This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/okBlAs2MxKegFun8jqPmx6S71TI.roa
File:                     okBlAs2MxKegFun8jqPmx6S71TI.roa (raw, json)
Hash identifier:          ROgvc03TJnSVXqJkAtutWAdPihx/iJeoNeNlOaYR9fo=
Subject key identifier:   A2:40:65:02:CD:8C:C4:A7:A0:16:E9:FC:8E:A3:E6:C7:A4:BB:D5:32
Certificate issuer:       /CN=a83084a09eddcf556d19b3b7355c9defe0a278f5
Certificate serial:       019B7F81956A046C1F85EFFA152F6401C29A
Authority key identifier: A8:30:84:A0:9E:DD:CF:55:6D:19:B3:B7:35:5C:9D:EF:E0:A2:78:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qDCEoJ7dz1VtGbO3NVyd7-CiePU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/okBlAs2MxKegFun8jqPmx6S71TI.roa
Signing time:             Fri 02 Jan 2026 16:19:17 +0000
ROA not before:           Fri 02 Jan 2026 16:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198491
IP address blocks:        195.85.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/qDCEoJ7dz1VtGbO3NVyd7-CiePU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/qDCEoJ7dz1VtGbO3NVyd7-CiePU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qDCEoJ7dz1VtGbO3NVyd7-CiePU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:95:6a:04:6c:1f:85:ef:fa:15:2f:64:01:c2:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83084a09eddcf556d19b3b7355c9defe0a278f5
        Validity
            Not Before: Jan  2 16:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2406502cd8cc4a7a016e9fc8ea3e6c7a4bbd532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d9:42:ec:28:2d:63:cf:36:4b:3a:2c:4e:6f:
                    6d:f4:1a:2d:af:c1:d6:bb:ec:17:d1:20:87:3a:77:
                    68:f3:3a:c7:98:98:d0:4e:a8:57:21:60:76:7a:bf:
                    09:54:63:68:26:e3:fc:13:7c:88:67:6f:0c:02:27:
                    75:b8:d3:4b:36:35:40:dd:e1:0c:b9:13:af:ff:39:
                    9b:ab:6b:a7:d4:a0:d1:c4:1a:c6:7f:40:bc:bf:0c:
                    61:2d:96:18:02:59:01:90:82:1c:df:9d:6a:b3:10:
                    90:ac:5e:43:1b:52:2e:ac:cb:49:68:f7:32:b6:89:
                    fb:68:a2:0f:a6:0e:a8:ff:60:41:a5:f7:03:30:a8:
                    5c:cb:02:e0:7a:11:a0:c7:d1:dc:5d:c6:26:3c:c2:
                    cb:5a:0f:88:ac:52:a3:89:86:f3:0f:8a:4f:ba:01:
                    38:2c:c9:05:15:43:1b:98:0e:4f:94:9a:81:60:3e:
                    a5:2c:cb:d5:02:11:a7:bb:de:d3:af:9c:3c:96:71:
                    a5:45:db:66:e8:cf:2d:2e:ad:05:47:9a:8d:36:f0:
                    61:a7:b9:56:be:a4:33:cd:ab:e6:6d:fd:e7:2c:94:
                    1d:a5:b5:9e:fb:99:4d:84:05:d4:55:0c:21:73:a6:
                    25:55:82:63:fe:76:79:2d:e5:6f:35:af:0c:13:1b:
                    f4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:40:65:02:CD:8C:C4:A7:A0:16:E9:FC:8E:A3:E6:C7:A4:BB:D5:32
            X509v3 Authority Key Identifier:
                keyid:A8:30:84:A0:9E:DD:CF:55:6D:19:B3:B7:35:5C:9D:EF:E0:A2:78:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qDCEoJ7dz1VtGbO3NVyd7-CiePU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/okBlAs2MxKegFun8jqPmx6S71TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/qDCEoJ7dz1VtGbO3NVyd7-CiePU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:db:d7:0d:72:32:ea:bf:e5:6e:13:f3:6b:f9:26:27:e2:8a:
         ce:85:67:0f:36:22:6b:cd:d3:9f:49:46:c4:0a:0f:5a:29:1e:
         ad:5c:65:5e:8c:2b:0d:78:29:d5:91:46:8b:20:23:21:40:eb:
         cd:b6:2a:61:a7:e7:ee:10:ae:4e:dd:7a:53:68:1e:9c:6b:ca:
         03:00:f0:c1:55:8a:08:ff:57:5a:05:30:fb:96:53:da:6f:8a:
         57:09:c6:18:b0:4d:ca:9a:1f:63:32:72:d2:f1:4b:38:28:e2:
         93:ea:36:d8:c8:37:1b:2e:e1:36:7c:18:f2:cd:f0:51:9f:fd:
         79:f7:63:d3:6a:55:0a:9c:26:51:93:dc:c4:08:07:0b:a9:9a:
         69:cb:de:84:cf:f7:3e:72:bd:c3:24:ff:80:cd:b3:67:58:2a:
         8a:ad:f0:e9:c8:50:1b:26:08:69:84:7b:5d:77:75:00:73:07:
         64:44:e7:9a:ad:f7:fa:6c:3e:5e:5b:37:de:13:41:fd:5e:58:
         cd:be:09:c1:5d:d9:47:c8:e5:6c:5a:59:f7:84:82:4d:a8:63:
         ba:84:a5:d0:fc:6c:73:2a:37:32:e3:e4:31:1b:8b:d7:f6:88:
         60:81:d1:ce:7c:c2:2b:f5:9e:2a:44:ba:30:77:ee:6d:7b:f5:
         48:5c:63:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gZVqBGwfhe/6FS9kAcKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MzA4NGEwOWVkZGNmNTU2ZDE5YjNiNzM1NWM5ZGVmZTBh
Mjc4ZjUwHhcNMjYwMTAyMTYxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQwNjUwMmNkOGNjNGE3YTAxNmU5ZmM4ZWEzZTZjN2E0YmJkNTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdlC7CgtY882SzosTm9t9Botr8HW
u+wX0SCHOndo8zrHmJjQTqhXIWB2er8JVGNoJuP8E3yIZ28MAid1uNNLNjVA3eEM
uROv/zmbq2un1KDRxBrGf0C8vwxhLZYYAlkBkIIc351qsxCQrF5DG1IurMtJaPcy
ton7aKIPpg6o/2BBpfcDMKhcywLgehGgx9HcXcYmPMLLWg+IrFKjiYbzD4pPugE4
LMkFFUMbmA5PlJqBYD6lLMvVAhGnu97Tr5w8lnGlRdtm6M8tLq0FR5qNNvBhp7lW
vqQzzavmbf3nLJQdpbWe+5lNhAXUVQwhc6YlVYJj/nZ5LeVvNa8MExv01QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJAZQLNjMSnoBbp/I6j5seku9UyMB8GA1UdIwQY
MBaAFKgwhKCe3c9VbRmztzVcne/gonj1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcURDRW9KN2R6MVZ0R2JPM05WeWQ3LUNpZVBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wMjE3ZTYtZDJjMy00NmY4LThlNDkt
M2YxNDM5YTE1ZjFiLzEvb2tCbEFzMk14S2VnRnVuOGpxUG14NlM3MVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wMjE3ZTYtZDJjMy00NmY4LThlNDktM2YxNDM5YTE1ZjFi
LzEvcURDRW9KN2R6MVZ0R2JPM05WeWQ3LUNpZVBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XQMA0G
CSqGSIb3DQEBCwUAA4IBAQBS29cNcjLqv+VuE/Nr+SYn4orOhWcPNiJrzdOfSUbE
Cg9aKR6tXGVejCsNeCnVkUaLICMhQOvNtiphp+fuEK5O3XpTaB6ca8oDAPDBVYoI
/1daBTD7llPab4pXCcYYsE3Kmh9jMnLS8Us4KOKT6jbYyDcbLuE2fBjyzfBRn/15
92PTalUKnCZRk9zECAcLqZppy96Ez/c+cr3DJP+AzbNnWCqKrfDpyFAbJghphHtd
d3UAcwdkROearff6bD5eWzfeE0H9XljNvgnBXdlHyOVsWln3hIJNqGO6hKXQ/Gxz
Kjcy4+QxG4vX9ohggdHOfMIr9Z4qRLowd+5te/VIXGOf
-----END CERTIFICATE-----