This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/oK8DgClRz_oA4VjYTOJycO25RE8.roa
File:                     oK8DgClRz_oA4VjYTOJycO25RE8.roa (raw, json)
Hash identifier:          HL0prlO8v1UmrZWNdBDiYE7Jz5klWeZulY7cNTFYDKo=
Subject key identifier:   A0:AF:03:80:29:51:CF:FA:00:E1:58:D8:4C:E2:72:70:ED:B9:44:4F
Certificate issuer:       /CN=9b86bd882e476e4698318f370712f71c2bf50dfc
Certificate serial:       019B7A5B9AA676D6806F0C3A16DB00BE400C
Authority key identifier: 9B:86:BD:88:2E:47:6E:46:98:31:8F:37:07:12:F7:1C:2B:F5:0D:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/oK8DgClRz_oA4VjYTOJycO25RE8.roa
Signing time:             Thu 01 Jan 2026 16:19:42 +0000
ROA not before:           Thu 01 Jan 2026 16:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1921
IP address blocks:        2001:67c:10e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:9a:a6:76:d6:80:6f:0c:3a:16:db:00:be:40:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b86bd882e476e4698318f370712f71c2bf50dfc
        Validity
            Not Before: Jan  1 16:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0af03802951cffa00e158d84ce27270edb9444f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:3c:ca:4b:52:08:16:f5:2c:18:be:b0:b4:98:
                    bb:ba:01:1d:eb:cf:1c:d1:9b:48:20:2e:21:4d:6c:
                    c6:6b:2d:65:e2:ac:a8:c6:64:51:49:59:35:14:c9:
                    28:73:8e:4e:8d:64:29:d3:04:5c:c7:79:5b:64:2f:
                    28:a4:a7:c2:a7:f6:c7:58:1c:ad:71:c4:b9:9a:08:
                    cd:27:b4:5b:d7:5d:89:93:9d:73:d9:48:97:da:cc:
                    cd:33:8e:48:22:50:60:a6:20:65:2a:31:9f:6d:b1:
                    18:8f:37:bf:c4:42:c8:be:de:87:4d:1b:14:e3:c7:
                    d1:82:5d:c7:03:00:17:34:45:e4:77:ec:81:17:a9:
                    9f:25:ac:b2:11:55:01:27:15:eb:d4:fb:fc:a0:c1:
                    99:b1:0f:6d:e6:aa:89:c0:4c:cb:dc:5e:72:a8:fc:
                    d4:a5:b5:8b:1a:7f:6b:64:a1:7c:cd:b1:ca:61:c4:
                    4c:bf:5f:85:12:b6:de:cf:6b:6a:ae:08:e7:a3:d9:
                    bb:52:d1:91:5f:02:e9:b1:93:26:34:d9:63:1d:f0:
                    7d:71:09:9d:57:67:56:aa:10:08:32:9d:a6:b4:bc:
                    79:8a:f8:db:93:5f:00:76:33:57:e7:67:27:01:8d:
                    80:ed:5e:62:2e:bd:35:e5:69:16:d4:b8:d5:d9:bc:
                    84:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:AF:03:80:29:51:CF:FA:00:E1:58:D8:4C:E2:72:70:ED:B9:44:4F
            X509v3 Authority Key Identifier:
                keyid:9B:86:BD:88:2E:47:6E:46:98:31:8F:37:07:12:F7:1C:2B:F5:0D:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/oK8DgClRz_oA4VjYTOJycO25RE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:10e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:2c:6a:c5:d5:1b:da:ff:09:52:f8:a1:c7:6c:4d:ff:a7:aa:
         b8:8c:13:87:6b:5c:68:e3:9c:57:51:4c:c5:3f:b2:d0:44:02:
         34:4d:91:71:37:e0:0b:60:b5:de:b3:64:12:25:6b:92:97:63:
         3d:48:9f:00:5c:75:f3:1c:02:0e:8b:64:94:ab:51:c8:8e:7b:
         55:25:cd:8f:94:a3:30:89:b9:20:04:af:9d:99:60:df:b9:86:
         27:b6:78:34:e1:2a:04:a6:22:1b:48:73:92:89:ea:60:7f:19:
         df:39:0b:1a:92:7c:ee:5c:c0:09:c0:3e:47:b5:89:49:9f:2f:
         0c:c4:af:ef:33:45:36:b7:20:c1:eb:bf:50:60:e6:f6:8b:b9:
         aa:62:70:7b:f9:d9:ce:a0:5f:ca:57:25:67:75:82:70:e8:dd:
         16:6a:3b:fa:8f:8e:48:f6:d4:fa:dc:f5:87:70:ba:cc:84:b8:
         62:5a:75:ae:f2:f4:a8:d4:a0:70:d8:dc:f6:e3:95:aa:6a:25:
         7f:3e:57:30:b1:09:6f:a4:d1:4c:2f:cc:df:e8:b9:f7:74:ad:
         5a:bb:48:fb:ba:4c:27:05:0c:4f:db:b5:12:20:b0:b2:09:27:
         51:68:15:9a:ec:54:4e:2a:56:50:12:cb:a3:f2:53:52:6a:03:
         12:b9:cf:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6W5qmdtaAbww6FtsAvkAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODZiZDg4MmU0NzZlNDY5ODMxOGYzNzA3MTJmNzFjMmJm
NTBkZmMwHhcNMjYwMTAxMTYxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGFmMDM4MDI5NTFjZmZhMDBlMTU4ZDg0Y2UyNzI3MGVkYjk0NDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+TzKS1IIFvUsGL6wtJi7ugEd688c
0ZtIIC4hTWzGay1l4qyoxmRRSVk1FMkoc45OjWQp0wRcx3lbZC8opKfCp/bHWByt
ccS5mgjNJ7Rb112Jk51z2UiX2szNM45IIlBgpiBlKjGfbbEYjze/xELIvt6HTRsU
48fRgl3HAwAXNEXkd+yBF6mfJayyEVUBJxXr1Pv8oMGZsQ9t5qqJwEzL3F5yqPzU
pbWLGn9rZKF8zbHKYcRMv1+FErbez2tqrgjno9m7UtGRXwLpsZMmNNljHfB9cQmd
V2dWqhAIMp2mtLx5ivjbk18AdjNX52cnAY2A7V5iLr015WkW1LjV2byE/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKCvA4ApUc/6AOFY2EzicnDtuURPMB8GA1UdIwQY
MBaAFJuGvYguR25GmDGPNwcS9xwr9Q38MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRhOWlDNUhia2FZTVk4M0J4TDNIQ3YxRGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MjkwZDUtMWVkNS00Y2ExLTk2ZmQt
YmZjNzNkZDBiYmI2LzEvb0s4RGdDbFJ6X29BNFZqWVRPSnljTzI1UkU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MjkwZDUtMWVkNS00Y2ExLTk2ZmQtYmZjNzNkZDBiYmI2
LzEvbTRhOWlDNUhia2FZTVk4M0J4TDNIQ3YxRGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBDg
MA0GCSqGSIb3DQEBCwUAA4IBAQA9LGrF1Rva/wlS+KHHbE3/p6q4jBOHa1xo45xX
UUzFP7LQRAI0TZFxN+ALYLXes2QSJWuSl2M9SJ8AXHXzHAIOi2SUq1HIjntVJc2P
lKMwibkgBK+dmWDfuYYntng04SoEpiIbSHOSiepgfxnfOQsaknzuXMAJwD5HtYlJ
ny8MxK/vM0U2tyDB679QYOb2i7mqYnB7+dnOoF/KVyVndYJw6N0Wajv6j45I9tT6
3PWHcLrMhLhiWnWu8vSo1KBw2Nz245WqaiV/PlcwsQlvpNFML8zf6Ln3dK1au0j7
ukwnBQxP27USILCyCSdRaBWa7FROKlZQEsuj8lNSagMSuc+C
-----END CERTIFICATE-----