This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/Oy65Flm_uwrvJdQB08a6SJ4kW8I.roa
File:                     Oy65Flm_uwrvJdQB08a6SJ4kW8I.roa (raw, json)
Hash identifier:          fu4fm6NabdEAcEXhd0h2UuWDUtPed2OsOBwT+zaFccI=
Subject key identifier:   3B:2E:B9:16:59:BF:BB:0A:EF:25:D4:01:D3:C6:BA:48:9E:24:5B:C2
Certificate issuer:       /CN=7aa86c8156f0806dcccdc22dcc4d6175b8fa9893
Certificate serial:       019B7C12422891717F25C036E0EE332B8850
Authority key identifier: 7A:A8:6C:81:56:F0:80:6D:CC:CD:C2:2D:CC:4D:61:75:B8:FA:98:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eqhsgVbwgG3MzcItzE1hdbj6mJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/Oy65Flm_uwrvJdQB08a6SJ4kW8I.roa
Signing time:             Fri 02 Jan 2026 00:18:49 +0000
ROA not before:           Fri 02 Jan 2026 00:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202675
IP address blocks:        194.76.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/eqhsgVbwgG3MzcItzE1hdbj6mJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/eqhsgVbwgG3MzcItzE1hdbj6mJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eqhsgVbwgG3MzcItzE1hdbj6mJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:42:28:91:71:7f:25:c0:36:e0:ee:33:2b:88:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aa86c8156f0806dcccdc22dcc4d6175b8fa9893
        Validity
            Not Before: Jan  2 00:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b2eb91659bfbb0aef25d401d3c6ba489e245bc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1c:5f:67:6a:3c:97:35:46:34:81:d1:11:4f:
                    cf:30:5c:1c:7b:d6:c3:a0:96:12:77:01:fb:e9:f5:
                    5d:c6:6e:30:52:09:04:6c:fb:a8:1e:4f:00:4a:b1:
                    16:13:78:83:b3:f2:fa:f7:e2:19:c9:47:96:14:e8:
                    54:db:45:c3:76:ea:f9:11:d9:58:3b:32:a5:71:fe:
                    c0:31:2f:f0:6c:bb:e8:f1:ee:b3:1e:fd:81:35:4f:
                    fa:9b:b2:41:03:05:1f:30:c1:e6:0f:9a:49:18:82:
                    e6:e3:eb:51:51:51:6d:2b:7c:c3:34:d1:15:81:01:
                    ab:09:ee:2b:49:4b:28:92:39:89:e6:f9:43:b9:de:
                    fd:45:b7:c0:c8:f8:e3:69:86:59:63:b0:51:0d:0d:
                    cf:f1:8f:6e:25:f0:bb:01:dc:58:63:50:a7:75:1e:
                    e3:5b:23:7f:54:41:48:76:16:0b:5c:2e:dc:f4:f6:
                    f7:b9:33:8e:9e:f5:06:81:43:40:62:46:17:b6:ba:
                    74:22:fd:66:ef:fd:09:e9:d4:c6:e4:96:e4:39:8a:
                    12:58:17:f1:ea:b7:74:39:23:c8:38:fe:48:3a:87:
                    df:69:f5:de:a3:10:2a:d4:09:28:f0:85:f8:ea:37:
                    6c:73:d9:6c:ca:8d:90:01:2f:c2:1c:19:cd:20:15:
                    2a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:2E:B9:16:59:BF:BB:0A:EF:25:D4:01:D3:C6:BA:48:9E:24:5B:C2
            X509v3 Authority Key Identifier:
                keyid:7A:A8:6C:81:56:F0:80:6D:CC:CD:C2:2D:CC:4D:61:75:B8:FA:98:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eqhsgVbwgG3MzcItzE1hdbj6mJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/Oy65Flm_uwrvJdQB08a6SJ4kW8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/eqhsgVbwgG3MzcItzE1hdbj6mJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:40:12:a2:dd:5c:2b:b1:20:48:4c:e0:50:78:46:e0:55:72:
         51:ec:78:d7:24:7a:40:ed:87:2c:82:59:d4:dc:df:e5:bb:87:
         8d:9f:b3:43:51:a7:fd:ce:94:9f:1a:f7:12:88:eb:90:ff:eb:
         ae:55:96:e0:47:a1:cc:df:15:5e:e8:c4:25:bb:90:40:bd:2e:
         25:03:79:77:0e:7e:55:43:d3:89:db:f2:05:ef:0e:61:4b:9f:
         57:95:da:4d:0e:34:c9:41:51:cd:91:fd:c1:aa:1c:da:c7:e1:
         2d:5b:58:8d:59:43:94:64:38:2a:cf:6a:97:06:d7:a7:b4:aa:
         28:d8:db:71:94:90:2e:95:75:92:2a:5f:3a:98:c3:52:19:e4:
         67:36:fe:df:8b:c2:65:31:ea:1e:4e:c9:de:7c:50:76:c2:6d:
         36:29:5b:d4:6b:dd:69:62:67:bb:ab:27:05:87:7c:16:0d:c6:
         09:00:9d:0a:c8:db:a7:56:79:16:d6:1e:d6:8f:f6:cd:5f:f8:
         ca:67:12:c7:d3:44:2f:33:ac:10:b2:a2:a7:6b:1f:c3:47:c8:
         cf:94:74:e7:6d:37:c7:b0:24:eb:f0:85:bb:15:90:ed:00:c2:
         ad:5e:9f:93:27:ad:98:36:33:51:f8:70:96:37:8f:8f:af:97:
         03:37:9b:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EkIokXF/JcA24O4zK4hQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYTg2YzgxNTZmMDgwNmRjY2NkYzIyZGNjNGQ2MTc1Yjhm
YTk4OTMwHhcNMjYwMTAyMDAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjJlYjkxNjU5YmZiYjBhZWYyNWQ0MDFkM2M2YmE0ODllMjQ1YmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xxfZ2o8lzVGNIHREU/PMFwce9bD
oJYSdwH76fVdxm4wUgkEbPuoHk8ASrEWE3iDs/L69+IZyUeWFOhU20XDdur5EdlY
OzKlcf7AMS/wbLvo8e6zHv2BNU/6m7JBAwUfMMHmD5pJGILm4+tRUVFtK3zDNNEV
gQGrCe4rSUsokjmJ5vlDud79RbfAyPjjaYZZY7BRDQ3P8Y9uJfC7AdxYY1CndR7j
WyN/VEFIdhYLXC7c9Pb3uTOOnvUGgUNAYkYXtrp0Iv1m7/0J6dTG5JbkOYoSWBfx
6rd0OSPIOP5IOoffafXeoxAq1Ako8IX46jdsc9lsyo2QAS/CHBnNIBUq+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsuuRZZv7sK7yXUAdPGukieJFvCMB8GA1UdIwQY
MBaAFHqobIFW8IBtzM3CLcxNYXW4+piTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXFoc2dWYndnRzNNemNJdHpFMWhkYmo2bUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iMmQ0ZDgtNGY3Yy00NzU2LWE0NjEt
ZmFmZGJlZDU3NGFkLzEvT3k2NUZsbV91d3J2SmRRQjA4YTZTSjRrVzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iMmQ0ZDgtNGY3Yy00NzU2LWE0NjEtZmFmZGJlZDU3NGFk
LzEvZXFoc2dWYndnRzNNemNJdHpFMWhkYmo2bUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwkx0MA0G
CSqGSIb3DQEBCwUAA4IBAQCoQBKi3VwrsSBITOBQeEbgVXJR7HjXJHpA7YcsglnU
3N/lu4eNn7NDUaf9zpSfGvcSiOuQ/+uuVZbgR6HM3xVe6MQlu5BAvS4lA3l3Dn5V
Q9OJ2/IF7w5hS59XldpNDjTJQVHNkf3Bqhzax+EtW1iNWUOUZDgqz2qXBtentKoo
2NtxlJAulXWSKl86mMNSGeRnNv7fi8JlMeoeTsnefFB2wm02KVvUa91pYme7qycF
h3wWDcYJAJ0KyNunVnkW1h7Wj/bNX/jKZxLH00QvM6wQsqKnax/DR8jPlHTnbTfH
sCTr8IW7FZDtAMKtXp+TJ62YNjNR+HCWN4+Pr5cDN5vx
-----END CERTIFICATE-----