This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/OUfdeNNDs8OS_Zz61BkSY7Pif-E.roa
File:                     OUfdeNNDs8OS_Zz61BkSY7Pif-E.roa (raw, json)
Hash identifier:          rEyjhKBNegyLt3vLHkJhC5gpFSZPB3EMOpngPcDHA6k=
Subject key identifier:   39:47:DD:78:D3:43:B3:C3:92:FD:9C:FA:D4:19:12:63:B3:E2:7F:E1
Certificate issuer:       /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial:       019B7BA42A00011D067C826B9F3ED064ED23
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/OUfdeNNDs8OS_Zz61BkSY7Pif-E.roa
Signing time:             Thu 01 Jan 2026 22:18:34 +0000
ROA not before:           Thu 01 Jan 2026 22:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44398
IP address blocks:        192.66.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:2a:00:01:1d:06:7c:82:6b:9f:3e:d0:64:ed:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
        Validity
            Not Before: Jan  1 22:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3947dd78d343b3c392fd9cfad4191263b3e27fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ff:a6:3c:a6:7f:88:ee:0b:00:75:15:be:ae:
                    32:92:30:3e:4a:bf:d2:79:0d:5f:7e:a4:03:8e:33:
                    e2:ff:92:a4:f8:07:f4:e3:0c:e9:50:43:40:13:c7:
                    8a:22:d6:9f:56:35:5a:3b:0c:f9:7d:fd:69:5c:7d:
                    7e:e7:92:d3:15:2e:4b:49:9c:e7:94:2b:95:1b:1f:
                    43:9d:ad:80:81:99:7d:ff:3a:27:95:82:fe:3e:86:
                    47:64:99:96:51:e0:d5:00:2f:c3:54:a2:f4:0a:10:
                    fd:7c:4a:51:7c:a6:75:d1:22:91:b5:f5:61:41:cf:
                    10:d4:36:13:ba:bd:f7:80:95:e6:9e:a1:6e:f8:7d:
                    13:3b:a6:6c:8c:46:6a:04:55:8e:e4:f6:69:b1:8d:
                    8c:4e:c6:bd:83:f2:0d:e7:4f:87:01:6f:f5:02:7e:
                    cd:db:04:e0:19:83:ad:f9:f0:ee:34:2c:f3:d0:5d:
                    a2:b4:28:53:fc:6f:c6:18:de:d4:34:31:d5:44:65:
                    84:99:b5:a5:ec:55:df:db:1f:da:e2:86:0e:78:25:
                    74:9a:18:33:32:14:0a:de:aa:ce:72:83:69:1d:e2:
                    59:d4:69:1b:07:9c:65:69:11:0c:cf:71:d7:34:7e:
                    c7:78:51:41:c5:98:45:07:25:20:e4:c9:97:8e:2d:
                    db:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:47:DD:78:D3:43:B3:C3:92:FD:9C:FA:D4:19:12:63:B3:E2:7F:E1
            X509v3 Authority Key Identifier:
                keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/OUfdeNNDs8OS_Zz61BkSY7Pif-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.66.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:1c:ed:2a:98:45:7e:55:99:e6:f1:88:c7:68:66:44:04:b3:
         f4:76:fd:72:52:20:17:e9:b0:72:4a:3c:4a:91:bd:72:c0:ba:
         7a:51:02:5a:d2:f8:a4:4e:0b:73:ed:c5:96:8c:14:2f:20:6b:
         60:49:e5:78:b1:ea:91:3e:8c:15:86:55:f5:da:b4:c9:a3:3c:
         18:ac:34:dc:19:09:81:3a:15:93:4c:ac:c6:dd:ae:e1:82:c8:
         d7:10:33:69:61:5b:26:08:9d:2a:72:02:78:15:48:94:90:35:
         d5:2c:f6:de:26:46:66:ba:2e:54:7f:6d:11:91:c3:82:48:1e:
         a2:fd:78:d6:bb:8e:92:55:e3:0b:29:be:d2:a9:a2:ce:63:3c:
         f0:66:58:6d:e4:02:75:29:df:f8:3f:24:df:c3:fb:21:29:50:
         40:e1:6c:71:25:93:2c:84:7b:df:a8:3d:50:79:a0:1c:50:34:
         f9:dd:f1:ee:f0:64:ef:1f:ef:45:67:75:62:ac:ef:a9:6e:f8:
         b9:e4:61:f5:df:e0:3b:58:3e:a7:a8:18:f6:5c:70:1e:cc:50:
         aa:63:4f:c1:7a:b1:ab:e3:2d:e8:ae:36:7c:9f:65:82:ac:48:
         5f:86:f2:90:54:6e:5e:bf:fd:11:16:fc:0e:10:4c:17:a6:9b:
         f3:7e:35:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pCoAAR0GfIJrnz7QZO0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjYwMTAxMjIxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ3ZGQ3OGQzNDNiM2MzOTJmZDljZmFkNDE5MTI2M2IzZTI3ZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf+mPKZ/iO4LAHUVvq4ykjA+Sr/S
eQ1ffqQDjjPi/5Kk+Af04wzpUENAE8eKItafVjVaOwz5ff1pXH1+55LTFS5LSZzn
lCuVGx9Dna2AgZl9/zonlYL+PoZHZJmWUeDVAC/DVKL0ChD9fEpRfKZ10SKRtfVh
Qc8Q1DYTur33gJXmnqFu+H0TO6ZsjEZqBFWO5PZpsY2MTsa9g/IN50+HAW/1An7N
2wTgGYOt+fDuNCzz0F2itChT/G/GGN7UNDHVRGWEmbWl7FXf2x/a4oYOeCV0mhgz
MhQK3qrOcoNpHeJZ1GkbB5xlaREMz3HXNH7HeFFBxZhFByUg5MmXji3bBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlH3XjTQ7PDkv2c+tQZEmOz4n/hMB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvT1VmZGVOTkRzOE9TX1p6NjFCa1NZN1BpZi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEKsMA0G
CSqGSIb3DQEBCwUAA4IBAQAMHO0qmEV+VZnm8YjHaGZEBLP0dv1yUiAX6bBySjxK
kb1ywLp6UQJa0vikTgtz7cWWjBQvIGtgSeV4seqRPowVhlX12rTJozwYrDTcGQmB
OhWTTKzG3a7hgsjXEDNpYVsmCJ0qcgJ4FUiUkDXVLPbeJkZmui5Uf20RkcOCSB6i
/XjWu46SVeMLKb7SqaLOYzzwZlht5AJ1Kd/4PyTfw/shKVBA4WxxJZMshHvfqD1Q
eaAcUDT53fHu8GTvH+9FZ3VirO+pbvi55GH13+A7WD6nqBj2XHAezFCqY0/BerGr
4y3orjZ8n2WCrEhfhvKQVG5ev/0RFvwOEEwXppvzfjVo
-----END CERTIFICATE-----