This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/Oh22G_915CY9u5MflKN_pMtA1DI.roa
File:                     Oh22G_915CY9u5MflKN_pMtA1DI.roa (raw, json)
Hash identifier:          FsseF+o2oG0Sc0WcfTJeMuviJKeiZFceVmBH8y//bkA=
Subject key identifier:   3A:1D:B6:1B:FF:75:E4:26:3D:BB:93:1F:94:A3:7F:A4:CB:40:D4:32
Certificate issuer:       /CN=ae29751a0ac81a657190546ea4780cd86140dc9f
Certificate serial:       019B797F233E4592536685C0555D90CDFDCF
Authority key identifier: AE:29:75:1A:0A:C8:1A:65:71:90:54:6E:A4:78:0C:D8:61:40:DC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/Oh22G_915CY9u5MflKN_pMtA1DI.roa
Signing time:             Thu 01 Jan 2026 12:18:53 +0000
ROA not before:           Thu 01 Jan 2026 12:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        5.252.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:23:3e:45:92:53:66:85:c0:55:5d:90:cd:fd:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae29751a0ac81a657190546ea4780cd86140dc9f
        Validity
            Not Before: Jan  1 12:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a1db61bff75e4263dbb931f94a37fa4cb40d432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a5:e8:7a:ed:ef:3a:42:bb:50:29:f2:30:b5:
                    52:6b:6d:ae:70:aa:3b:c9:b8:33:60:50:69:1d:bb:
                    0f:2d:5d:68:a6:75:a2:88:ca:b8:8a:12:9c:ca:38:
                    68:f3:db:8c:81:f2:ad:05:98:4a:9a:49:15:47:98:
                    cd:f5:ef:dc:68:4d:4b:c3:75:13:14:eb:11:65:c2:
                    b2:2b:b4:89:df:60:f0:5e:28:99:8f:9a:27:07:6b:
                    ae:52:ae:4c:a3:c2:a9:95:bc:fc:d3:42:48:d0:5b:
                    bc:59:89:2e:75:7c:e6:c6:ed:71:d3:92:13:28:3b:
                    d0:86:7b:e5:bd:da:6c:b1:97:d4:4b:ea:ba:02:79:
                    af:6a:ed:ee:59:42:35:22:bb:32:55:ec:f4:95:5f:
                    07:0a:f9:72:04:81:0e:25:dc:56:46:18:7f:30:14:
                    81:4c:e9:84:0c:a4:dc:44:a3:cd:9f:4f:8b:17:91:
                    08:5d:13:b1:d7:00:71:1c:04:6a:9f:9d:4f:0f:d4:
                    58:c4:cb:84:c7:b1:88:9c:af:bc:37:71:16:54:57:
                    a0:73:1b:0b:d5:3e:0d:7f:19:5f:06:5e:29:ea:bf:
                    87:23:26:86:c1:ab:3f:7c:57:9b:81:0f:3c:60:56:
                    8d:61:60:fd:87:7d:fa:03:e0:c7:69:1b:49:69:29:
                    fe:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:1D:B6:1B:FF:75:E4:26:3D:BB:93:1F:94:A3:7F:A4:CB:40:D4:32
            X509v3 Authority Key Identifier:
                keyid:AE:29:75:1A:0A:C8:1A:65:71:90:54:6E:A4:78:0C:D8:61:40:DC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/Oh22G_915CY9u5MflKN_pMtA1DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:ce:a0:9f:4c:2c:c7:f8:6a:17:db:18:3b:fe:c2:68:9c:b2:
         5f:99:0a:79:d3:4d:b0:51:62:5c:e1:c3:2e:47:25:53:d0:d9:
         b5:e1:74:b4:35:13:85:71:87:2c:3c:b2:c4:35:db:bf:8c:47:
         35:4d:57:51:3f:c9:cc:53:1e:51:92:0f:8a:75:90:d2:d5:52:
         fd:a5:32:64:d3:b9:a2:8d:23:4d:27:f8:ef:c3:0d:81:1e:9f:
         36:08:69:79:95:a9:34:ec:62:3d:2c:a6:b4:66:a4:53:3d:59:
         4f:49:39:18:cb:46:51:1a:99:dd:1c:bd:dc:79:5a:8e:92:1a:
         7f:13:c6:b0:38:90:d0:9a:ea:1a:f1:f0:b3:98:2e:97:04:3d:
         25:a1:49:23:9c:db:9e:a1:a6:aa:68:6a:ee:e3:e2:13:03:b8:
         1c:ad:14:19:18:e5:ee:3e:c7:5a:5a:9e:ee:c4:ef:44:0f:6e:
         7d:2f:0b:96:c2:83:4f:3b:af:df:78:db:bc:55:65:72:0d:12:
         b0:d8:ee:f5:9b:68:0b:50:a5:99:45:b4:2b:5d:1a:d1:11:b5:
         20:6c:36:85:2a:3c:b9:59:c6:84:01:0a:9e:3d:71:44:6d:88:
         23:a4:48:25:24:b8:e5:61:82:72:8a:fa:bf:d2:1f:d8:c8:45:
         06:d5:53:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fyM+RZJTZoXAVV2Qzf3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMjk3NTFhMGFjODFhNjU3MTkwNTQ2ZWE0NzgwY2Q4NjE0
MGRjOWYwHhcNMjYwMTAxMTIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTFkYjYxYmZmNzVlNDI2M2RiYjkzMWY5NGEzN2ZhNGNiNDBkNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaXoeu3vOkK7UCnyMLVSa22ucKo7
ybgzYFBpHbsPLV1opnWiiMq4ihKcyjho89uMgfKtBZhKmkkVR5jN9e/caE1Lw3UT
FOsRZcKyK7SJ32DwXiiZj5onB2uuUq5Mo8Kplbz800JI0Fu8WYkudXzmxu1x05IT
KDvQhnvlvdpssZfUS+q6Anmvau3uWUI1IrsyVez0lV8HCvlyBIEOJdxWRhh/MBSB
TOmEDKTcRKPNn0+LF5EIXROx1wBxHARqn51PD9RYxMuEx7GInK+8N3EWVFegcxsL
1T4NfxlfBl4p6r+HIyaGwas/fFebgQ88YFaNYWD9h336A+DHaRtJaSn+ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDodthv/deQmPbuTH5Sjf6TLQNQyMB8GA1UdIwQY
MBaAFK4pdRoKyBplcZBUbqR4DNhhQNyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmlsMUdncklHbVZ4a0ZSdXBIZ00yR0ZBM0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy83NWUzNmMtZGIxZi00ODNlLWIwZWYt
MjI5MDUxODc5Yjc0LzEvT2gyMkdfOTE1Q1k5dTVNZmxLTl9wTXRBMURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy83NWUzNmMtZGIxZi00ODNlLWIwZWYtMjI5MDUxODc5Yjc0
LzEvcmlsMUdncklHbVZ4a0ZSdXBIZ00yR0ZBM0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfwAMA0G
CSqGSIb3DQEBCwUAA4IBAQAZzqCfTCzH+GoX2xg7/sJonLJfmQp5002wUWJc4cMu
RyVT0Nm14XS0NROFcYcsPLLENdu/jEc1TVdRP8nMUx5Rkg+KdZDS1VL9pTJk07mi
jSNNJ/jvww2BHp82CGl5lak07GI9LKa0ZqRTPVlPSTkYy0ZRGpndHL3ceVqOkhp/
E8awOJDQmuoa8fCzmC6XBD0loUkjnNueoaaqaGru4+ITA7gcrRQZGOXuPsdaWp7u
xO9ED259LwuWwoNPO6/feNu8VWVyDRKw2O71m2gLUKWZRbQrXRrREbUgbDaFKjy5
WcaEAQqePXFEbYgjpEglJLjlYYJyivq/0h/YyEUG1VMd
-----END CERTIFICATE-----