This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ON8MLVsom3Xc93Gj451fNhkOr1c.roa
File:                     ON8MLVsom3Xc93Gj451fNhkOr1c.roa (raw, json)
Hash identifier:          /aqp5tg5AkomZ2NTsffPfjLyDQc2VPOTKznItgMcVyQ=
Subject key identifier:   38:DF:0C:2D:5B:28:9B:75:DC:F7:71:A3:E3:9D:5F:36:19:0E:AF:57
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       019B7AC88B31BACF1A353A0114E573CF81B8
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ON8MLVsom3Xc93Gj451fNhkOr1c.roa
Signing time:             Thu 01 Jan 2026 18:18:41 +0000
ROA not before:           Thu 01 Jan 2026 18:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200497
IP address blocks:        151.248.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:8b:31:ba:cf:1a:35:3a:01:14:e5:73:cf:81:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  1 18:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38df0c2d5b289b75dcf771a3e39d5f36190eaf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ea:7e:fe:38:5f:66:98:7b:8b:0f:a9:f8:7b:
                    1c:27:94:87:7c:0a:d7:97:4e:94:f8:23:8e:1a:17:
                    64:fb:09:89:0f:45:7a:07:93:44:00:3f:fd:ce:64:
                    08:c3:c2:01:3c:13:d2:76:44:e6:7b:08:8d:56:e9:
                    8d:25:34:bf:5e:b0:a7:e7:ab:3c:da:f6:d3:ec:e8:
                    99:06:48:a4:6b:95:95:6c:a1:22:fe:a8:1b:b5:08:
                    16:a2:bb:19:da:39:aa:85:45:b1:73:83:e7:0e:02:
                    91:bd:1d:fa:4c:54:d2:d3:5a:6a:8e:71:ca:77:08:
                    b9:89:20:ef:6c:5c:ba:29:10:57:46:2e:dc:b4:43:
                    57:fe:9a:88:4e:d6:bb:2e:c4:49:e1:cd:cf:9a:5f:
                    58:85:25:2f:c5:d5:ea:65:a7:07:58:03:42:85:56:
                    e7:4d:d8:39:16:56:23:5f:a0:ce:10:80:82:57:85:
                    96:df:02:a9:38:25:17:fc:5b:8f:0b:15:fa:8a:a0:
                    83:73:97:bd:f9:34:8f:d0:c5:7d:26:c0:01:f1:a9:
                    c5:92:71:25:a3:ff:6e:5e:4a:0b:b0:d4:4f:29:37:
                    4d:bc:c3:2b:f1:6b:7a:36:6a:a5:5b:54:d7:49:d5:
                    6d:96:bc:2a:25:24:9e:4b:64:65:a0:56:53:cd:13:
                    36:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:DF:0C:2D:5B:28:9B:75:DC:F7:71:A3:E3:9D:5F:36:19:0E:AF:57
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ON8MLVsom3Xc93Gj451fNhkOr1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:85:ff:41:b4:c1:48:78:a0:7b:c1:59:1b:cd:08:b3:d9:86:
         1c:1f:02:b4:29:db:d5:de:3b:4d:e5:b5:4d:d6:0f:f2:d2:5d:
         64:06:88:f3:06:26:de:86:c7:67:11:b6:a1:8f:b8:c4:d6:75:
         4d:eb:cf:28:a0:58:64:ea:ca:58:61:da:6d:03:92:83:f5:5c:
         13:36:8b:ba:fc:15:19:42:67:5f:61:9f:a4:3f:52:40:e6:45:
         6d:fe:dd:9f:e4:bd:a7:a0:43:a6:cb:b7:34:ae:5d:4e:6b:02:
         94:b3:7f:f2:75:07:11:ea:79:1a:28:1a:f6:42:a9:a3:1e:9d:
         3c:5c:5f:6c:69:af:65:f0:2f:d0:f2:7a:71:e3:73:42:01:33:
         0a:a3:80:58:33:36:c9:62:ec:21:11:c9:5f:14:6c:de:76:d3:
         e7:3c:c8:5b:03:a2:b4:f4:af:89:a3:73:ba:2a:2b:31:3d:9d:
         f4:e2:78:d6:56:59:c3:06:08:c9:11:ae:74:8a:1f:34:b4:50:
         b9:1f:8e:75:9b:3b:30:c7:3f:91:c6:ea:9c:88:78:e1:f1:01:
         90:7b:c0:57:6a:c1:bf:fd:40:f5:1e:c8:c7:6a:df:fa:70:90:
         ab:1d:0b:03:4c:28:0b:a1:93:ef:15:e4:72:e9:ec:4e:14:52:
         3d:0b:16:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yIsxus8aNToBFOVzz4G4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjYwMTAxMTgxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGRmMGMyZDViMjg5Yjc1ZGNmNzcxYTNlMzlkNWYzNjE5MGVhZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2up+/jhfZph7iw+p+HscJ5SHfArX
l06U+COOGhdk+wmJD0V6B5NEAD/9zmQIw8IBPBPSdkTmewiNVumNJTS/XrCn56s8
2vbT7OiZBkika5WVbKEi/qgbtQgWorsZ2jmqhUWxc4PnDgKRvR36TFTS01pqjnHK
dwi5iSDvbFy6KRBXRi7ctENX/pqITta7LsRJ4c3Pml9YhSUvxdXqZacHWANChVbn
Tdg5FlYjX6DOEICCV4WW3wKpOCUX/FuPCxX6iqCDc5e9+TSP0MV9JsAB8anFknEl
o/9uXkoLsNRPKTdNvMMr8Wt6NmqlW1TXSdVtlrwqJSSeS2RloFZTzRM2XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjfDC1bKJt13Pdxo+OdXzYZDq9XMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvT044TUxWc29tM1hjOTNHajQ1MWZOaGtPcjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/gMMA0G
CSqGSIb3DQEBCwUAA4IBAQBIhf9BtMFIeKB7wVkbzQiz2YYcHwK0KdvV3jtN5bVN
1g/y0l1kBojzBibehsdnEbahj7jE1nVN688ooFhk6spYYdptA5KD9VwTNou6/BUZ
QmdfYZ+kP1JA5kVt/t2f5L2noEOmy7c0rl1OawKUs3/ydQcR6nkaKBr2QqmjHp08
XF9saa9l8C/Q8npx43NCATMKo4BYMzbJYuwhEclfFGzedtPnPMhbA6K09K+Jo3O6
KisxPZ304njWVlnDBgjJEa50ih80tFC5H451mzswxz+RxuqciHjh8QGQe8BXasG/
/UD1HsjHat/6cJCrHQsDTCgLoZPvFeRy6exOFFI9Cxb3
-----END CERTIFICATE-----