This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/oS9h716veeRY1y9kuFn-MIGUEBg.roa
File:                     oS9h716veeRY1y9kuFn-MIGUEBg.roa (raw, json)
Hash identifier:          KS+2BIj/1oDD8HcECr/uPYIsA+2SUgLQkBkCEiNQnZg=
Subject key identifier:   A1:2F:61:EF:5E:AF:79:E4:58:D7:2F:64:B8:59:FE:30:81:94:10:18
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       019B7C80A00C34C1AE0A74B93BE46EA76237
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/oS9h716veeRY1y9kuFn-MIGUEBg.roa
Signing time:             Fri 02 Jan 2026 02:19:22 +0000
ROA not before:           Fri 02 Jan 2026 02:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6660
IP address blocks:        62.25.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a0:0c:34:c1:ae:0a:74:b9:3b:e4:6e:a7:62:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  2 02:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a12f61ef5eaf79e458d72f64b859fe3081941018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4b:bb:28:85:9d:cd:34:92:3a:c6:4c:58:f4:
                    b0:2c:46:39:63:8c:d2:40:7b:f4:06:c8:9a:93:7b:
                    b1:6a:fc:d8:b8:67:84:c3:be:0c:de:58:c2:06:f4:
                    6a:60:d9:4c:38:ba:82:4f:80:86:b1:be:4b:13:29:
                    1f:3a:56:4d:cd:10:f9:35:a1:be:95:27:fe:4c:28:
                    6b:e5:70:ef:21:25:ef:57:93:23:4b:22:9c:10:85:
                    23:89:5c:ec:fb:6f:26:74:57:2a:fd:e6:b6:1f:a1:
                    4d:8d:95:c3:3f:c3:88:51:51:b1:6c:4e:f0:87:9d:
                    15:da:94:d3:87:88:d9:a6:ba:2b:14:f5:a7:35:b0:
                    6a:b2:c4:27:a6:e9:44:71:5b:e1:1a:22:86:83:cb:
                    1e:c7:99:d2:2a:2e:f3:d1:68:89:7f:80:ac:ff:5f:
                    e2:b4:6b:8a:33:7a:07:66:09:4c:ea:f8:3f:dc:f6:
                    ca:2b:6c:5f:94:60:98:7c:ae:b0:c3:80:60:e5:a9:
                    2e:88:3f:09:65:5c:83:1f:55:6d:cd:c7:20:40:52:
                    5c:e5:f2:7a:d3:68:48:30:44:1d:b6:3d:91:7b:06:
                    a0:4f:d5:08:64:15:41:a4:57:88:5a:6d:3e:3c:71:
                    0f:59:12:56:84:4c:c5:67:9f:f4:0e:86:8c:49:7c:
                    72:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:2F:61:EF:5E:AF:79:E4:58:D7:2F:64:B8:59:FE:30:81:94:10:18
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/oS9h716veeRY1y9kuFn-MIGUEBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.25.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         5c:92:11:4b:9c:57:b0:09:4c:40:73:d8:44:f7:3b:58:4e:c0:
         d7:04:43:cd:b6:05:d3:e3:ee:43:ab:25:5e:3f:d9:74:aa:ad:
         79:e7:7a:2c:56:da:b4:c5:58:22:dd:94:de:eb:4c:f1:ce:73:
         79:6e:2a:57:2f:95:90:9e:e3:aa:b7:8d:1e:16:2a:1f:a1:4c:
         81:3a:27:9b:77:c9:33:8d:7d:e9:69:ba:95:1c:c0:ff:b9:c4:
         23:63:18:21:d3:33:1f:26:a2:6e:51:06:3a:53:1c:b9:2a:86:
         60:9c:2b:06:1b:f4:23:2d:86:29:7b:88:e0:91:9e:91:ec:f9:
         f1:2c:f7:6c:c0:f2:87:18:f9:fa:8d:b4:ed:3b:12:54:7d:5a:
         00:4d:66:73:d0:d3:23:ae:ca:7f:df:47:58:13:69:0f:8d:8f:
         3a:54:7f:56:f3:f8:2b:bb:40:ea:07:12:96:ea:ec:c4:e1:1a:
         a8:a7:46:6d:1f:ef:97:f7:e2:dd:05:d0:d6:3c:22:f8:ba:db:
         bd:88:4b:33:af:d2:e3:bb:80:a9:2d:a0:ff:b2:82:0a:0c:29:
         29:2b:29:c0:3c:58:d3:de:54:ca:27:d1:79:58:86:10:9d:23:
         52:d3:d6:4f:29:a4:91:3c:80:01:fd:9d:f1:44:cd:41:3a:73:
         e0:93:d4:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKAMNMGuCnS5O+Rup2I3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjYwMTAyMDIxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTJmNjFlZjVlYWY3OWU0NThkNzJmNjRiODU5ZmUzMDgxOTQxMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUu7KIWdzTSSOsZMWPSwLEY5Y4zS
QHv0Bsiak3uxavzYuGeEw74M3ljCBvRqYNlMOLqCT4CGsb5LEykfOlZNzRD5NaG+
lSf+TChr5XDvISXvV5MjSyKcEIUjiVzs+28mdFcq/ea2H6FNjZXDP8OIUVGxbE7w
h50V2pTTh4jZprorFPWnNbBqssQnpulEcVvhGiKGg8sex5nSKi7z0WiJf4Cs/1/i
tGuKM3oHZglM6vg/3PbKK2xflGCYfK6ww4Bg5akuiD8JZVyDH1VtzccgQFJc5fJ6
02hIMEQdtj2RewagT9UIZBVBpFeIWm0+PHEPWRJWhEzFZ5/0DoaMSXxycQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEvYe9er3nkWNcvZLhZ/jCBlBAYMB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvb1M5aDcxNnZlZVJZMXk5a3VGbi1NSUdVRUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHPhmAMA0G
CSqGSIb3DQEBCwUAA4IBAQBckhFLnFewCUxAc9hE9ztYTsDXBEPNtgXT4+5DqyVe
P9l0qq1553osVtq0xVgi3ZTe60zxznN5bipXL5WQnuOqt40eFiofoUyBOiebd8kz
jX3pabqVHMD/ucQjYxgh0zMfJqJuUQY6Uxy5KoZgnCsGG/QjLYYpe4jgkZ6R7Pnx
LPdswPKHGPn6jbTtOxJUfVoATWZz0NMjrsp/30dYE2kPjY86VH9W8/gru0DqBxKW
6uzE4Rqop0ZtH++X9+LdBdDWPCL4utu9iEszr9Lju4CpLaD/soIKDCkpKynAPFjT
3lTKJ9F5WIYQnSNS09ZPKaSRPIAB/Z3xRM1BOnPgk9SU
-----END CERTIFICATE-----