This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oIWU__MTWZao_gHIFZZj-Owq8ZI.roa
File:                     oIWU__MTWZao_gHIFZZj-Owq8ZI.roa (raw, json)
Hash identifier:          tD/q3hixssgoJOuCWAHJyl21GNVAxJUCj1hVH/ziNXI=
Subject key identifier:   A0:85:94:FF:F3:13:59:96:A8:FE:01:C8:15:96:63:F8:EC:2A:F1:92
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019B7F810B5C21289A6B16519DA0AF9FA1FB
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oIWU__MTWZao_gHIFZZj-Owq8ZI.roa
Signing time:             Fri 02 Jan 2026 16:18:41 +0000
ROA not before:           Fri 02 Jan 2026 16:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31244
IP address blocks:        45.131.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:0b:5c:21:28:9a:6b:16:51:9d:a0:af:9f:a1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  2 16:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a08594fff3135996a8fe01c8159663f8ec2af192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:18:df:f9:20:7e:d9:19:3f:1d:7e:48:f4:5e:
                    25:df:ee:15:c0:a7:60:0a:53:c9:03:38:49:42:02:
                    7a:11:31:40:7f:70:39:a1:9c:a1:42:23:39:2d:ec:
                    12:b7:82:64:6f:af:29:bb:25:e3:6e:24:1c:72:2a:
                    e6:fc:8d:43:21:7d:c9:17:e9:ea:3c:16:3d:c9:94:
                    04:f3:1d:1e:76:0b:2d:b1:cd:1b:ec:55:22:47:4a:
                    d3:66:cf:46:c8:ee:c4:95:4c:26:d9:f5:7b:06:f5:
                    d9:c6:76:2c:b4:92:68:63:1d:c4:2e:7b:95:e6:35:
                    df:21:37:ae:f3:b5:bf:64:af:15:c2:d9:04:9b:9c:
                    62:f0:90:f9:53:a7:bd:df:c0:f3:15:64:9b:4c:34:
                    4b:2d:a9:fe:55:c5:bd:9b:27:e5:19:23:cc:23:a1:
                    50:68:ac:ac:36:2e:49:ff:06:31:7d:50:78:a2:be:
                    04:c6:45:db:7d:d4:68:3d:f4:30:cf:39:fe:9a:e2:
                    3c:8f:8a:58:a4:9a:b5:b2:6f:7c:9e:34:04:c4:ec:
                    67:a3:fe:04:ca:56:e1:03:f2:cc:77:5f:e8:6d:f1:
                    38:c5:62:3f:33:97:54:f2:2c:40:59:72:dd:93:01:
                    c0:af:c4:86:d9:ee:3c:a7:65:20:f5:45:ce:fd:0b:
                    a1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:85:94:FF:F3:13:59:96:A8:FE:01:C8:15:96:63:F8:EC:2A:F1:92
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oIWU__MTWZao_gHIFZZj-Owq8ZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:95:67:39:d6:86:b2:8b:3d:7a:d5:a2:99:d6:bf:3d:b6:83:
         1b:90:e2:09:d3:c1:04:2f:83:65:08:2d:f7:d4:d6:17:62:93:
         e0:60:50:8b:e6:07:2b:0b:8d:cf:bf:37:b3:45:f9:25:54:c2:
         5d:f0:cf:46:c2:c8:88:b3:3e:15:80:cc:c2:ca:9a:e5:74:56:
         9d:5b:a6:9a:d4:a9:9d:0f:0b:20:0a:83:83:ad:4a:52:60:84:
         06:5f:3e:2a:20:94:6f:7b:a1:12:c0:23:52:85:83:4a:2d:e4:
         53:f7:25:68:b2:95:6f:61:d8:e4:1f:e1:fb:93:f5:b0:e8:04:
         44:af:44:de:63:eb:5d:e5:d9:a0:84:cc:8f:74:f1:67:a5:b4:
         ca:7a:40:61:6e:64:9a:eb:ac:f4:f6:0b:3f:d2:a7:ad:2a:17:
         1d:f1:fb:ec:46:09:8f:cc:1d:ab:27:87:6b:2c:a6:4b:d5:91:
         47:d8:87:fc:f7:f8:21:be:fa:a4:39:89:0f:e4:c1:71:30:9e:
         90:e1:ce:6c:34:39:4b:e2:2c:86:fa:ce:f2:92:af:ec:31:fb:
         10:e1:2a:85:24:03:74:f1:b4:11:91:39:b9:8f:46:d3:05:41:
         23:a7:67:47:4c:17:2d:83:38:0d:c3:42:0b:29:2e:19:69:f7:
         9c:24:6a:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gQtcISiaaxZRnaCvn6H7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjYwMTAyMTYxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDg1OTRmZmYzMTM1OTk2YThmZTAxYzgxNTk2NjNmOGVjMmFmMTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBjf+SB+2Rk/HX5I9F4l3+4VwKdg
ClPJAzhJQgJ6ETFAf3A5oZyhQiM5LewSt4Jkb68puyXjbiQccirm/I1DIX3JF+nq
PBY9yZQE8x0edgstsc0b7FUiR0rTZs9GyO7ElUwm2fV7BvXZxnYstJJoYx3ELnuV
5jXfITeu87W/ZK8VwtkEm5xi8JD5U6e938DzFWSbTDRLLan+VcW9myflGSPMI6FQ
aKysNi5J/wYxfVB4or4ExkXbfdRoPfQwzzn+muI8j4pYpJq1sm98njQExOxno/4E
ylbhA/LMd1/obfE4xWI/M5dU8ixAWXLdkwHAr8SG2e48p2Ug9UXO/QuhuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCFlP/zE1mWqP4ByBWWY/jsKvGSMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvb0lXVV9fTVRXWmFvX2dISUZaWmotT3dxOFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYNrMA0G
CSqGSIb3DQEBCwUAA4IBAQDSlWc51oayiz161aKZ1r89toMbkOIJ08EEL4NlCC33
1NYXYpPgYFCL5gcrC43PvzezRfklVMJd8M9GwsiIsz4VgMzCyprldFadW6aa1Kmd
DwsgCoODrUpSYIQGXz4qIJRve6ESwCNShYNKLeRT9yVospVvYdjkH+H7k/Ww6ARE
r0TeY+td5dmghMyPdPFnpbTKekBhbmSa66z09gs/0qetKhcd8fvsRgmPzB2rJ4dr
LKZL1ZFH2If89/ghvvqkOYkP5MFxMJ6Q4c5sNDlL4iyG+s7ykq/sMfsQ4SqFJAN0
8bQRkTm5j0bTBUEjp2dHTBctgzgNw0ILKS4ZafecJGoY
-----END CERTIFICATE-----