/bl4=
Subject key identifier:   38:CE:0A:2D:09:B3:C9:DF:D6:9B:9D:80:3D:51:E1:81:17:B8:4E:81
Certificate issuer:       /CN=8c240c1b90f7f020053fa095330ffcfadef5399e
Certificate serial:       019B78355ABC472BE24833773B9BC58AD2F1
Authority key identifier: 8C:24:0C:1B:90:F7:F0:20:05:3F:A0:95:33:0F:FC:FA:DE:F5:39:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jCQMG5D38CAFP6CVMw_8-t71OZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/d7c16a-9330-47f0-912c-87e36184c0b5/1/OM4KLQmzyd_Wm52APVHhgRe4ToE.roa
Signing time:             Thu 01 Jan 2026 06:18:41 +0000
ROA not before:           Thu 01 Jan 2026 06:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39187
IP address blocks:        91.208.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/d7c16a-9330-47f0-912c-87e36184c0b5/1/jCQMG5D38CAFP6CVMw_8-t71OZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/d7c16a-9330-47f0-912c-87e36184c0b5/1/jCQMG5D38CAFP6CVMw_8-t71OZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jCQMG5D38CAFP6CVMw_8-t71OZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:5a:bc:47:2b:e2:48:33:77:3b:9b:c5:8a:d2:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c240c1b90f7f020053fa095330ffcfadef5399e
        Validity
            Not Before: Jan  1 06:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38ce0a2d09b3c9dfd69b9d803d51e18117b84e81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3e:e4:3f:69:22:6e:f1:32:ac:ee:b1:01:c0:
                    44:19:32:26:0e:12:23:ef:81:75:5e:20:14:75:53:
                    6b:c8:37:77:2d:1d:88:a8:67:fa:fc:0d:f4:a2:ea:
                    a6:90:a8:a3:f2:62:66:fd:47:84:bf:ee:4c:4c:01:
                    1c:ca:72:b7:ad:09:4b:ac:52:bf:2b:95:7b:8e:5c:
                    8c:43:a7:81:a2:86:8d:93:e8:b7:cb:a2:64:24:eb:
                    19:75:51:22:c3:e2:f6:03:a2:22:ea:71:8e:6a:5c:
                    9a:48:ab:6c:80:46:17:dc:7e:53:d4:5f:f2:71:3b:
                    72:3c:88:e1:f6:e8:ea:a1:cf:9f:39:bd:f3:99:34:
                    86:36:01:d6:77:c1:7a:76:ac:a7:32:8f:4f:ca:63:
                    6d:74:2a:80:fc:b8:93:2a:95:2d:a5:90:4c:79:d3:
                    d1:22:92:a7:ea:3b:60:c0:f1:c0:08:cf:8c:4b:bc:
                    88:8e:0a:f5:c1:f0:8d:57:7d:66:1d:de:53:d9:f7:
                    b0:3e:78:77:a5:a2:59:8a:02:29:ec:8f:04:b0:a6:
                    30:6a:9c:75:78:22:f7:16:a2:b1:f9:d8:6e:63:69:
                    5d:7b:ee:1a:02:41:f8:a9:05:92:98:73:24:18:34:
                    c8:57:25:1c:16:c5:40:d7:5d:6c:a1:46:71:4c:c8:
                    08:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:CE:0A:2D:09:B3:C9:DF:D6:9B:9D:80:3D:51:E1:81:17:B8:4E:81
            X509v3 Authority Key Identifier:
                keyid:8C:24:0C:1B:90:F7:F0:20:05:3F:A0:95:33:0F:FC:FA:DE:F5:39:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jCQMG5D38CAFP6CVMw_8-t71OZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d7c16a-9330-47f0-912c-87e36184c0b5/1/OM4KLQmzyd_Wm52APVHhgRe4ToE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d7c16a-9330-47f0-912c-87e36184c0b5/1/jCQMG5D38CAFP6CVMw_8-t71OZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:27:54:eb:a8:2f:3e:49:07:13:27:4a:de:25:f4:0f:7c:6e:
         41:df:0a:0f:27:27:58:16:d3:9d:65:81:d2:61:9d:5f:d1:a0:
         86:dd:ef:0c:d8:01:92:ab:64:4e:40:86:a4:df:55:19:5f:cf:
         0a:64:4a:92:4f:0a:c0:d1:70:23:8f:92:47:10:66:ec:0e:32:
         74:a6:1c:e9:59:7e:51:60:55:db:a4:69:25:4e:ef:ab:91:6a:
         43:02:f8:2a:45:92:a8:20:b0:64:ba:88:73:d8:32:87:2b:ce:
         5c:be:89:79:e0:5f:6a:cf:f4:da:1e:ad:87:a2:63:a5:59:02:
         c2:eb:ee:9d:ed:52:50:7b:5a:30:40:46:08:67:30:67:3e:e3:
         61:af:1a:72:21:51:9f:a3:75:b1:9d:b6:e0:8d:d2:9e:56:d1:
         8c:4a:ac:2a:cf:f3:d0:ea:8e:28:f7:dc:c0:7e:2c:3e:34:f0:
         9f:ff:66:91:7c:1d:b9:10:7b:91:08:70:2b:b9:42:9c:da:30:
         19:58:8a:4d:45:ed:50:78:71:96:c2:ef:0e:8b:26:e6:79:6f:
         57:4a:18:35:9c:80:c9:6c:61:98:ae:ad:86:37:6d:49:28:98:
         38:47:c4:34:23:0a:51:bd:69:18:ff:bb:83:1f:74:70:0e:96:
         27:79:e3:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NVq8RyviSDN3O5vFitLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMjQwYzFiOTBmN2YwMjAwNTNmYTA5NTMzMGZmY2ZhZGVm
NTM5OWUwHhcNMjYwMTAxMDYxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNlMGEyZDA5YjNjOWRmZDY5YjlkODAzZDUxZTE4MTE3Yjg0ZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArj7kP2kibvEyrO6xAcBEGTImDhIj
74F1XiAUdVNryDd3LR2IqGf6/A30ouqmkKij8mJm/UeEv+5MTAEcynK3rQlLrFK/
K5V7jlyMQ6eBooaNk+i3y6JkJOsZdVEiw+L2A6Ii6nGOalyaSKtsgEYX3H5T1F/y
cTtyPIjh9ujqoc+fOb3zmTSGNgHWd8F6dqynMo9PymNtdCqA/LiTKpUtpZBMedPR
IpKn6jtgwPHACM+MS7yIjgr1wfCNV31mHd5T2fewPnh3paJZigIp7I8EsKYwapx1
eCL3FqKx+dhuY2lde+4aAkH4qQWSmHMkGDTIVyUcFsVA111soUZxTMgIwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjOCi0Js8nf1pudgD1R4YEXuE6BMB8GA1UdIwQY
MBaAFIwkDBuQ9/AgBT+glTMP/Pre9TmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakNRTUc1RDM4Q0FGUDZDVk13XzgtdDcxT1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9kN2MxNmEtOTMzMC00N2YwLTkxMmMt
ODdlMzYxODRjMGI1LzEvT000S0xRbXp5ZF9XbTUyQVBWSGhnUmU0VG9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9kN2MxNmEtOTMzMC00N2YwLTkxMmMtODdlMzYxODRjMGI1
LzEvakNRTUc1RDM4Q0FGUDZDVk13XzgtdDcxT1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AbMA0G
CSqGSIb3DQEBCwUAA4IBAQBiJ1TrqC8+SQcTJ0reJfQPfG5B3woPJydYFtOdZYHS
YZ1f0aCG3e8M2AGSq2ROQIak31UZX88KZEqSTwrA0XAjj5JHEGbsDjJ0phzpWX5R
YFXbpGklTu+rkWpDAvgqRZKoILBkuohz2DKHK85cvol54F9qz/TaHq2HomOlWQLC
6+6d7VJQe1owQEYIZzBnPuNhrxpyIVGfo3WxnbbgjdKeVtGMSqwqz/PQ6o4o99zA
fiw+NPCf/2aRfB25EHuRCHAruUKc2jAZWIpNRe1QeHGWwu8OiybmeW9XShg1nIDJ
bGGYrq2GN21JKJg4R8Q0IwpRvWkY/7uDH3RwDpYneePa
-----END CERTIFICATE-----