This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/opR1RSlbkE3ELuhyBbafM8IbPaE.roa
File:                     opR1RSlbkE3ELuhyBbafM8IbPaE.roa (raw, json)
Hash identifier:          XOjjU1LJeZo/s26HxamkSPgFbekl7O6VlvxsLnn7lEo=
Subject key identifier:   A2:94:75:45:29:5B:90:4D:C4:2E:E8:72:05:B6:9F:33:C2:1B:3D:A1
Certificate issuer:       /CN=8e90bd2870050c84477a161eb090f05eb962016c
Certificate serial:       019B7E37900568A08FD7308980378C716F1A
Authority key identifier: 8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/opR1RSlbkE3ELuhyBbafM8IbPaE.roa
Signing time:             Fri 02 Jan 2026 10:18:49 +0000
ROA not before:           Fri 02 Jan 2026 10:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1213
IP address blocks:        136.201.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:90:05:68:a0:8f:d7:30:89:80:37:8c:71:6f:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e90bd2870050c84477a161eb090f05eb962016c
        Validity
            Not Before: Jan  2 10:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2947545295b904dc42ee87205b69f33c21b3da1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:95:4d:18:84:f5:b8:9e:05:0c:09:4a:7a:70:
                    58:a6:9c:ac:00:84:56:b1:e0:0a:5f:67:0f:ff:7b:
                    fd:99:22:4a:32:db:e6:63:b1:72:6e:d7:01:92:96:
                    27:18:a0:b4:4f:d8:9d:fa:ae:68:7a:cb:a9:f8:48:
                    ea:83:bf:7b:04:6c:8a:38:cd:e6:d8:12:89:da:4d:
                    da:de:3b:f4:e1:96:a8:c2:b8:99:3a:61:ba:52:50:
                    42:75:c2:93:c4:6c:7a:e4:67:d0:fb:bf:e1:9c:23:
                    0f:ec:66:a4:f5:58:11:cb:62:22:5b:df:dc:53:59:
                    0b:50:a6:8b:2b:56:7d:ed:ae:fc:94:09:60:a9:82:
                    6f:55:52:59:4e:98:e9:4a:eb:d4:91:2b:6e:8e:0a:
                    ab:aa:17:5e:b8:a4:d3:23:24:2f:75:ab:dc:33:c0:
                    6e:56:80:d7:5e:6a:a6:0c:ca:93:18:08:61:d6:09:
                    a4:0c:8d:08:40:1e:14:97:67:81:c2:1f:9d:c8:bd:
                    0b:cc:33:4a:b1:94:51:d3:b7:81:d3:b5:3d:82:5f:
                    3d:a7:30:ec:bd:70:ec:3c:44:6b:12:f9:d6:1c:f6:
                    54:17:da:25:ba:df:34:aa:c1:ae:9c:80:1a:8c:f2:
                    12:5b:45:8c:6b:a5:a4:ba:50:f1:60:1b:86:b8:53:
                    91:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:94:75:45:29:5B:90:4D:C4:2E:E8:72:05:B6:9F:33:C2:1B:3D:A1
            X509v3 Authority Key Identifier:
                keyid:8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/opR1RSlbkE3ELuhyBbafM8IbPaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.201.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         23:83:8f:e9:f4:65:d3:96:d6:c1:1d:30:93:19:4a:98:c5:9a:
         4e:ed:6e:28:a6:0d:ca:1d:52:3e:11:0f:e0:2d:08:1c:b4:d4:
         a9:dc:3d:39:af:7f:83:16:fd:ff:4e:c9:3e:41:8a:b9:21:c8:
         a4:f9:5c:42:c6:18:47:0b:8c:2c:b4:ba:08:f3:23:9c:ac:92:
         66:44:e1:1c:e9:04:24:aa:17:c0:f1:40:22:aa:52:47:8b:95:
         61:0c:0d:b2:d3:4c:ea:a1:ce:c0:96:56:71:f6:d2:3a:7e:cc:
         7b:ce:83:54:50:9e:37:29:85:44:dc:0e:09:ac:43:43:a7:25:
         7a:c9:0a:24:ec:c9:a4:f2:d6:92:79:b3:0b:74:20:77:a6:76:
         31:fb:26:29:28:3a:0e:81:76:a9:62:b7:d5:43:91:63:5d:a5:
         19:bb:30:1f:79:91:36:ab:40:10:72:42:de:3b:b2:7a:71:79:
         db:63:48:c4:e1:0d:a2:32:24:02:ee:bd:52:c8:bd:d6:af:65:
         c8:39:88:ef:89:b3:91:d0:e2:6e:73:7b:3b:74:67:60:9f:36:
         1f:9f:67:1d:4c:f1:56:9f:c9:e3:df:09:f1:28:59:b8:c0:ae:
         18:1e:9e:3d:ab:07:de:ce:86:00:b0:72:a3:ed:72:b3:69:dc:
         c3:3c:28:1c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt+N5AFaKCP1zCJgDeMcW8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTBiZDI4NzAwNTBjODQ0NzdhMTYxZWIwOTBmMDVlYjk2
MjAxNmMwHhcNMjYwMTAyMTAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjk0NzU0NTI5NWI5MDRkYzQyZWU4NzIwNWI2OWYzM2MyMWIzZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJVNGIT1uJ4FDAlKenBYppysAIRW
seAKX2cP/3v9mSJKMtvmY7FybtcBkpYnGKC0T9id+q5oesup+Ejqg797BGyKOM3m
2BKJ2k3a3jv04ZaowriZOmG6UlBCdcKTxGx65GfQ+7/hnCMP7Gak9VgRy2IiW9/c
U1kLUKaLK1Z97a78lAlgqYJvVVJZTpjpSuvUkStujgqrqhdeuKTTIyQvdavcM8Bu
VoDXXmqmDMqTGAhh1gmkDI0IQB4Ul2eBwh+dyL0LzDNKsZRR07eB07U9gl89pzDs
vXDsPERrEvnWHPZUF9olut80qsGunIAajPISW0WMa6WkulDxYBuGuFORGQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKKUdUUpW5BNxC7ocgW2nzPCGz2hMB8GA1UdIwQY
MBaAFI6QvShwBQyER3oWHrCQ8F65YgFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMt
ZWNiODA3MDJhMTE3LzEvb3BSMVJTbGJrRTNFTHVoeUJiYWZNOEliUGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMtZWNiODA3MDJhMTE3
LzEvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiMkwDQYJ
KoZIhvcNAQELBQADggEBACODj+n0ZdOW1sEdMJMZSpjFmk7tbiimDcodUj4RD+At
CBy01KncPTmvf4MW/f9OyT5BirkhyKT5XELGGEcLjCy0ugjzI5yskmZE4RzpBCSq
F8DxQCKqUkeLlWEMDbLTTOqhzsCWVnH20jp+zHvOg1RQnjcphUTcDgmsQ0OnJXrJ
CiTsyaTy1pJ5swt0IHemdjH7JikoOg6Bdqlit9VDkWNdpRm7MB95kTarQBByQt47
snpxedtjSMThDaIyJALuvVLIvdavZcg5iO+Js5HQ4m5zezt0Z2CfNh+fZx1M8Vaf
yePfCfEoWbjArhgenj2rB97OhgCwcqPtcrNp3MM8KBw=
-----END CERTIFICATE-----