This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/O5R9o9aOGAQjLSEFP77D46_p0zA.roa
File:                     O5R9o9aOGAQjLSEFP77D46_p0zA.roa (raw, json)
Hash identifier:          VAxezswB2T53afFF+/LDryteuchgPZu3eTkvt2YnZuY=
Subject key identifier:   3B:94:7D:A3:D6:8E:18:04:23:2D:21:05:3F:BE:C3:E3:AF:E9:D3:30
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       019AEDFC0D32642E589C19768D8485E743DA
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/O5R9o9aOGAQjLSEFP77D46_p0zA.roa
Signing time:             Fri 05 Dec 2025 10:08:29 +0000
ROA not before:           Fri 05 Dec 2025 10:08:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        85.153.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 04:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ed:fc:0d:32:64:2e:58:9c:19:76:8d:84:85:e7:43:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Dec  5 10:08:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b947da3d68e1804232d21053fbec3e3afe9d330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:69:09:cb:db:31:a2:47:c3:c1:55:ae:91:d3:
                    79:89:08:b9:a4:39:80:a8:c4:4e:76:b0:3b:6e:63:
                    81:29:c8:65:1e:46:6e:45:e3:cd:c7:96:3c:b9:3b:
                    b8:1b:3a:80:9c:e7:4f:1a:c7:a0:f2:57:b4:bb:d2:
                    96:e7:d4:ad:f1:c8:46:77:79:49:41:5b:36:41:a5:
                    6f:25:9c:79:f8:5c:a3:23:af:88:21:45:41:48:61:
                    24:f7:ec:d2:13:ed:a8:f3:f4:0e:a4:7a:18:72:67:
                    b0:5b:67:b4:d7:ac:38:bd:a0:cd:48:8c:72:5b:3d:
                    65:18:1a:11:26:e6:53:a8:87:3c:c5:16:88:8c:c3:
                    2c:99:73:d9:22:05:9a:0e:7c:20:35:8f:96:3c:65:
                    28:e2:18:0b:ab:58:cd:f6:46:7a:2f:cf:37:69:9d:
                    54:a0:05:64:90:66:85:e9:95:ab:7b:15:14:f2:c1:
                    80:00:c0:04:8a:f5:5e:1e:ea:36:55:57:c8:eb:ed:
                    a7:26:70:99:59:51:8e:2a:e1:95:20:16:5a:f7:39:
                    96:73:1f:d8:9a:17:99:39:28:f2:df:d5:8e:f9:58:
                    ec:fc:a0:41:d1:f1:3d:65:aa:e0:d9:1a:d8:d8:9a:
                    47:1c:4f:5d:e7:e8:a5:f4:61:56:56:54:5e:8a:01:
                    f7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:94:7D:A3:D6:8E:18:04:23:2D:21:05:3F:BE:C3:E3:AF:E9:D3:30
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/O5R9o9aOGAQjLSEFP77D46_p0zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:06:cb:f3:21:3d:60:05:be:db:3b:40:e9:be:dd:10:47:7f:
         a6:c4:62:82:d3:3f:46:3f:4e:16:aa:99:b0:14:ae:c4:ce:36:
         cc:ab:8e:6d:66:7a:3d:fc:3b:52:16:5a:75:45:f9:6d:1c:ca:
         49:41:38:a9:21:48:cc:d6:3e:22:74:d8:d0:d4:df:90:49:46:
         aa:37:e6:f6:49:c5:8d:ff:89:4a:51:69:cc:d5:a1:37:e7:80:
         1a:b9:2e:58:ee:f4:75:59:9d:47:0b:86:91:25:95:f1:b0:c7:
         e0:21:8d:a6:18:73:92:88:a5:ba:a0:38:bf:33:c5:da:ed:f1:
         c7:6d:3d:f5:c4:bb:ab:b8:39:09:c1:35:2a:5c:d4:c0:c4:31:
         53:89:77:5f:ac:e6:86:8a:a0:b1:26:79:7d:f2:51:41:b0:11:
         98:4d:fe:42:33:93:f2:f6:f1:7d:1c:29:75:21:1d:01:ba:77:
         52:83:b5:61:a5:bb:ea:33:5e:36:f2:93:45:7a:f1:6c:c4:aa:
         f6:ab:5b:48:ad:e6:fe:9c:b8:11:fc:ee:10:32:94:0e:f7:19:
         6b:86:fc:0d:66:c2:89:c3:36:a4:ff:c3:70:7a:32:1a:6c:97:
         30:f1:b8:99:88:cd:0b:1b:03:4c:a0:a5:68:b8:d3:e7:a1:bd:
         40:ea:30:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrt/A0yZC5YnBl2jYSF50PaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUxMjA1MTAwODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjk0N2RhM2Q2OGUxODA0MjMyZDIxMDUzZmJlYzNlM2FmZTlkMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGkJy9sxokfDwVWukdN5iQi5pDmA
qMROdrA7bmOBKchlHkZuRePNx5Y8uTu4GzqAnOdPGseg8le0u9KW59St8chGd3lJ
QVs2QaVvJZx5+FyjI6+IIUVBSGEk9+zSE+2o8/QOpHoYcmewW2e016w4vaDNSIxy
Wz1lGBoRJuZTqIc8xRaIjMMsmXPZIgWaDnwgNY+WPGUo4hgLq1jN9kZ6L883aZ1U
oAVkkGaF6ZWrexUU8sGAAMAEivVeHuo2VVfI6+2nJnCZWVGOKuGVIBZa9zmWcx/Y
mheZOSjy39WO+Vjs/KBB0fE9Zarg2RrY2JpHHE9d5+il9GFWVlReigH38wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuUfaPWjhgEIy0hBT++w+Ov6dMwMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTzVSOW85YU9HQVFqTFNFRlA3N0Q0Nl9wMHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZmOMA0G
CSqGSIb3DQEBCwUAA4IBAQADBsvzIT1gBb7bO0Dpvt0QR3+mxGKC0z9GP04Wqpmw
FK7EzjbMq45tZno9/DtSFlp1RfltHMpJQTipIUjM1j4idNjQ1N+QSUaqN+b2ScWN
/4lKUWnM1aE354AauS5Y7vR1WZ1HC4aRJZXxsMfgIY2mGHOSiKW6oDi/M8Xa7fHH
bT31xLuruDkJwTUqXNTAxDFTiXdfrOaGiqCxJnl98lFBsBGYTf5CM5Py9vF9HCl1
IR0BundSg7VhpbvqM1428pNFevFsxKr2q1tIreb+nLgR/O4QMpQO9xlrhvwNZsKJ
wzak/8NwejIabJcw8biZiM0LGwNMoKVouNPnob1A6jCD
-----END CERTIFICATE-----