This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OB7HIJ6E7VL850eNPLbDO9hsF0w.roa
File:                     OB7HIJ6E7VL850eNPLbDO9hsF0w.roa (raw, json)
Hash identifier:          nMO9swrGeSsqg3nG7FL8cD0rTbfGf4XKw96dzuahhzY=
Subject key identifier:   38:1E:C7:20:9E:84:ED:52:FC:E7:47:8D:3C:B6:C3:3B:D8:6C:17:4C
Certificate issuer:       /CN=3a48e033deb64ac4243c72ce899d53822df6996d
Certificate serial:       019B7DCB35F61006F3264345A27382C774DA
Authority key identifier: 3A:48:E0:33:DE:B6:4A:C4:24:3C:72:CE:89:9D:53:82:2D:F6:99:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OkjgM962SsQkPHLOiZ1Tgi32mW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OB7HIJ6E7VL850eNPLbDO9hsF0w.roa
Signing time:             Fri 02 Jan 2026 08:20:28 +0000
ROA not before:           Fri 02 Jan 2026 08:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47543
IP address blocks:        2001:678:1c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OkjgM962SsQkPHLOiZ1Tgi32mW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:35:f6:10:06:f3:26:43:45:a2:73:82:c7:74:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a48e033deb64ac4243c72ce899d53822df6996d
        Validity
            Not Before: Jan  2 08:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=381ec7209e84ed52fce7478d3cb6c33bd86c174c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f5:e6:dc:5a:7d:65:ee:83:12:d8:a4:e5:5d:
                    c4:61:7c:32:4c:88:60:ca:c8:ac:81:95:f8:51:10:
                    ed:fd:ff:46:c7:ad:90:ee:68:29:fc:b3:92:41:de:
                    87:fb:5a:c3:d8:36:1a:01:52:ca:99:4b:13:82:19:
                    5b:ad:12:4f:d4:9d:1e:74:ea:1f:c5:b0:82:88:07:
                    62:e3:41:f3:ae:e8:44:29:36:b8:53:40:11:3e:43:
                    5c:87:87:18:53:47:bd:9f:a8:28:25:03:0a:68:20:
                    a4:ea:00:23:af:b5:66:d7:bb:d0:f1:1b:91:b9:57:
                    26:af:52:11:82:5b:67:d7:56:a0:38:e8:d3:f1:19:
                    ca:cc:81:8d:1f:6b:33:4b:98:23:7e:2b:12:f4:1c:
                    2d:c4:08:08:05:a5:15:9b:08:90:73:9b:a4:8d:cf:
                    86:59:34:a1:dc:9c:8e:d2:6c:5e:96:cf:9e:fb:ad:
                    c9:c2:3d:0e:37:c2:ad:36:5d:1b:b3:64:01:31:05:
                    9d:07:b8:a5:e3:65:03:8d:e3:86:b2:0e:f2:bb:d0:
                    f0:bb:fe:30:4b:84:71:7a:a3:07:01:ad:3f:18:1b:
                    de:c9:d1:ee:c5:8f:97:fb:62:8d:b2:02:bb:5d:61:
                    3e:27:a2:32:3a:40:5f:12:63:f1:1e:d5:46:95:d4:
                    2e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:1E:C7:20:9E:84:ED:52:FC:E7:47:8D:3C:B6:C3:3B:D8:6C:17:4C
            X509v3 Authority Key Identifier:
                keyid:3A:48:E0:33:DE:B6:4A:C4:24:3C:72:CE:89:9D:53:82:2D:F6:99:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OkjgM962SsQkPHLOiZ1Tgi32mW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OB7HIJ6E7VL850eNPLbDO9hsF0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:85:69:b0:54:9a:d8:0e:56:a1:51:e0:ba:07:32:23:75:a3:
         26:a1:87:25:4c:27:6b:6a:a0:4e:4d:06:7c:b8:e7:5e:c9:7c:
         91:f3:79:52:2c:ef:ac:2b:82:54:13:61:76:ef:ca:eb:85:5f:
         68:21:f0:01:d3:18:db:8e:70:b1:1c:e4:8d:f3:e7:da:86:c7:
         32:dd:df:90:9a:d7:37:da:01:b8:20:e7:9d:e7:fe:f9:93:44:
         6c:8f:ff:74:85:3c:86:68:e1:d7:85:fb:fd:34:2d:0b:be:82:
         78:57:45:da:fe:a7:52:47:7f:75:08:77:51:43:60:ad:8f:82:
         3d:2c:3e:8f:df:d7:b8:2e:5a:44:f6:58:86:5b:1d:17:31:7e:
         14:c2:92:83:96:c9:dc:0c:0a:df:3f:01:91:f3:94:6a:44:9c:
         38:9c:60:93:fd:70:a8:5d:1c:63:a2:e8:11:b7:f5:2a:f3:54:
         aa:a6:25:39:f5:34:8f:f6:db:13:c7:c2:e3:b7:f8:ca:f5:b4:
         69:c8:f4:1a:7f:fa:56:77:2d:66:0d:da:b0:ff:90:1b:e5:ca:
         2a:74:69:09:3d:63:91:c4:55:ad:55:35:fe:70:52:de:65:70:
         bd:4e:46:91:4e:2e:28:e8:e5:b4:02:ad:d7:83:73:bc:f0:79:
         9e:05:39:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9yzX2EAbzJkNFonOCx3TaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDhlMDMzZGViNjRhYzQyNDNjNzJjZTg5OWQ1MzgyMmRm
Njk5NmQwHhcNMjYwMTAyMDgyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODFlYzcyMDllODRlZDUyZmNlNzQ3OGQzY2I2YzMzYmQ4NmMxNzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfXm3Fp9Ze6DEtik5V3EYXwyTIhg
ysisgZX4URDt/f9Gx62Q7mgp/LOSQd6H+1rD2DYaAVLKmUsTghlbrRJP1J0edOof
xbCCiAdi40HzruhEKTa4U0ARPkNch4cYU0e9n6goJQMKaCCk6gAjr7Vm17vQ8RuR
uVcmr1IRgltn11agOOjT8RnKzIGNH2szS5gjfisS9BwtxAgIBaUVmwiQc5ukjc+G
WTSh3JyO0mxels+e+63Jwj0ON8KtNl0bs2QBMQWdB7il42UDjeOGsg7yu9Dwu/4w
S4RxeqMHAa0/GBveydHuxY+X+2KNsgK7XWE+J6IyOkBfEmPxHtVGldQuoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDgexyCehO1S/OdHjTy2wzvYbBdMMB8GA1UdIwQY
MBaAFDpI4DPetkrEJDxyzomdU4It9pltMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tqZ005NjJTc1FrUEhMT2laMVRnaTMybVcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83ZmE3YjAtYWNlNC00OTJkLThlOTEt
YzUzMjFkYzllNjRiLzEvT0I3SElKNkU3Vkw4NTBlTlBMYkRPOWhzRjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83ZmE3YjAtYWNlNC00OTJkLThlOTEtYzUzMjFkYzllNjRi
LzEvT2tqZ005NjJTc1FrUEhMT2laMVRnaTMybVcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAHI
MA0GCSqGSIb3DQEBCwUAA4IBAQBmhWmwVJrYDlahUeC6BzIjdaMmoYclTCdraqBO
TQZ8uOdeyXyR83lSLO+sK4JUE2F278rrhV9oIfAB0xjbjnCxHOSN8+fahscy3d+Q
mtc32gG4IOed5/75k0Rsj/90hTyGaOHXhfv9NC0LvoJ4V0Xa/qdSR391CHdRQ2Ct
j4I9LD6P39e4LlpE9liGWx0XMX4UwpKDlsncDArfPwGR85RqRJw4nGCT/XCoXRxj
ougRt/Uq81SqpiU59TSP9tsTx8Ljt/jK9bRpyPQaf/pWdy1mDdqw/5Ab5coqdGkJ
PWORxFWtVTX+cFLeZXC9TkaRTi4o6OW0Aq3Xg3O88HmeBTlT
-----END CERTIFICATE-----