This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/OBQM5DMxsXd8UYloBELTh0_YDFg.roa
File:                     OBQM5DMxsXd8UYloBELTh0_YDFg.roa (raw, json)
Hash identifier:          cUKys7HpJ0uvCxWgEClX3G203lB5CS0GfCMC3yuQbIU=
Subject key identifier:   38:14:0C:E4:33:31:B1:77:7C:51:89:68:04:42:D3:87:4F:D8:0C:58
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019AA025602486E340D1D1CC59A5A16B9E6E
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/OBQM5DMxsXd8UYloBELTh0_YDFg.roa
Signing time:             Thu 20 Nov 2025 07:23:15 +0000
ROA not before:           Thu 20 Nov 2025 07:23:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.81.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 10:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:a0:25:60:24:86:e3:40:d1:d1:cc:59:a5:a1:6b:9e:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Nov 20 07:23:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38140ce43331b1777c5189680442d3874fd80c58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3f:e5:6a:ad:fb:14:87:62:9c:21:b0:2f:ec:
                    bc:63:fd:e6:f2:fa:7c:1e:47:6a:35:44:f5:4c:9d:
                    0c:f8:61:54:7e:bb:2b:89:8e:2c:86:94:a8:1a:0e:
                    80:86:94:d5:07:0e:88:d7:84:dd:ca:ab:1e:ee:6c:
                    99:3e:8a:0f:d3:73:8f:b0:e9:cd:c5:a3:2a:81:56:
                    85:05:9f:2b:bc:28:01:0f:e9:14:de:a7:69:94:66:
                    d6:bc:c1:13:fb:59:28:4b:a6:a2:d6:b4:6d:e4:7c:
                    64:a6:a0:2c:a1:52:fc:ad:59:22:51:b6:7c:fd:ab:
                    e5:e0:17:68:0e:3d:c2:96:b6:2b:ff:c1:58:f0:9b:
                    f3:0b:f3:43:4f:03:70:0d:a5:c5:ef:e9:94:8f:42:
                    84:7a:88:1a:70:5f:34:93:80:07:b4:0b:a6:e8:a8:
                    9a:fc:76:f6:ed:a2:20:e3:36:c9:d6:1d:ff:1d:fd:
                    9c:7a:d9:c4:00:0b:d0:09:2f:da:b4:81:27:71:e5:
                    b4:c5:80:6d:7f:35:a7:9b:47:73:fa:49:2f:0b:b6:
                    97:fd:52:eb:8f:12:43:4c:bd:86:95:10:f0:bb:d1:
                    d0:0b:80:51:cb:d6:ec:eb:c6:d3:ba:ba:8f:95:d1:
                    0c:8e:d6:64:01:3a:0b:1e:69:c8:b7:6f:f8:2e:8e:
                    1d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:14:0C:E4:33:31:B1:77:7C:51:89:68:04:42:D3:87:4F:D8:0C:58
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/OBQM5DMxsXd8UYloBELTh0_YDFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:d3:5c:8a:8c:55:fd:6c:54:b4:87:3d:f9:8c:39:04:28:ae:
         67:13:65:7a:ab:e7:a7:50:2a:22:90:25:b6:51:e9:f3:52:6d:
         07:81:5a:15:63:f6:d5:d6:a7:14:69:47:84:3e:54:1e:20:53:
         4d:3f:cb:e1:f2:e6:fd:c9:dd:22:25:50:f6:30:98:10:b1:38:
         ce:58:07:38:77:e0:c6:0c:cb:a2:35:92:ff:8f:a1:49:49:24:
         41:53:3b:07:9f:8c:32:d7:da:70:b4:a3:0a:77:06:4e:92:82:
         71:c7:15:3a:1c:e1:54:fb:f3:4f:90:fd:a0:53:42:dd:ee:0a:
         34:90:25:07:27:18:67:03:a6:23:c3:2b:9c:cf:28:1f:11:a5:
         a4:2a:b9:4e:15:20:9b:8b:35:f6:a0:9c:d4:07:a8:8f:68:ce:
         77:da:de:18:58:80:bf:0b:31:16:c2:d8:98:ed:9f:00:56:4a:
         c9:8f:65:48:9d:3f:2f:e2:de:fe:29:dc:53:a2:a6:9f:df:ee:
         b1:b6:9e:19:50:49:03:d4:18:d1:49:81:67:f6:10:e0:96:db:
         10:5c:3e:4d:ad:ea:6b:e9:90:2d:b1:d2:8b:d8:7e:0b:32:da:
         32:51:c0:95:ef:fc:57:8a:ef:c8:e3:70:bf:dc:d0:00:c7:41:
         65:1c:77:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqgJWAkhuNA0dHMWaWha55uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUxMTIwMDcyMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODE0MGNlNDMzMzFiMTc3N2M1MTg5NjgwNDQyZDM4NzRmZDgwYzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT/laq37FIdinCGwL+y8Y/3m8vp8
HkdqNUT1TJ0M+GFUfrsriY4shpSoGg6AhpTVBw6I14Tdyqse7myZPooP03OPsOnN
xaMqgVaFBZ8rvCgBD+kU3qdplGbWvMET+1koS6ai1rRt5HxkpqAsoVL8rVkiUbZ8
/avl4BdoDj3ClrYr/8FY8JvzC/NDTwNwDaXF7+mUj0KEeogacF80k4AHtAum6Kia
/Hb27aIg4zbJ1h3/Hf2cetnEAAvQCS/atIEnceW0xYBtfzWnm0dz+kkvC7aX/VLr
jxJDTL2GlRDwu9HQC4BRy9bs68bTurqPldEMjtZkAToLHmnIt2/4Lo4d7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgUDOQzMbF3fFGJaARC04dP2AxYMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvT0JRTTVETXhzWGQ4VVlsb0JFTFRoMF9ZREZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVEcMA0G
CSqGSIb3DQEBCwUAA4IBAQBI01yKjFX9bFS0hz35jDkEKK5nE2V6q+enUCoikCW2
UenzUm0HgVoVY/bV1qcUaUeEPlQeIFNNP8vh8ub9yd0iJVD2MJgQsTjOWAc4d+DG
DMuiNZL/j6FJSSRBUzsHn4wy19pwtKMKdwZOkoJxxxU6HOFU+/NPkP2gU0Ld7go0
kCUHJxhnA6YjwyuczygfEaWkKrlOFSCbizX2oJzUB6iPaM532t4YWIC/CzEWwtiY
7Z8AVkrJj2VInT8v4t7+KdxToqaf3+6xtp4ZUEkD1BjRSYFn9hDgltsQXD5Nrepr
6ZAtsdKL2H4LMtoyUcCV7/xXiu/I43C/3NAAx0FlHHc5
-----END CERTIFICATE-----