This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/ONb7XlbnU8uSlc4TUTlP2BCARNo.roa
File:                     ONb7XlbnU8uSlc4TUTlP2BCARNo.roa (raw, json)
Hash identifier:          kIWymw7pR3mlIx+rZsCa4ZXk1Bs64FeF3X4RQHx2aG8=
Subject key identifier:   38:D6:FB:5E:56:E7:53:CB:92:95:CE:13:51:39:4F:D8:10:80:44:DA
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019A78AFCAB6BC87D30EE28FDEE4599C1435
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/ONb7XlbnU8uSlc4TUTlP2BCARNo.roa
Signing time:             Wed 12 Nov 2025 15:29:37 +0000
ROA not before:           Wed 12 Nov 2025 15:29:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213990
IP address blocks:        62.60.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:78:af:ca:b6:bc:87:d3:0e:e2:8f:de:e4:59:9c:14:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Nov 12 15:29:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38d6fb5e56e753cb9295ce1351394fd8108044da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b7:5b:c9:96:00:96:18:6b:80:e7:b7:a4:18:
                    6e:bc:bc:b6:b0:f5:1f:57:ad:a8:01:dd:85:17:a7:
                    3b:47:df:99:81:e8:24:a5:ed:28:10:48:df:55:31:
                    cd:94:f1:df:23:08:7e:bf:60:c3:66:4a:fe:3e:75:
                    3f:3d:d1:ff:35:b2:b9:ee:b3:4e:bc:26:3b:fd:d4:
                    f3:7d:b6:77:65:16:4c:7c:ed:c5:f3:ac:2b:53:e5:
                    e0:2d:10:8d:21:5c:06:b7:02:fe:ce:ae:3a:97:9a:
                    97:5f:18:ac:99:cb:5a:0d:92:04:eb:79:dc:a9:dc:
                    b5:f6:2e:43:47:70:72:25:4b:6e:ca:8c:7d:1c:f6:
                    7b:44:fd:50:93:45:eb:2d:8f:23:ca:34:94:81:a6:
                    ef:d3:3d:3d:45:46:1f:20:60:28:70:d5:f4:fe:9e:
                    52:27:5a:d4:78:61:b7:9b:fd:33:22:ad:df:88:7c:
                    a9:69:e1:1a:80:b2:89:73:63:2d:9a:98:b9:52:aa:
                    20:3a:58:f1:4f:f9:db:2f:70:46:d1:03:7f:c6:62:
                    51:20:67:49:9d:bf:1d:07:14:55:79:3a:2e:55:97:
                    86:6f:9f:31:8a:37:0f:58:bf:15:85:4a:e5:d9:f7:
                    42:ca:fd:45:41:e5:65:14:b3:c8:67:66:cb:a6:e1:
                    1c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D6:FB:5E:56:E7:53:CB:92:95:CE:13:51:39:4F:D8:10:80:44:DA
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/ONb7XlbnU8uSlc4TUTlP2BCARNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:87:40:c1:3e:29:0f:cb:87:14:d7:c6:cd:a2:5b:eb:f1:88:
         2d:cd:e5:6b:7f:09:c5:7f:c2:2b:05:d5:d4:12:43:4f:df:ca:
         39:07:73:61:a7:f0:d9:65:8f:96:d4:c6:35:ef:e2:1b:ce:75:
         23:4d:ea:c1:97:83:e3:f4:0c:32:3d:34:ae:e6:e2:45:c4:13:
         5b:13:e7:93:64:d8:f8:ac:d3:45:ad:de:0e:76:e8:07:ce:fd:
         aa:7a:00:be:10:e4:fe:bc:0b:43:29:f5:09:c7:54:41:df:15:
         7a:4b:44:53:32:4f:b0:fd:a3:a0:97:75:a0:77:87:fc:75:60:
         7a:2a:29:43:ac:10:21:a7:f0:5f:58:db:73:ee:fc:b8:87:b8:
         a9:b5:37:53:b5:e5:49:9a:5d:6d:e0:bb:aa:35:7f:0a:ae:cd:
         96:ef:6b:84:0d:7f:bc:fa:f3:d7:51:7e:55:a5:95:16:e4:ac:
         21:22:0b:ec:30:c5:43:42:70:3c:05:b3:9d:0f:b8:04:63:68:
         86:92:fc:a8:7b:7e:95:6b:4f:8c:51:be:c2:4e:c2:69:23:74:
         ed:f8:0d:5a:f7:4e:a8:a8:9e:b7:50:1a:59:5a:a5:43:cf:c9:
         32:48:86:04:0a:a3:6d:62:da:40:a9:f0:f0:38:34:2f:bd:1f:
         f3:da:3f:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZp4r8q2vIfTDuKP3uRZnBQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUxMTEyMTUyOTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ2ZmI1ZTU2ZTc1M2NiOTI5NWNlMTM1MTM5NGZkODEwODA0NGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7dbyZYAlhhrgOe3pBhuvLy2sPUf
V62oAd2FF6c7R9+Zgegkpe0oEEjfVTHNlPHfIwh+v2DDZkr+PnU/PdH/NbK57rNO
vCY7/dTzfbZ3ZRZMfO3F86wrU+XgLRCNIVwGtwL+zq46l5qXXxismctaDZIE63nc
qdy19i5DR3ByJUtuyox9HPZ7RP1Qk0XrLY8jyjSUgabv0z09RUYfIGAocNX0/p5S
J1rUeGG3m/0zIq3fiHypaeEagLKJc2Mtmpi5UqogOljxT/nbL3BG0QN/xmJRIGdJ
nb8dBxRVeTouVZeGb58xijcPWL8VhUrl2fdCyv1FQeVlFLPIZ2bLpuEc0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjW+15W51PLkpXOE1E5T9gQgETaMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvT05iN1hsYm5VOHVTbGM0VFVUbFAyQkNBUk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjyGMA0G
CSqGSIb3DQEBCwUAA4IBAQCuh0DBPikPy4cU18bNolvr8YgtzeVrfwnFf8IrBdXU
EkNP38o5B3Nhp/DZZY+W1MY17+IbznUjTerBl4Pj9AwyPTSu5uJFxBNbE+eTZNj4
rNNFrd4OdugHzv2qegC+EOT+vAtDKfUJx1RB3xV6S0RTMk+w/aOgl3Wgd4f8dWB6
KilDrBAhp/BfWNtz7vy4h7iptTdTteVJml1t4LuqNX8Krs2W72uEDX+8+vPXUX5V
pZUW5KwhIgvsMMVDQnA8BbOdD7gEY2iGkvyoe36Va0+MUb7CTsJpI3Tt+A1a906o
qJ63UBpZWqVDz8kySIYECqNtYtpAqfDwODQvvR/z2j/h
-----END CERTIFICATE-----