This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/9a2314-2310-43dd-a766-16f52cea4eb1/1/oglaQX4nFsIGr-Rok7QLUW7-tlM.roa
File:                     oglaQX4nFsIGr-Rok7QLUW7-tlM.roa (raw, json)
Hash identifier:          s+KJpOp9hYCyRUjA+Of2ZWgASyr4epw2ZvVJ2zuqMSg=
Subject key identifier:   A2:09:5A:41:7E:27:16:C2:06:AF:E4:68:93:B4:0B:51:6E:FE:B6:53
Certificate issuer:       /CN=dc0e1b90d512cc3402f7614140629795e4d4ac4c
Certificate serial:       019B7F157DA73F09D7F6F994BEFFDC7CB5EA
Authority key identifier: DC:0E:1B:90:D5:12:CC:34:02:F7:61:41:40:62:97:95:E4:D4:AC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3A4bkNUSzDQC92FBQGKXleTUrEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/9a2314-2310-43dd-a766-16f52cea4eb1/1/oglaQX4nFsIGr-Rok7QLUW7-tlM.roa
Signing time:             Fri 02 Jan 2026 14:21:13 +0000
ROA not before:           Fri 02 Jan 2026 14:21:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205399
IP address blocks:        193.106.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/9a2314-2310-43dd-a766-16f52cea4eb1/1/3A4bkNUSzDQC92FBQGKXleTUrEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/9a2314-2310-43dd-a766-16f52cea4eb1/1/3A4bkNUSzDQC92FBQGKXleTUrEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3A4bkNUSzDQC92FBQGKXleTUrEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:7d:a7:3f:09:d7:f6:f9:94:be:ff:dc:7c:b5:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0e1b90d512cc3402f7614140629795e4d4ac4c
        Validity
            Not Before: Jan  2 14:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2095a417e2716c206afe46893b40b516efeb653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:06:58:34:45:b8:e2:b9:d9:90:8f:70:eb:5d:
                    a3:a9:a4:1d:9e:6f:bd:f6:3b:4f:28:4f:61:89:27:
                    5e:01:36:96:57:d3:05:f3:6a:76:6a:54:c8:6b:82:
                    e9:87:3f:97:93:1b:06:02:67:07:8a:32:af:55:1c:
                    04:ae:d2:10:da:a7:15:a7:a6:bc:7f:5a:5a:b4:69:
                    a9:07:9f:b0:42:3d:8f:ab:6c:b9:9d:cb:12:65:b6:
                    ef:57:c0:41:67:4c:c0:2d:cd:72:8a:cd:bd:e3:b9:
                    38:9e:62:90:b4:43:90:11:d3:65:c7:fe:62:6a:bd:
                    16:d0:dd:dd:43:f8:60:6a:8c:60:ec:3d:09:02:d6:
                    77:2b:c3:2d:f0:7c:ff:e1:54:54:21:1a:1b:72:77:
                    95:d5:76:ab:83:b1:c4:d4:ff:cd:45:b4:b9:a9:11:
                    9a:49:f8:b2:16:6d:b4:2c:66:86:9b:77:6f:bb:5a:
                    46:ef:b2:66:ba:d8:15:d0:83:76:b3:bd:ef:09:74:
                    7b:a2:9c:0a:3e:b0:df:b0:16:e1:ce:d0:fe:bc:40:
                    dc:1e:b8:a0:ce:cb:cd:ac:c9:f3:00:36:3e:e6:bb:
                    29:a0:06:ce:cb:0f:38:cc:a2:03:98:c8:0d:af:4f:
                    d2:84:34:7c:cd:36:25:7b:da:3a:c6:1c:35:8e:a8:
                    55:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:09:5A:41:7E:27:16:C2:06:AF:E4:68:93:B4:0B:51:6E:FE:B6:53
            X509v3 Authority Key Identifier:
                keyid:DC:0E:1B:90:D5:12:CC:34:02:F7:61:41:40:62:97:95:E4:D4:AC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3A4bkNUSzDQC92FBQGKXleTUrEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9a2314-2310-43dd-a766-16f52cea4eb1/1/oglaQX4nFsIGr-Rok7QLUW7-tlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9a2314-2310-43dd-a766-16f52cea4eb1/1/3A4bkNUSzDQC92FBQGKXleTUrEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d4:42:44:d4:7e:2f:34:02:21:d1:14:35:ac:27:5a:ac:8f:
         51:9b:41:77:a7:82:08:77:42:e6:c1:53:c6:b4:4b:7f:2c:9b:
         5c:06:eb:33:e7:51:34:b9:f3:e1:eb:79:86:a2:80:06:4c:b4:
         bc:fa:3d:96:93:fe:d2:e6:47:d4:f9:db:d9:62:b8:d2:eb:9b:
         b5:3e:ce:a7:17:28:55:df:d1:85:84:48:6a:a6:10:72:ca:2e:
         65:0f:7f:05:b7:d8:ed:e5:48:cd:1a:b5:61:ba:c3:c6:6b:da:
         6a:f1:58:eb:16:4c:9c:b1:45:fb:11:07:ef:cf:78:a7:8c:23:
         8e:66:1f:8a:21:b8:3f:b1:64:b4:bb:6e:a6:1f:a4:b4:93:cd:
         59:92:c5:bc:01:e0:57:ab:e6:9f:d4:eb:4b:74:c5:8a:5c:bf:
         cc:a6:3f:19:66:65:e4:f5:b5:e4:4b:fe:82:28:4f:a5:75:4c:
         0c:b3:6d:71:14:6f:52:ac:48:61:23:37:cc:1d:1a:55:60:90:
         a6:a2:b2:43:9b:f3:4f:57:ff:aa:79:89:49:80:39:5e:c5:8a:
         8a:73:4f:01:60:07:a9:e5:39:93:13:9e:cd:49:62:4e:c6:b2:
         da:c0:c2:1e:79:aa:44:29:1a:02:6b:45:6c:91:2b:c9:17:a6:
         f9:ee:ec:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FX2nPwnX9vmUvv/cfLXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGUxYjkwZDUxMmNjMzQwMmY3NjE0MTQwNjI5Nzk1ZTRk
NGFjNGMwHhcNMjYwMTAyMTQyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjA5NWE0MTdlMjcxNmMyMDZhZmU0Njg5M2I0MGI1MTZlZmViNjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QZYNEW44rnZkI9w612jqaQdnm+9
9jtPKE9hiSdeATaWV9MF82p2alTIa4Lphz+XkxsGAmcHijKvVRwErtIQ2qcVp6a8
f1patGmpB5+wQj2Pq2y5ncsSZbbvV8BBZ0zALc1yis2947k4nmKQtEOQEdNlx/5i
ar0W0N3dQ/hgaoxg7D0JAtZ3K8Mt8Hz/4VRUIRobcneV1Xarg7HE1P/NRbS5qRGa
SfiyFm20LGaGm3dvu1pG77JmutgV0IN2s73vCXR7opwKPrDfsBbhztD+vEDcHrig
zsvNrMnzADY+5rspoAbOyw84zKIDmMgNr0/ShDR8zTYle9o6xhw1jqhV9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIJWkF+JxbCBq/kaJO0C1Fu/rZTMB8GA1UdIwQY
MBaAFNwOG5DVEsw0AvdhQUBil5Xk1KxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0E0YmtOVVN6RFFDOTJGQlFHS1hsZVRVckV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85YTIzMTQtMjMxMC00M2RkLWE3NjYt
MTZmNTJjZWE0ZWIxLzEvb2dsYVFYNG5Gc0lHci1Sb2s3UUxVVzctdGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85YTIzMTQtMjMxMC00M2RkLWE3NjYtMTZmNTJjZWE0ZWIx
LzEvM0E0YmtOVVN6RFFDOTJGQlFHS1hsZVRVckV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWq8MA0G
CSqGSIb3DQEBCwUAA4IBAQCK1EJE1H4vNAIh0RQ1rCdarI9Rm0F3p4IId0LmwVPG
tEt/LJtcBusz51E0ufPh63mGooAGTLS8+j2Wk/7S5kfU+dvZYrjS65u1Ps6nFyhV
39GFhEhqphByyi5lD38Ft9jt5UjNGrVhusPGa9pq8VjrFkycsUX7EQfvz3injCOO
Zh+KIbg/sWS0u26mH6S0k81ZksW8AeBXq+af1OtLdMWKXL/Mpj8ZZmXk9bXkS/6C
KE+ldUwMs21xFG9SrEhhIzfMHRpVYJCmorJDm/NPV/+qeYlJgDlexYqKc08BYAep
5TmTE57NSWJOxrLawMIeeapEKRoCa0VskSvJF6b57uyd
-----END CERTIFICATE-----