This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/OJRfagybnKNPJgB2VgQCHXK6_wA.roa
File:                     OJRfagybnKNPJgB2VgQCHXK6_wA.roa (raw, json)
Hash identifier:          +CkaUNxuBjvbD77nG/V3XHJG2xGpZ2YKXMRrO/6Sytc=
Subject key identifier:   38:94:5F:6A:0C:9B:9C:A3:4F:26:00:76:56:04:02:1D:72:BA:FF:00
Certificate issuer:       /CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
Certificate serial:       019B7D5B314CDFC6787E29A193FB4C566F28
Authority key identifier: 17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/OJRfagybnKNPJgB2VgQCHXK6_wA.roa
Signing time:             Fri 02 Jan 2026 06:18:06 +0000
ROA not before:           Fri 02 Jan 2026 06:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42000
IP address blocks:        217.11.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:31:4c:df:c6:78:7e:29:a1:93:fb:4c:56:6f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
        Validity
            Not Before: Jan  2 06:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38945f6a0c9b9ca34f2600765604021d72baff00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e9:03:61:ce:13:8c:2d:c0:85:be:dc:a2:bd:
                    2e:a0:47:2b:57:36:85:c7:9c:58:38:5d:e2:e5:f6:
                    e1:b5:e0:c3:47:00:6a:c1:0e:20:9f:77:08:e7:48:
                    dd:43:98:1c:03:e1:41:43:4c:a4:5c:4e:cf:83:aa:
                    fc:f1:3c:25:e1:4f:dd:17:18:d0:e0:f0:34:72:f6:
                    fa:7e:b7:d3:79:4b:fe:34:bd:69:49:89:12:ce:43:
                    e9:33:f9:69:6a:1c:ac:ab:51:ca:12:e2:eb:f6:ee:
                    41:7b:d6:10:ce:c3:80:d7:c4:6a:5e:f8:cf:c9:04:
                    d1:a8:2f:02:b8:9c:e9:45:b9:50:39:f3:39:74:db:
                    9f:87:54:90:be:16:f8:19:a8:75:63:6e:40:28:f6:
                    db:7e:14:13:16:f7:f7:15:b4:5d:33:04:10:a4:1c:
                    2a:4f:91:a3:0b:4b:e7:45:94:4b:89:06:44:47:17:
                    e5:ca:25:9e:ab:d8:5e:32:17:ff:f6:49:4b:2b:ca:
                    60:df:13:11:44:55:27:83:37:00:c8:01:50:7c:d3:
                    2c:46:b4:87:1c:b6:55:a2:7f:3c:4e:96:c2:4f:66:
                    a0:10:a3:8b:be:9a:33:76:40:95:89:53:10:c3:b7:
                    9b:c6:2c:a8:95:42:ec:8a:3f:61:50:8e:e7:3e:49:
                    58:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:94:5F:6A:0C:9B:9C:A3:4F:26:00:76:56:04:02:1D:72:BA:FF:00
            X509v3 Authority Key Identifier:
                keyid:17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/OJRfagybnKNPJgB2VgQCHXK6_wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.11.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f2:33:e9:cd:2f:dc:79:bd:ac:58:78:28:05:be:e2:d9:87:
         16:b6:2b:23:3a:b8:10:73:db:11:e2:f7:17:60:01:73:26:5a:
         84:86:c8:c8:f2:66:a4:d2:24:46:ac:29:b4:ab:e4:51:56:dd:
         60:89:b7:ca:52:76:ea:b8:34:e6:5f:1f:7f:8b:88:38:37:fc:
         ea:84:d6:c6:c8:b2:1d:ce:bc:49:71:11:55:6a:7d:4c:9d:0c:
         a6:a9:d5:67:1b:43:c7:e5:c1:1a:3f:a3:68:9e:36:8e:db:ea:
         e2:c2:1a:e1:d0:7c:f3:2b:bd:42:ee:b8:f8:9a:f4:b9:66:a2:
         a5:92:a9:f9:dc:bb:41:13:1f:4c:00:22:a2:51:3a:c1:07:c8:
         91:af:0f:b5:e1:bb:8a:3f:15:02:cd:8d:f5:54:74:b7:1f:47:
         e4:af:c0:7e:87:14:80:93:8e:62:b3:10:b4:fe:25:80:8a:cb:
         1d:14:90:67:ae:bb:7d:c8:68:16:52:30:96:84:55:e3:32:90:
         cb:80:db:5d:65:ba:1d:31:9f:0b:be:a2:65:0b:7c:40:8d:f1:
         77:e3:f4:c5:0f:6f:9f:ae:72:0c:e7:af:db:05:e1:aa:ba:3b:
         ab:24:0a:be:99:15:5d:ff:64:f8:1e:a1:b4:28:22:d1:40:f7:
         0f:c2:c6:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WzFM38Z4fimhk/tMVm8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDg0N2Y4NjY3ZDUyZmEyY2Y5Y2Y5YWZjYzQzYTA3OTE1
NTc1Y2EwHhcNMjYwMTAyMDYxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODk0NWY2YTBjOWI5Y2EzNGYyNjAwNzY1NjA0MDIxZDcyYmFmZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOkDYc4TjC3Ahb7cor0uoEcrVzaF
x5xYOF3i5fbhteDDRwBqwQ4gn3cI50jdQ5gcA+FBQ0ykXE7Pg6r88Twl4U/dFxjQ
4PA0cvb6frfTeUv+NL1pSYkSzkPpM/lpahysq1HKEuLr9u5Be9YQzsOA18RqXvjP
yQTRqC8CuJzpRblQOfM5dNufh1SQvhb4Gah1Y25AKPbbfhQTFvf3FbRdMwQQpBwq
T5GjC0vnRZRLiQZERxflyiWeq9heMhf/9klLK8pg3xMRRFUngzcAyAFQfNMsRrSH
HLZVon88TpbCT2agEKOLvpozdkCViVMQw7ebxiyolULsij9hUI7nPklYKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiUX2oMm5yjTyYAdlYEAh1yuv8AMB8GA1UdIwQY
MBaAFBdIR/hmfVL6LPnPmvzEOgeRVXXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2Ut
MTQ1NGZmZTYxODJjLzEvT0pSZmFneWJuS05QSmdCMlZnUUNIWEs2X3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2UtMTQ1NGZmZTYxODJj
LzEvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Qv1MA0G
CSqGSIb3DQEBCwUAA4IBAQAk8jPpzS/ceb2sWHgoBb7i2YcWtisjOrgQc9sR4vcX
YAFzJlqEhsjI8mak0iRGrCm0q+RRVt1gibfKUnbquDTmXx9/i4g4N/zqhNbGyLId
zrxJcRFVan1MnQymqdVnG0PH5cEaP6NonjaO2+riwhrh0HzzK71C7rj4mvS5ZqKl
kqn53LtBEx9MACKiUTrBB8iRrw+14buKPxUCzY31VHS3H0fkr8B+hxSAk45isxC0
/iWAissdFJBnrrt9yGgWUjCWhFXjMpDLgNtdZbodMZ8LvqJlC3xAjfF34/TFD2+f
rnIM56/bBeGqujurJAq+mRVd/2T4HqG0KCLRQPcPwsZL
-----END CERTIFICATE-----