This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/oHmE_s2IgxzPCRH2-ThzQIvXCO0.roa
File:                     oHmE_s2IgxzPCRH2-ThzQIvXCO0.roa (raw, json)
Hash identifier:          sNd3D2Nl25u7Dz2DARN3+vH2eQ72TG1JHi7rWfuknfQ=
Subject key identifier:   A0:79:84:FE:CD:88:83:1C:CF:09:11:F6:F9:38:73:40:8B:D7:08:ED
Certificate issuer:       /CN=d3e8d4cb8e442ec38a6bc3fa400a2a517cee0d1e
Certificate serial:       019B77590E1A0C3C8C67BD6C85DC21EDDFB5
Authority key identifier: D3:E8:D4:CB:8E:44:2E:C3:8A:6B:C3:FA:40:0A:2A:51:7C:EE:0D:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-jUy45ELsOKa8P6QAoqUXzuDR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/oHmE_s2IgxzPCRH2-ThzQIvXCO0.roa
Signing time:             Thu 01 Jan 2026 02:18:03 +0000
ROA not before:           Thu 01 Jan 2026 02:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60563
IP address blocks:        185.29.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/0-jUy45ELsOKa8P6QAoqUXzuDR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/0-jUy45ELsOKa8P6QAoqUXzuDR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-jUy45ELsOKa8P6QAoqUXzuDR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:0e:1a:0c:3c:8c:67:bd:6c:85:dc:21:ed:df:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e8d4cb8e442ec38a6bc3fa400a2a517cee0d1e
        Validity
            Not Before: Jan  1 02:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a07984fecd88831ccf0911f6f93873408bd708ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:84:58:13:fb:19:c1:bf:7b:80:a2:c2:44:fd:
                    9d:8a:47:2d:93:8a:5d:e1:77:60:0f:a6:bc:c6:24:
                    16:25:d5:d6:0f:69:73:ec:c0:f6:8e:05:b9:45:92:
                    c3:3e:4a:0f:4d:76:23:30:8e:7c:a3:ab:fa:ac:bc:
                    55:ac:cd:c2:4c:d3:91:b0:33:71:bb:21:54:a1:e2:
                    3e:58:82:ab:f9:48:48:df:0e:b9:f8:f7:e6:49:0e:
                    39:54:02:55:62:5e:0b:83:b4:c0:59:23:8e:37:0e:
                    04:a2:ac:6b:1f:67:b2:9b:be:3f:53:a5:7c:a8:67:
                    2b:70:f6:d0:14:df:65:7e:17:53:22:25:b3:8e:7e:
                    89:0f:f6:f7:23:28:27:bf:ea:db:7a:38:3b:a6:ac:
                    00:6f:db:32:51:0a:e5:9a:13:47:67:8b:34:50:d1:
                    1f:c3:fe:23:4b:a3:77:0b:4f:a2:0c:e5:eb:bb:67:
                    0f:a9:5c:fe:4d:f3:5b:77:71:0d:79:d0:22:c2:d0:
                    f0:91:f0:76:82:3f:5c:d6:29:29:34:f0:b5:7a:d5:
                    16:67:ec:21:7f:48:a8:82:1e:8b:f6:62:b9:f9:14:
                    6c:70:dc:2f:d0:eb:17:e3:18:9a:be:51:70:a0:09:
                    39:8b:4b:67:07:e5:23:17:0e:87:a2:3c:5d:c3:b6:
                    ef:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:79:84:FE:CD:88:83:1C:CF:09:11:F6:F9:38:73:40:8B:D7:08:ED
            X509v3 Authority Key Identifier:
                keyid:D3:E8:D4:CB:8E:44:2E:C3:8A:6B:C3:FA:40:0A:2A:51:7C:EE:0D:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-jUy45ELsOKa8P6QAoqUXzuDR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/oHmE_s2IgxzPCRH2-ThzQIvXCO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/0-jUy45ELsOKa8P6QAoqUXzuDR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:a1:b7:10:d3:99:68:57:28:44:64:99:76:e7:b4:77:8b:28:
         a4:df:c0:74:0c:b5:9b:f4:da:ef:c1:b5:86:e3:a7:d2:41:45:
         43:fd:6d:a1:9e:bc:af:ac:3a:79:3b:50:4e:04:b5:69:df:78:
         ad:12:7f:c9:70:18:86:c4:44:08:45:e6:7b:f6:dc:79:7d:a7:
         16:9e:78:d5:a0:8f:3a:4f:fe:44:6d:e9:ea:a5:4e:c8:d6:f2:
         c7:43:97:36:5c:a0:00:79:ee:65:25:21:3d:49:33:4b:5d:e2:
         33:de:60:84:0b:e6:62:78:a6:ba:56:78:83:69:31:ec:44:39:
         0c:0a:25:0a:ea:b2:2f:b3:19:d3:cc:4e:8c:35:83:f8:70:ad:
         dd:9d:f3:9d:59:5a:25:d4:31:d5:9a:c2:7b:f7:62:39:68:f9:
         cb:9f:a9:c6:b0:fc:2d:85:ce:8e:7b:b3:30:8b:cd:3b:ac:25:
         68:bf:06:60:6f:96:e6:31:d2:3b:48:b2:f9:ec:7d:24:e9:60:
         c6:85:07:2c:92:a8:97:36:0e:5c:e9:76:d1:70:48:b2:01:ca:
         a1:e0:fa:a1:ed:53:54:ac:38:f4:3d:aa:f3:01:36:9d:66:27:
         9d:e8:86:94:bb:3e:70:9d:2d:46:72:94:7d:c0:4f:8b:31:d5:
         d8:2b:00:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQ4aDDyMZ71shdwh7d+1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZThkNGNiOGU0NDJlYzM4YTZiYzNmYTQwMGEyYTUxN2Nl
ZTBkMWUwHhcNMjYwMTAxMDIxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDc5ODRmZWNkODg4MzFjY2YwOTExZjZmOTM4NzM0MDhiZDcwOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoRYE/sZwb97gKLCRP2dikctk4pd
4XdgD6a8xiQWJdXWD2lz7MD2jgW5RZLDPkoPTXYjMI58o6v6rLxVrM3CTNORsDNx
uyFUoeI+WIKr+UhI3w65+PfmSQ45VAJVYl4Lg7TAWSOONw4EoqxrH2eym74/U6V8
qGcrcPbQFN9lfhdTIiWzjn6JD/b3Iygnv+rbejg7pqwAb9syUQrlmhNHZ4s0UNEf
w/4jS6N3C0+iDOXru2cPqVz+TfNbd3ENedAiwtDwkfB2gj9c1ikpNPC1etUWZ+wh
f0iogh6L9mK5+RRscNwv0OsX4xiavlFwoAk5i0tnB+UjFw6Hojxdw7bvHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKB5hP7NiIMczwkR9vk4c0CL1wjtMB8GA1UdIwQY
MBaAFNPo1MuORC7DimvD+kAKKlF87g0eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1qVXk0NUVMc09LYThQNlFBb3FVWHp1RFI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi82Yjg1MGEtNGYxMi00MjA2LWE1MGYt
NWQ1ODcxMWYzNjYyLzEvb0htRV9zMklneHpQQ1JIMi1UaHpRSXZYQ08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi82Yjg1MGEtNGYxMi00MjA2LWE1MGYtNWQ1ODcxMWYzNjYy
LzEvMC1qVXk0NUVMc09LYThQNlFBb3FVWHp1RFI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR1UMA0G
CSqGSIb3DQEBCwUAA4IBAQA/obcQ05loVyhEZJl257R3iyik38B0DLWb9NrvwbWG
46fSQUVD/W2hnryvrDp5O1BOBLVp33itEn/JcBiGxEQIReZ79tx5facWnnjVoI86
T/5EbenqpU7I1vLHQ5c2XKAAee5lJSE9STNLXeIz3mCEC+ZieKa6VniDaTHsRDkM
CiUK6rIvsxnTzE6MNYP4cK3dnfOdWVol1DHVmsJ792I5aPnLn6nGsPwthc6Oe7Mw
i807rCVovwZgb5bmMdI7SLL57H0k6WDGhQcskqiXNg5c6XbRcEiyAcqh4Pqh7VNU
rDj0ParzATadZied6IaUuz5wnS1GcpR9wE+LMdXYKwDs
-----END CERTIFICATE-----