This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/OFCs67DffEHin03fXSzbafPRilM.roa
File:                     OFCs67DffEHin03fXSzbafPRilM.roa (raw, json)
Hash identifier:          6ap5zRRwDa5G9tEhkbImTGroNfBqTJcGLaIQpF4U370=
Subject key identifier:   38:50:AC:EB:B0:DF:7C:41:E2:9F:4D:DF:5D:2C:DB:69:F3:D1:8A:53
Certificate issuer:       /CN=a9d988d1df0a6ccab2e93614951059960bad4342
Certificate serial:       019B76EAC8143B3B80CCC988F4B4CBF780C4
Authority key identifier: A9:D9:88:D1:DF:0A:6C:CA:B2:E9:36:14:95:10:59:96:0B:AD:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/OFCs67DffEHin03fXSzbafPRilM.roa
Signing time:             Thu 01 Jan 2026 00:17:36 +0000
ROA not before:           Thu 01 Jan 2026 00:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2200
IP address blocks:        129.104.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:c8:14:3b:3b:80:cc:c9:88:f4:b4:cb:f7:80:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9d988d1df0a6ccab2e93614951059960bad4342
        Validity
            Not Before: Jan  1 00:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3850acebb0df7c41e29f4ddf5d2cdb69f3d18a53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:cd:f7:52:79:f9:c3:60:05:96:fe:be:d3:e6:
                    66:ab:9d:fc:30:ac:f5:c4:f5:38:50:be:06:32:a8:
                    fa:2b:03:83:06:47:15:4a:a0:ce:3e:65:3b:5f:01:
                    43:ef:7d:2e:57:a5:af:68:1d:bd:87:26:b0:a0:49:
                    51:e4:ef:40:c0:24:a7:47:37:42:de:e0:79:78:7b:
                    cb:28:b1:94:ed:1e:0a:83:00:7d:04:89:6d:44:df:
                    fc:23:0d:d5:a9:af:92:fc:5e:b7:5c:e2:85:6a:cc:
                    81:27:cf:89:79:c4:f2:cf:a9:7d:82:8f:3c:94:04:
                    61:dc:15:1e:00:44:4c:9d:20:fe:ab:d2:68:a3:0c:
                    a5:e2:07:dd:3f:89:83:8e:5c:8f:cb:78:3a:fa:98:
                    d5:ee:c8:1f:06:6b:e6:14:74:6f:5c:44:25:df:a8:
                    1c:78:63:01:b9:fe:74:8f:99:e1:b4:ba:4b:1a:58:
                    ff:b1:4e:b1:9a:67:8a:85:e9:67:56:78:92:30:a4:
                    93:22:15:2c:19:2c:76:2f:2a:fe:6e:d3:c5:cb:8c:
                    f5:d9:0a:2a:6b:11:36:98:80:72:e3:de:83:c6:68:
                    95:cc:e9:55:6a:3e:da:7d:b4:f7:15:10:20:10:c0:
                    45:bf:ec:30:e8:ee:2c:95:38:13:db:f5:71:b2:3a:
                    2b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:50:AC:EB:B0:DF:7C:41:E2:9F:4D:DF:5D:2C:DB:69:F3:D1:8A:53
            X509v3 Authority Key Identifier:
                keyid:A9:D9:88:D1:DF:0A:6C:CA:B2:E9:36:14:95:10:59:96:0B:AD:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/OFCs67DffEHin03fXSzbafPRilM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.104.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4b:bd:ba:d5:44:c5:a2:71:1c:57:ce:b6:41:8b:88:3f:61:36:
         43:f3:27:b0:bb:73:ee:5c:2a:71:2a:c6:77:37:0e:97:62:d8:
         a2:1b:d2:dc:e0:e3:88:cb:f2:96:8a:52:9a:85:0d:e4:43:21:
         13:97:1a:c9:6e:ae:7e:51:c2:e4:e2:73:54:9b:fb:c5:fe:a3:
         96:b5:7b:6a:7f:d0:02:f4:c2:66:00:d6:fb:f2:0c:75:1a:ee:
         ce:0d:88:e0:42:a4:56:60:1e:86:6f:21:0b:a3:93:aa:e6:8c:
         2e:26:29:da:2a:20:4d:bd:8e:74:86:4f:6d:fe:ae:e6:c0:81:
         3b:d2:0c:c0:48:22:e0:b3:0f:1f:93:fa:cb:6a:53:4f:a7:47:
         0e:35:68:13:d2:c4:27:ad:0e:f1:e7:53:06:ae:75:5e:e3:bb:
         c8:42:9b:f9:56:3f:07:75:b6:dd:c3:99:fe:46:7f:cc:52:4d:
         8c:9b:db:5f:37:e7:90:08:ab:ea:cc:3d:b2:5d:f4:6c:6b:b0:
         14:fb:94:5d:83:3e:40:e3:77:ba:d5:e2:8e:72:89:42:45:d5:
         1e:33:6f:0e:c5:e9:77:cb:c7:16:c7:2e:49:26:fd:b6:17:16:
         ab:38:23:ca:26:55:f4:92:97:07:05:50:4a:b3:31:42:fb:77:
         9c:0c:03:7e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt26sgUOzuAzMmI9LTL94DEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZDk4OGQxZGYwYTZjY2FiMmU5MzYxNDk1MTA1OTk2MGJh
ZDQzNDIwHhcNMjYwMTAxMDAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODUwYWNlYmIwZGY3YzQxZTI5ZjRkZGY1ZDJjZGI2OWYzZDE4YTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiM33Unn5w2AFlv6+0+Zmq538MKz1
xPU4UL4GMqj6KwODBkcVSqDOPmU7XwFD730uV6WvaB29hyawoElR5O9AwCSnRzdC
3uB5eHvLKLGU7R4KgwB9BIltRN/8Iw3Vqa+S/F63XOKFasyBJ8+JecTyz6l9go88
lARh3BUeAERMnSD+q9Joowyl4gfdP4mDjlyPy3g6+pjV7sgfBmvmFHRvXEQl36gc
eGMBuf50j5nhtLpLGlj/sU6xmmeKhelnVniSMKSTIhUsGSx2Lyr+btPFy4z12Qoq
axE2mIBy496DxmiVzOlVaj7afbT3FRAgEMBFv+ww6O4slTgT2/Vxsjor2QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDhQrOuw33xB4p9N310s22nz0YpTMB8GA1UdIwQY
MBaAFKnZiNHfCmzKsuk2FJUQWZYLrUNCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRtSTBkOEtiTXF5NlRZVWxSQlpsZ3V0UTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82NGNlOGItZmY3YS00NzQ0LTk3MTIt
ZDk3MzBmNWI1ODY3LzEvT0ZDczY3RGZmRUhpbjAzZlhTemJhZlBSaWxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82NGNlOGItZmY3YS00NzQ0LTk3MTItZDk3MzBmNWI1ODY3
LzEvcWRtSTBkOEtiTXF5NlRZVWxSQlpsZ3V0UTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgWgwDQYJ
KoZIhvcNAQELBQADggEBAEu9utVExaJxHFfOtkGLiD9hNkPzJ7C7c+5cKnEqxnc3
Dpdi2KIb0tzg44jL8paKUpqFDeRDIROXGslurn5RwuTic1Sb+8X+o5a1e2p/0AL0
wmYA1vvyDHUa7s4NiOBCpFZgHoZvIQujk6rmjC4mKdoqIE29jnSGT23+rubAgTvS
DMBIIuCzDx+T+stqU0+nRw41aBPSxCetDvHnUwaudV7ju8hCm/lWPwd1tt3Dmf5G
f8xSTYyb218355AIq+rMPbJd9GxrsBT7lF2DPkDjd7rV4o5yiUJF1R4zbw7F6XfL
xxbHLkkm/bYXFqs4I8omVfSSlwcFUEqzMUL7d5wMA34=
-----END CERTIFICATE-----