This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/oQGGdDTaNSA17PKm44IDHYFop2E.roa
File:                     oQGGdDTaNSA17PKm44IDHYFop2E.roa (raw, json)
Hash identifier:          zwBhRxHLQ9o3LHpah+oy4Xr0d2WLdIvePEERXND5wzs=
Subject key identifier:   A1:01:86:74:34:DA:35:20:35:EC:F2:A6:E3:82:03:1D:81:68:A7:61
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       019B7CEE534F07411AE46A3568A365999C36
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/oQGGdDTaNSA17PKm44IDHYFop2E.roa
Signing time:             Fri 02 Jan 2026 04:19:12 +0000
ROA not before:           Fri 02 Jan 2026 04:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44620
IP address blocks:        2a0f:6580:110::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:53:4f:07:41:1a:e4:6a:35:68:a3:65:99:9c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  2 04:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a101867434da352035ecf2a6e382031d8168a761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d0:d0:4b:df:5f:03:b2:ab:e7:5a:69:ae:bc:
                    43:9e:c8:a6:29:4e:56:a6:8e:4d:11:41:d7:38:bf:
                    d9:56:6d:36:2a:b4:d7:76:33:6b:11:0f:27:34:d1:
                    af:c7:f7:ca:f6:4d:2f:c0:bf:55:8d:e6:7b:ad:3d:
                    67:f2:d0:f1:f7:46:50:9b:1c:fd:87:2d:07:4c:00:
                    23:79:c8:56:33:99:45:a5:8c:23:01:88:e4:73:27:
                    a4:c7:87:12:6d:6f:29:91:97:0b:9c:ea:da:25:11:
                    41:7f:0c:b8:8a:4c:8d:54:38:15:4a:23:54:3b:8f:
                    83:9a:39:a4:e9:15:0d:0e:d5:21:7f:a3:24:72:76:
                    a3:17:09:15:6f:e2:e3:49:3d:1f:6e:3c:56:75:61:
                    e7:dd:d3:e6:51:7f:a4:43:19:08:4b:67:1f:ff:fd:
                    5a:a2:93:ea:14:56:e8:54:e3:92:ac:fd:58:01:73:
                    fb:0a:de:3a:3b:88:6b:eb:b7:36:4e:3e:cc:b4:c8:
                    93:71:3e:73:72:b4:cb:db:b2:05:f7:0d:35:c0:d3:
                    88:a3:b4:3e:56:f9:73:a3:da:e2:63:61:a8:27:fe:
                    67:a2:4c:32:09:16:c8:cd:4f:27:3f:7e:f2:35:c7:
                    5f:76:c1:4e:64:b6:d3:9a:b5:75:8d:42:c0:cb:51:
                    6b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:01:86:74:34:DA:35:20:35:EC:F2:A6:E3:82:03:1D:81:68:A7:61
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/oQGGdDTaNSA17PKm44IDHYFop2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:110::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:5f:38:4a:b1:84:9c:18:09:f7:ca:45:9f:c8:77:0a:81:c4:
         68:d6:96:57:8b:74:39:e4:8e:d3:5f:dd:dc:1f:c8:e6:62:2e:
         e5:90:ef:b9:45:94:4a:67:e2:c4:b7:a5:bd:fe:da:db:eb:04:
         57:f4:b3:de:86:c0:72:3e:be:21:af:3a:88:3c:08:17:5d:b6:
         0a:bb:d9:11:45:16:a9:b8:ac:cf:f1:c4:4d:28:10:ce:a0:b6:
         d3:39:11:d0:bc:08:dd:58:e2:77:d1:15:32:d3:37:43:8e:64:
         02:f0:be:73:88:fd:d1:9d:8a:4c:fb:4a:25:8c:9c:ac:25:bb:
         24:2e:f3:8e:54:16:ff:6c:9b:45:7a:09:92:86:98:1a:69:1a:
         8a:4a:f2:22:e6:3b:ba:c8:6b:b6:cc:df:2a:fa:9c:20:81:41:
         cd:54:21:70:10:41:30:db:62:30:be:57:ba:90:36:e6:0d:25:
         9e:10:b1:1f:96:7c:4c:0c:6d:68:0c:0e:c9:2e:48:13:4e:99:
         f6:ac:a7:ce:4d:9e:f2:e0:2d:05:92:eb:e2:58:b7:7d:44:e5:
         59:e9:0c:66:a9:6d:40:47:8d:bb:20:94:7f:f0:e2:b6:eb:1a:
         09:83:73:d8:65:d9:a4:18:09:52:0b:03:5a:88:0b:ca:e3:62:
         6c:b5:bd:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87lNPB0Ea5Go1aKNlmZw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjYwMTAyMDQxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTAxODY3NDM0ZGEzNTIwMzVlY2YyYTZlMzgyMDMxZDgxNjhhNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9DQS99fA7Kr51pprrxDnsimKU5W
po5NEUHXOL/ZVm02KrTXdjNrEQ8nNNGvx/fK9k0vwL9VjeZ7rT1n8tDx90ZQmxz9
hy0HTAAjechWM5lFpYwjAYjkcyekx4cSbW8pkZcLnOraJRFBfwy4ikyNVDgVSiNU
O4+Dmjmk6RUNDtUhf6MkcnajFwkVb+LjST0fbjxWdWHn3dPmUX+kQxkIS2cf//1a
opPqFFboVOOSrP1YAXP7Ct46O4hr67c2Tj7MtMiTcT5zcrTL27IF9w01wNOIo7Q+
Vvlzo9riY2GoJ/5nokwyCRbIzU8nP37yNcdfdsFOZLbTmrV1jULAy1FriQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKEBhnQ02jUgNezypuOCAx2BaKdhMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvb1FHR2REVGFOU0ExN1BLbTQ0SURIWUZvcDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAaXzhKsYScGAn3ykWfyHcKgcRo1pZXi3Q55I7T
X93cH8jmYi7lkO+5RZRKZ+LEt6W9/trb6wRX9LPehsByPr4hrzqIPAgXXbYKu9kR
RRapuKzP8cRNKBDOoLbTORHQvAjdWOJ30RUy0zdDjmQC8L5ziP3RnYpM+0oljJys
JbskLvOOVBb/bJtFegmShpgaaRqKSvIi5ju6yGu2zN8q+pwggUHNVCFwEEEw22Iw
vle6kDbmDSWeELEflnxMDG1oDA7JLkgTTpn2rKfOTZ7y4C0FkuviWLd9ROVZ6Qxm
qW1AR427IJR/8OK26xoJg3PYZdmkGAlSCwNaiAvK42Jstb2v
-----END CERTIFICATE-----