This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/oZhmNHo1g-fLhYbLEUh1GW508Ns.roa
File:                     oZhmNHo1g-fLhYbLEUh1GW508Ns.roa (raw, json)
Hash identifier:          pc/tqbY3tzsPX8Y1oHBCD976XbZr/U1sHfOZb8voLLA=
Subject key identifier:   A1:98:66:34:7A:35:83:E7:CB:85:86:CB:11:48:75:19:6E:74:F0:DB
Certificate issuer:       /CN=0e2283e6e6af991422743711f7a723137680e69e
Certificate serial:       019B7BA502B63829884461E5922FF2B6C635
Authority key identifier: 0E:22:83:E6:E6:AF:99:14:22:74:37:11:F7:A7:23:13:76:80:E6:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiKD5uavmRQidDcR96cjE3aA5p4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/oZhmNHo1g-fLhYbLEUh1GW508Ns.roa
Signing time:             Thu 01 Jan 2026 22:19:30 +0000
ROA not before:           Thu 01 Jan 2026 22:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44901
IP address blocks:        185.244.128.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/DiKD5uavmRQidDcR96cjE3aA5p4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/DiKD5uavmRQidDcR96cjE3aA5p4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiKD5uavmRQidDcR96cjE3aA5p4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:02:b6:38:29:88:44:61:e5:92:2f:f2:b6:c6:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2283e6e6af991422743711f7a723137680e69e
        Validity
            Not Before: Jan  1 22:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a19866347a3583e7cb8586cb114875196e74f0db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:27:59:8b:7d:66:f5:8d:ac:81:14:b1:5f:b7:
                    d9:8f:22:0e:29:87:be:e3:91:22:71:b7:84:02:02:
                    e0:0f:73:4d:24:e8:51:4b:d4:42:9f:e1:b5:21:c5:
                    b9:62:d5:5f:b7:6b:6d:de:03:53:b7:ac:95:f7:6e:
                    c2:d6:9e:c4:c0:6a:d4:78:75:cf:5d:7d:5b:0f:02:
                    80:ec:51:92:d8:95:3c:fb:25:3f:a5:72:5d:9c:af:
                    6c:4f:53:42:27:92:7b:bf:93:14:c2:43:89:ef:03:
                    46:6a:85:3c:66:9b:e6:77:c5:ae:8c:1f:21:5b:12:
                    e6:db:b9:f8:15:eb:60:2e:e8:1f:24:3b:cd:a5:52:
                    de:31:f7:3f:f7:4f:44:50:aa:0b:bb:db:df:af:1b:
                    4e:08:b9:27:97:e7:a2:f2:18:5c:61:0f:15:46:78:
                    9f:7d:4a:c1:56:47:72:b5:79:ad:20:28:31:20:d4:
                    62:42:94:1c:c7:48:27:60:ed:7f:e7:18:42:f0:58:
                    89:6e:fe:59:ac:2e:f5:2b:b3:d5:52:81:24:bb:e3:
                    5f:ee:fa:cf:23:05:13:51:f9:14:12:91:92:50:3a:
                    31:5b:8f:84:9a:8d:45:59:bf:cd:87:ee:d7:37:45:
                    0e:7e:85:00:fa:48:17:e9:c9:bb:ab:fc:d8:70:76:
                    df:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:98:66:34:7A:35:83:E7:CB:85:86:CB:11:48:75:19:6E:74:F0:DB
            X509v3 Authority Key Identifier:
                keyid:0E:22:83:E6:E6:AF:99:14:22:74:37:11:F7:A7:23:13:76:80:E6:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiKD5uavmRQidDcR96cjE3aA5p4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/oZhmNHo1g-fLhYbLEUh1GW508Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/DiKD5uavmRQidDcR96cjE3aA5p4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:40:6e:e9:3e:67:66:46:da:c3:bf:3e:4e:e4:53:7f:58:70:
         94:72:87:62:e2:bf:93:fb:39:dc:34:c9:49:91:07:51:53:e7:
         da:7c:13:33:e4:c4:b8:fd:b8:c6:78:4e:93:08:f0:9e:00:ac:
         5d:9f:f8:58:37:c5:6e:18:11:cc:90:72:b6:df:fa:af:68:a2:
         bf:8e:f5:02:72:b2:84:f1:85:0c:97:67:45:aa:ef:a1:da:07:
         ed:f6:1c:53:40:d0:d6:d6:3a:10:71:93:80:f1:8b:b4:bf:ef:
         e1:c4:a2:41:09:7d:b6:bf:cd:9e:59:e3:bc:dd:d3:d5:05:70:
         81:df:b7:44:7d:2a:24:07:05:eb:e2:61:04:d8:30:8a:71:a3:
         d9:55:24:b1:f6:9b:eb:85:db:65:55:94:c3:12:c7:1c:47:81:
         74:c8:d0:a0:34:09:c1:fe:d8:5c:0d:01:fe:6f:7d:30:87:6d:
         4a:26:46:46:82:a2:b2:cf:7d:0f:fe:60:f4:56:30:cd:ce:c4:
         cf:31:af:de:f2:ee:05:c7:05:38:b8:d2:4f:05:56:b4:e6:5a:
         cb:bf:b9:ae:51:97:70:d1:21:ca:81:32:b7:3e:5c:a8:47:19:
         8e:1c:b7:d6:9f:a7:8b:9a:9e:fc:47:68:51:80:ce:49:8c:f0:
         f8:d1:33:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pQK2OCmIRGHlki/ytsY1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjI4M2U2ZTZhZjk5MTQyMjc0MzcxMWY3YTcyMzEzNzY4
MGU2OWUwHhcNMjYwMTAxMjIxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTk4NjYzNDdhMzU4M2U3Y2I4NTg2Y2IxMTQ4NzUxOTZlNzRmMGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwydZi31m9Y2sgRSxX7fZjyIOKYe+
45EicbeEAgLgD3NNJOhRS9RCn+G1IcW5YtVft2tt3gNTt6yV927C1p7EwGrUeHXP
XX1bDwKA7FGS2JU8+yU/pXJdnK9sT1NCJ5J7v5MUwkOJ7wNGaoU8Zpvmd8WujB8h
WxLm27n4FetgLugfJDvNpVLeMfc/909EUKoLu9vfrxtOCLknl+ei8hhcYQ8VRnif
fUrBVkdytXmtICgxINRiQpQcx0gnYO1/5xhC8FiJbv5ZrC71K7PVUoEku+Nf7vrP
IwUTUfkUEpGSUDoxW4+Emo1FWb/Nh+7XN0UOfoUA+kgX6cm7q/zYcHbfKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGYZjR6NYPny4WGyxFIdRludPDbMB8GA1UdIwQY
MBaAFA4ig+bmr5kUInQ3EfenIxN2gOaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGlLRDV1YXZtUlFpZERjUjk2Y2pFM2FBNXA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84NDc1MGYtNzZjNC00MWVlLTg1MTct
ZTBhZGFiN2YxMTEyLzEvb1pobU5IbzFnLWZMaFliTEVVaDFHVzUwOE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84NDc1MGYtNzZjNC00MWVlLTg1MTctZTBhZGFiN2YxMTEy
LzEvRGlLRDV1YXZtUlFpZERjUjk2Y2pFM2FBNXA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufSAMA0G
CSqGSIb3DQEBCwUAA4IBAQBEQG7pPmdmRtrDvz5O5FN/WHCUcodi4r+T+zncNMlJ
kQdRU+fafBMz5MS4/bjGeE6TCPCeAKxdn/hYN8VuGBHMkHK23/qvaKK/jvUCcrKE
8YUMl2dFqu+h2gft9hxTQNDW1joQcZOA8Yu0v+/hxKJBCX22v82eWeO83dPVBXCB
37dEfSokBwXr4mEE2DCKcaPZVSSx9pvrhdtlVZTDEsccR4F0yNCgNAnB/thcDQH+
b30wh21KJkZGgqKyz30P/mD0VjDNzsTPMa/e8u4FxwU4uNJPBVa05lrLv7muUZdw
0SHKgTK3PlyoRxmOHLfWn6eLmp78R2hRgM5JjPD40TMp
-----END CERTIFICATE-----