This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/OLvsEOQQIpUl25Z4TEko9zb_n1I.roa
File:                     OLvsEOQQIpUl25Z4TEko9zb_n1I.roa (raw, json)
Hash identifier:          9j+j+7ArFD39gc7KW/0hA5lUAQk8VzJXss8aItVgswk=
Subject key identifier:   38:BB:EC:10:E4:10:22:95:25:DB:96:78:4C:49:28:F7:36:FF:9F:52
Certificate issuer:       /CN=cedd0d715e97fb91f78d07fe10696da601605115
Certificate serial:       019ABB544D263EDDC7877EC0319F534802F7
Authority key identifier: CE:DD:0D:71:5E:97:FB:91:F7:8D:07:FE:10:69:6D:A6:01:60:51:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zt0NcV6X-5H3jQf-EGltpgFgURU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/OLvsEOQQIpUl25Z4TEko9zb_n1I.roa
Signing time:             Tue 25 Nov 2025 14:04:15 +0000
ROA not before:           Tue 25 Nov 2025 14:04:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50083
IP address blocks:        185.202.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/zt0NcV6X-5H3jQf-EGltpgFgURU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/zt0NcV6X-5H3jQf-EGltpgFgURU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zt0NcV6X-5H3jQf-EGltpgFgURU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 02:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:bb:54:4d:26:3e:dd:c7:87:7e:c0:31:9f:53:48:02:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cedd0d715e97fb91f78d07fe10696da601605115
        Validity
            Not Before: Nov 25 14:04:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38bbec10e410229525db96784c4928f736ff9f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f6:96:97:73:59:cb:3c:3d:56:13:1b:76:43:
                    d6:34:e9:0b:26:a6:da:08:b1:41:8f:4e:d1:89:fc:
                    5f:a0:5d:30:41:c3:69:b1:5d:84:d0:3f:d3:54:82:
                    26:e8:94:83:ea:0d:3e:1a:62:fe:3e:02:25:24:19:
                    a2:4f:70:f2:f5:56:6e:dc:bd:87:92:2b:53:39:d1:
                    3e:b9:d8:33:b3:ff:9f:8a:6b:1a:e4:ef:3e:65:dc:
                    80:ec:27:37:29:3f:6d:eb:f3:46:73:45:b0:79:b2:
                    88:c4:ec:e6:60:ac:e3:bd:b3:4d:a8:6b:63:9f:1b:
                    61:4d:f1:3c:20:0a:5c:4d:9e:3b:f9:5f:6f:e7:ea:
                    bf:4f:eb:dd:67:67:bf:73:da:8b:fe:ab:18:6c:1b:
                    19:07:8a:e9:35:4f:da:8f:e2:6d:14:5b:c0:cf:17:
                    78:b3:89:d9:ca:9a:d4:98:67:4a:f5:54:6e:b8:87:
                    65:dc:a8:40:c2:35:fc:3d:e9:3d:ce:8e:14:21:62:
                    a2:e7:e7:ed:b9:22:d4:09:58:95:e8:70:ad:c7:45:
                    06:95:21:37:75:73:2d:67:99:f9:f9:87:05:7d:40:
                    76:14:7f:d3:e9:d9:a5:0b:50:2b:85:a2:c1:0e:59:
                    a5:d8:64:3d:e0:53:6e:49:7d:ac:62:4d:89:fe:80:
                    ef:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:BB:EC:10:E4:10:22:95:25:DB:96:78:4C:49:28:F7:36:FF:9F:52
            X509v3 Authority Key Identifier:
                keyid:CE:DD:0D:71:5E:97:FB:91:F7:8D:07:FE:10:69:6D:A6:01:60:51:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zt0NcV6X-5H3jQf-EGltpgFgURU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/OLvsEOQQIpUl25Z4TEko9zb_n1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/33a19d-2c03-44d0-8cbc-aaf32171eaa1/1/zt0NcV6X-5H3jQf-EGltpgFgURU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:40:a0:66:d0:75:55:eb:a0:28:82:c0:d0:57:10:66:2b:9e:
         d0:5a:07:13:48:cb:39:98:d0:12:44:dc:d1:85:f1:9d:b4:80:
         1a:a5:7b:e4:18:76:76:7d:4e:d1:9c:d9:7f:d2:59:4a:39:3f:
         be:1a:60:a4:2c:7c:96:ad:62:28:11:99:7c:56:b1:97:f6:c2:
         16:24:99:47:e0:66:c2:dd:65:5e:45:fd:0e:88:72:a6:29:2d:
         86:53:83:d5:b1:a2:fe:2d:f6:62:45:9e:9f:c5:2d:8a:5e:99:
         32:0a:65:b7:91:92:51:67:00:79:29:08:db:e3:0e:3d:fd:80:
         47:bb:21:15:2d:08:bf:80:b9:3a:a0:71:1c:29:9d:3f:47:c9:
         14:7f:2c:8b:6f:ca:1b:eb:16:00:86:df:cd:14:02:59:3b:17:
         cf:cb:e5:9c:2b:f0:c1:2a:15:14:cc:b3:e1:c5:44:29:85:ad:
         b5:13:c3:07:38:9b:c2:74:40:23:78:bf:60:62:97:9e:61:4a:
         aa:a9:81:cc:b2:c3:32:b3:fc:79:6f:a4:ad:51:25:25:20:ea:
         44:73:25:70:e7:23:4c:1a:05:26:9f:4b:b8:2d:af:c7:06:eb:
         a7:31:0a:a6:ac:76:60:9d:48:75:5c:af:e2:de:f6:55:57:ba:
         4d:99:e9:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq7VE0mPt3Hh37AMZ9TSAL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZGQwZDcxNWU5N2ZiOTFmNzhkMDdmZTEwNjk2ZGE2MDE2
MDUxMTUwHhcNMjUxMTI1MTQwNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGJiZWMxMGU0MTAyMjk1MjVkYjk2Nzg0YzQ5MjhmNzM2ZmY5ZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvaWl3NZyzw9VhMbdkPWNOkLJqba
CLFBj07RifxfoF0wQcNpsV2E0D/TVIIm6JSD6g0+GmL+PgIlJBmiT3Dy9VZu3L2H
kitTOdE+udgzs/+fimsa5O8+ZdyA7Cc3KT9t6/NGc0WwebKIxOzmYKzjvbNNqGtj
nxthTfE8IApcTZ47+V9v5+q/T+vdZ2e/c9qL/qsYbBsZB4rpNU/aj+JtFFvAzxd4
s4nZyprUmGdK9VRuuIdl3KhAwjX8Pek9zo4UIWKi5+ftuSLUCViV6HCtx0UGlSE3
dXMtZ5n5+YcFfUB2FH/T6dmlC1ArhaLBDlml2GQ94FNuSX2sYk2J/oDvawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDi77BDkECKVJduWeExJKPc2/59SMB8GA1UdIwQY
MBaAFM7dDXFel/uR940H/hBpbaYBYFEVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenQwTmNWNlgtNUgzalFmLUVHbHRwZ0ZnVVJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8zM2ExOWQtMmMwMy00NGQwLThjYmMt
YWFmMzIxNzFlYWExLzEvT0x2c0VPUVFJcFVsMjVaNFRFa285emJfbjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8zM2ExOWQtMmMwMy00NGQwLThjYmMtYWFmMzIxNzFlYWEx
LzEvenQwTmNWNlgtNUgzalFmLUVHbHRwZ0ZnVVJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucrgMA0G
CSqGSIb3DQEBCwUAA4IBAQDZQKBm0HVV66AogsDQVxBmK57QWgcTSMs5mNASRNzR
hfGdtIAapXvkGHZ2fU7RnNl/0llKOT++GmCkLHyWrWIoEZl8VrGX9sIWJJlH4GbC
3WVeRf0OiHKmKS2GU4PVsaL+LfZiRZ6fxS2KXpkyCmW3kZJRZwB5KQjb4w49/YBH
uyEVLQi/gLk6oHEcKZ0/R8kUfyyLb8ob6xYAht/NFAJZOxfPy+WcK/DBKhUUzLPh
xUQpha21E8MHOJvCdEAjeL9gYpeeYUqqqYHMssMys/x5b6StUSUlIOpEcyVw5yNM
GgUmn0u4La/HBuunMQqmrHZgnUh1XK/i3vZVV7pNmekE
-----END CERTIFICATE-----