This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ONBcE7mrcPMkrIcUSC-OWNh2elg.roa
File:                     ONBcE7mrcPMkrIcUSC-OWNh2elg.roa (raw, json)
Hash identifier:          8timo4vjzWz/myrrES5CqNPku3tpzLyCdmWSRDs5qEY=
Subject key identifier:   38:D0:5C:13:B9:AB:70:F3:24:AC:87:14:48:2F:8E:58:D8:76:7A:58
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019AF30E35DFC5B9D9746BBD59738F2E02F6
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ONBcE7mrcPMkrIcUSC-OWNh2elg.roa
Signing time:             Sat 06 Dec 2025 09:46:26 +0000
ROA not before:           Sat 06 Dec 2025 09:46:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206540
IP address blocks:        2a14:67c2:900::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:f3:0e:35:df:c5:b9:d9:74:6b:bd:59:73:8f:2e:02:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Dec  6 09:46:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38d05c13b9ab70f324ac8714482f8e58d8767a58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d7:6b:3b:75:58:77:3b:12:97:e1:0d:06:b2:
                    12:6d:cf:0f:be:24:f6:21:b8:97:a7:73:c4:59:2c:
                    32:f5:66:bf:4b:a7:ed:ab:b6:84:0b:99:56:bb:43:
                    c0:ec:07:ed:7c:df:07:ce:e9:7d:59:1a:37:dd:09:
                    11:b7:c3:e8:1a:20:c5:21:3a:eb:15:1d:7d:bd:a1:
                    6b:d3:c3:92:60:ec:7b:c1:6f:6a:f3:0f:37:c2:73:
                    80:39:43:62:13:89:7b:61:4b:28:ac:2d:5d:23:36:
                    56:41:fe:b3:16:0c:44:81:cf:ca:53:77:f1:3a:a4:
                    52:19:a6:78:28:c1:90:98:b3:f4:ec:ed:24:05:14:
                    bc:c3:29:68:32:1d:b7:de:69:89:9a:e7:b2:3d:15:
                    de:ad:1e:a0:37:42:a0:9f:c0:64:aa:a9:e2:3f:54:
                    19:ae:bd:ef:ea:46:01:cd:5a:e0:bd:36:ee:85:ea:
                    d4:b2:e3:82:5a:8c:9b:3a:8d:9c:2b:ce:90:27:6d:
                    e9:fe:84:b3:65:62:0f:93:03:5a:f6:04:d8:e4:de:
                    4e:f1:0c:7a:b1:1f:b5:b8:53:6b:07:aa:f3:be:41:
                    96:3b:2e:53:8b:5d:d0:29:68:d7:df:2f:e2:e7:82:
                    fb:00:c7:c5:fb:13:04:10:5f:14:4f:54:d0:89:b6:
                    46:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D0:5C:13:B9:AB:70:F3:24:AC:87:14:48:2F:8E:58:D8:76:7A:58
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ONBcE7mrcPMkrIcUSC-OWNh2elg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c2:900::/44

    Signature Algorithm: sha256WithRSAEncryption
         bf:d5:03:8f:ab:70:b4:4e:73:1e:4f:ce:fa:22:52:c4:f6:bb:
         49:e4:f0:18:2b:33:36:3a:fb:98:5c:cc:6c:d7:98:00:07:a6:
         8f:ac:54:b4:da:58:92:08:14:c9:55:04:3b:9c:c6:5e:db:36:
         72:04:1e:e7:90:73:dc:d3:07:8f:94:12:76:45:b8:2e:70:3e:
         ce:59:03:9b:27:cd:af:ba:fe:54:d5:5a:1c:ad:80:db:a5:a0:
         8c:36:49:c9:16:44:83:1d:a3:69:d0:cf:de:e3:34:ed:ed:55:
         b3:65:bf:63:b8:36:fb:8d:30:a8:57:c0:b3:02:de:26:50:93:
         d8:05:e7:8c:11:87:81:62:37:67:66:d6:76:59:58:e8:3d:8f:
         11:74:26:77:2d:cd:9b:be:2e:33:a4:88:e6:4b:27:9d:cb:5e:
         4c:0f:b7:92:c3:19:0a:f3:46:60:3f:09:55:78:ca:42:92:a5:
         a8:81:d1:fc:c3:03:8b:8f:9c:66:e9:d1:d7:87:12:9c:c3:3d:
         d0:93:97:a0:6f:55:21:ca:77:07:fc:e2:0b:75:37:37:ca:07:
         9b:51:87:12:e8:ca:11:8b:71:30:f7:7a:24:31:b9:9c:b1:9e:
         0d:ed:60:eb:c5:18:d6:0f:4a:03:f7:c5:f2:d8:51:1a:4e:52:
         4f:c1:d6:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZrzDjXfxbnZdGu9WXOPLgL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMjA2MDk0NjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQwNWMxM2I5YWI3MGYzMjRhYzg3MTQ0ODJmOGU1OGQ4NzY3YTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtdrO3VYdzsSl+ENBrISbc8PviT2
IbiXp3PEWSwy9Wa/S6ftq7aEC5lWu0PA7AftfN8Hzul9WRo33QkRt8PoGiDFITrr
FR19vaFr08OSYOx7wW9q8w83wnOAOUNiE4l7YUsorC1dIzZWQf6zFgxEgc/KU3fx
OqRSGaZ4KMGQmLP07O0kBRS8wyloMh233mmJmueyPRXerR6gN0Kgn8BkqqniP1QZ
rr3v6kYBzVrgvTbuherUsuOCWoybOo2cK86QJ23p/oSzZWIPkwNa9gTY5N5O8Qx6
sR+1uFNrB6rzvkGWOy5Ti13QKWjX3y/i54L7AMfF+xMEEF8UT1TQibZGOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDjQXBO5q3DzJKyHFEgvjljYdnpYMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvT05CY0U3bXJjUE1rckljVVNDLU9XTmgyZWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwgkA
MA0GCSqGSIb3DQEBCwUAA4IBAQC/1QOPq3C0TnMeT876IlLE9rtJ5PAYKzM2OvuY
XMxs15gAB6aPrFS02liSCBTJVQQ7nMZe2zZyBB7nkHPc0wePlBJ2RbgucD7OWQOb
J82vuv5U1VocrYDbpaCMNknJFkSDHaNp0M/e4zTt7VWzZb9juDb7jTCoV8CzAt4m
UJPYBeeMEYeBYjdnZtZ2WVjoPY8RdCZ3Lc2bvi4zpIjmSyedy15MD7eSwxkK80Zg
PwlVeMpCkqWogdH8wwOLj5xm6dHXhxKcwz3Qk5egb1UhyncH/OILdTc3ygebUYcS
6MoRi3Ew93okMbmcsZ4N7WDrxRjWD0oD98Xy2FEaTlJPwdYp
-----END CERTIFICATE-----