This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/OwnmL8kddIBhLRX-NHEzddhuNVA.roa
File:                     OwnmL8kddIBhLRX-NHEzddhuNVA.roa (raw, json)
Hash identifier:          leLJKgM8a2VW5VrAHQjffz+j5cjfJqCfMtcGbwf0E0E=
Subject key identifier:   3B:09:E6:2F:C9:1D:74:80:61:2D:15:FE:34:71:33:75:D8:6E:35:50
Certificate issuer:       /CN=88fb410a3bfc7340b667b4f221c7cb806267896e
Certificate serial:       019BEA0E16D9E2DEC11D9BC837CB4A6B6CFF
Authority key identifier: 88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/OwnmL8kddIBhLRX-NHEzddhuNVA.roa
Signing time:             Fri 23 Jan 2026 08:52:30 +0000
ROA not before:           Fri 23 Jan 2026 08:52:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202106
IP address blocks:        185.129.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ea:0e:16:d9:e2:de:c1:1d:9b:c8:37:cb:4a:6b:6c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88fb410a3bfc7340b667b4f221c7cb806267896e
        Validity
            Not Before: Jan 23 08:52:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b09e62fc91d7480612d15fe34713375d86e3550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:73:15:3b:e7:62:1f:eb:e5:c7:60:e1:50:f8:
                    24:ab:14:a8:20:12:ca:72:11:ab:cf:14:fe:a6:ca:
                    8b:c7:38:b9:bc:91:3c:16:78:d4:2e:5f:b3:6c:4c:
                    5b:bb:04:57:b7:3e:78:91:60:6c:8d:18:cf:a7:aa:
                    e0:41:8a:62:ec:cc:93:1b:f6:89:07:39:b7:de:13:
                    ad:4b:d7:fd:91:b1:12:78:8b:2a:d9:8c:1e:07:cb:
                    60:a9:d5:a3:44:6c:00:76:7a:10:fd:93:7d:ab:17:
                    29:9c:09:54:bf:47:c8:3d:74:01:fd:f0:4f:8e:bd:
                    87:89:da:e2:a9:9b:92:01:d4:6d:ba:ac:f9:17:b6:
                    c6:ad:db:96:23:a2:f1:6e:0c:c6:23:e3:d9:bc:c1:
                    1d:47:59:37:5e:3b:8a:f8:5e:58:5f:87:76:e2:f4:
                    09:64:c4:19:5c:5e:ad:18:d0:b0:92:87:ab:cf:5f:
                    da:51:86:fd:1b:b7:cd:a0:87:bf:c3:4e:43:49:74:
                    ac:0a:23:ab:66:07:bc:93:bb:98:40:b7:e0:85:24:
                    bf:8c:83:f6:e9:01:cf:e3:da:43:f5:a1:1f:ae:56:
                    c2:99:5b:97:be:cb:78:75:32:e7:8f:2e:10:48:27:
                    be:2d:6c:1a:3a:52:d5:12:1c:ea:d6:79:22:e7:31:
                    87:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:09:E6:2F:C9:1D:74:80:61:2D:15:FE:34:71:33:75:D8:6E:35:50
            X509v3 Authority Key Identifier:
                keyid:88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/OwnmL8kddIBhLRX-NHEzddhuNVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:3d:d3:9a:a1:e4:7d:cd:bc:cc:0e:ff:b2:f8:fb:81:a3:29:
         10:19:35:38:aa:4a:c9:1e:9b:fb:a1:5e:38:54:46:be:65:e7:
         9e:5d:2b:2a:f0:94:3c:91:6a:cc:06:c3:64:77:1e:8c:17:4e:
         14:fa:68:28:d9:ed:f4:34:00:ae:d4:be:1e:84:13:c2:09:78:
         80:65:15:67:e2:95:f0:35:c3:ae:de:05:cb:37:5f:95:99:3d:
         ee:6e:a7:e4:4e:a5:32:73:9c:97:49:fa:68:82:06:4f:3d:f3:
         cb:c0:a7:be:8f:46:5f:39:d8:d3:18:0e:b3:b5:ed:d1:eb:2b:
         10:14:8e:33:fd:80:77:71:09:68:9f:c5:c1:ef:2e:69:4a:ae:
         68:f1:83:d0:22:fd:1d:0b:ae:22:0a:c2:2a:f6:22:be:78:49:
         e6:86:31:27:09:b6:e5:4f:ad:71:7f:db:df:71:cc:9e:5c:a8:
         97:70:66:c3:71:63:9e:d3:fa:1f:71:47:95:21:20:93:89:05:
         7c:96:88:6d:b0:47:41:62:c2:d8:87:30:21:0f:86:be:20:9e:
         a7:2e:89:1b:75:a9:97:2f:dd:68:4b:96:dd:cb:6d:76:52:bd:
         13:b2:e7:2b:40:0a:4d:98:2a:07:87:3d:7e:0e:75:01:59:21:
         4c:8a:31:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvqDhbZ4t7BHZvIN8tKa2z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmI0MTBhM2JmYzczNDBiNjY3YjRmMjIxYzdjYjgwNjI2
Nzg5NmUwHhcNMjYwMTIzMDg1MjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjA5ZTYyZmM5MWQ3NDgwNjEyZDE1ZmUzNDcxMzM3NWQ4NmUzNTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXMVO+diH+vlx2DhUPgkqxSoIBLK
chGrzxT+psqLxzi5vJE8FnjULl+zbExbuwRXtz54kWBsjRjPp6rgQYpi7MyTG/aJ
Bzm33hOtS9f9kbESeIsq2YweB8tgqdWjRGwAdnoQ/ZN9qxcpnAlUv0fIPXQB/fBP
jr2HidriqZuSAdRtuqz5F7bGrduWI6LxbgzGI+PZvMEdR1k3XjuK+F5YX4d24vQJ
ZMQZXF6tGNCwkoerz1/aUYb9G7fNoIe/w05DSXSsCiOrZge8k7uYQLfghSS/jIP2
6QHP49pD9aEfrlbCmVuXvst4dTLnjy4QSCe+LWwaOlLVEhzq1nki5zGH/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsJ5i/JHXSAYS0V/jRxM3XYbjVQMB8GA1UdIwQY
MBaAFIj7QQo7/HNAtme08iHHy4BiZ4luMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDIt
YjM4YzgwOTUxOTgxLzEvT3dubUw4a2RkSUJoTFJYLU5IRXpkZGh1TlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDItYjM4YzgwOTUxOTgx
LzEvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYERMA0G
CSqGSIb3DQEBCwUAA4IBAQBDPdOaoeR9zbzMDv+y+PuBoykQGTU4qkrJHpv7oV44
VEa+ZeeeXSsq8JQ8kWrMBsNkdx6MF04U+mgo2e30NACu1L4ehBPCCXiAZRVn4pXw
NcOu3gXLN1+VmT3ubqfkTqUyc5yXSfpoggZPPfPLwKe+j0ZfOdjTGA6zte3R6ysQ
FI4z/YB3cQlon8XB7y5pSq5o8YPQIv0dC64iCsIq9iK+eEnmhjEnCbblT61xf9vf
ccyeXKiXcGbDcWOe0/ofcUeVISCTiQV8lohtsEdBYsLYhzAhD4a+IJ6nLokbdamX
L91oS5bdy212Ur0TsucrQApNmCoHhz1+DnUBWSFMijGa
-----END CERTIFICATE-----