This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/of5fvbBOl_2ZOya6SQ0xsXlOVng.roa
File:                     of5fvbBOl_2ZOya6SQ0xsXlOVng.roa (raw, json)
Hash identifier:          FlPfu4dwMoPwrHiBDoZEfb7scYNLSD/+Wl4U6dL0V+c=
Subject key identifier:   A1:FE:5F:BD:B0:4E:97:FD:99:3B:26:BA:49:0D:31:B1:79:4E:56:78
Certificate issuer:       /CN=24e1c5110e0e90302e47012ff5c82303a4661ade
Certificate serial:       019B797EB4E8CAF672A54D34180C10C23F3C
Authority key identifier: 24:E1:C5:11:0E:0E:90:30:2E:47:01:2F:F5:C8:23:03:A4:66:1A:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/of5fvbBOl_2ZOya6SQ0xsXlOVng.roa
Signing time:             Thu 01 Jan 2026 12:18:25 +0000
ROA not before:           Thu 01 Jan 2026 12:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24603
IP address blocks:        2001:67c:ef4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 14:59:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b4:e8:ca:f6:72:a5:4d:34:18:0c:10:c2:3f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e1c5110e0e90302e47012ff5c82303a4661ade
        Validity
            Not Before: Jan  1 12:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1fe5fbdb04e97fd993b26ba490d31b1794e5678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e5:d7:88:86:be:5b:76:10:98:4e:2b:b6:08:
                    fa:89:98:aa:f6:8d:9f:c5:a5:09:75:6d:04:a3:fd:
                    9f:cf:40:52:f3:2b:51:6a:62:4e:be:9f:0a:03:0f:
                    b4:f1:5f:da:fb:3d:b0:9d:f7:d9:c2:32:da:33:90:
                    e9:15:f3:74:cd:49:61:00:fe:58:73:70:70:33:b7:
                    a3:84:17:f9:e7:91:e9:3f:47:3d:16:55:58:5c:25:
                    6b:26:90:f3:02:3a:4e:50:c6:d2:8d:d5:e7:f2:37:
                    74:e4:66:ae:d1:08:c2:bd:25:d2:19:a0:e9:a7:35:
                    a0:5d:b2:e3:32:e6:16:b7:22:51:e7:35:13:bf:5b:
                    8d:60:5c:ee:16:de:c0:b9:f3:7d:87:46:c0:da:0e:
                    e4:72:40:76:58:c0:b8:f2:ea:45:02:99:ad:84:2a:
                    4c:5c:08:c1:76:43:53:85:39:70:3a:26:00:aa:cc:
                    23:90:5a:e1:e7:fd:23:4e:9c:b6:ba:94:ca:5f:2b:
                    fe:5b:51:6e:33:02:f9:3e:ba:c5:cd:16:4d:54:ae:
                    29:0a:57:71:39:03:9f:cc:40:63:0f:7c:ae:30:9a:
                    79:e2:fb:44:e2:71:0e:e8:a3:10:d0:67:e8:50:c8:
                    1f:1e:36:8f:ad:28:64:29:3b:e3:6f:35:a9:55:25:
                    0a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FE:5F:BD:B0:4E:97:FD:99:3B:26:BA:49:0D:31:B1:79:4E:56:78
            X509v3 Authority Key Identifier:
                keyid:24:E1:C5:11:0E:0E:90:30:2E:47:01:2F:F5:C8:23:03:A4:66:1A:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/of5fvbBOl_2ZOya6SQ0xsXlOVng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ef4::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:31:db:4f:e5:0d:f8:57:99:d5:b8:fe:79:eb:60:47:d0:13:
         0e:a9:29:93:0a:c0:b0:e7:6d:bd:8e:19:f5:47:1a:0f:e8:fc:
         52:bc:48:08:bd:1d:56:44:d1:1e:4b:87:c4:2f:6a:56:68:53:
         23:02:76:93:c2:46:07:e6:72:94:01:18:3c:18:02:4d:e0:3f:
         30:df:5b:07:be:0c:66:89:7e:d3:35:df:62:70:b0:35:94:1e:
         db:7f:52:18:c2:93:15:93:eb:f8:81:fc:82:68:0d:1f:f5:f4:
         0c:2c:12:6f:8a:06:ff:32:97:34:be:74:55:04:22:7a:98:f0:
         86:58:c0:60:67:94:10:a0:62:a4:d9:d6:24:c2:c7:bc:ca:6c:
         6e:12:4c:22:1b:9f:ec:53:47:5f:ca:92:aa:ae:4f:e3:83:0d:
         5f:33:11:19:69:2b:cb:26:22:c1:79:26:02:f3:c2:bb:12:b1:
         c2:07:ff:14:15:9b:cb:3f:3a:a4:75:cd:8c:37:5b:6a:49:f0:
         d0:ce:8c:dc:c5:72:a2:73:bd:03:33:2e:af:ab:99:07:ce:99:
         0d:4a:64:6f:94:c0:c3:ac:c8:35:0b:5f:d2:18:8a:32:63:4e:
         7c:6d:c9:5b:99:80:31:16:0f:a1:99:f7:7e:ec:b0:cf:6a:bb:
         45:c5:d6:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5frToyvZypU00GAwQwj88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZTFjNTExMGUwZTkwMzAyZTQ3MDEyZmY1YzgyMzAzYTQ2
NjFhZGUwHhcNMjYwMTAxMTIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWZlNWZiZGIwNGU5N2ZkOTkzYjI2YmE0OTBkMzFiMTc5NGU1Njc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+XXiIa+W3YQmE4rtgj6iZiq9o2f
xaUJdW0Eo/2fz0BS8ytRamJOvp8KAw+08V/a+z2wnffZwjLaM5DpFfN0zUlhAP5Y
c3BwM7ejhBf555HpP0c9FlVYXCVrJpDzAjpOUMbSjdXn8jd05Gau0QjCvSXSGaDp
pzWgXbLjMuYWtyJR5zUTv1uNYFzuFt7AufN9h0bA2g7kckB2WMC48upFApmthCpM
XAjBdkNThTlwOiYAqswjkFrh5/0jTpy2upTKXyv+W1FuMwL5PrrFzRZNVK4pCldx
OQOfzEBjD3yuMJp54vtE4nEO6KMQ0GfoUMgfHjaPrShkKTvjbzWpVSUKewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKH+X72wTpf9mTsmukkNMbF5TlZ4MB8GA1UdIwQY
MBaAFCThxREODpAwLkcBL/XIIwOkZhreMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk9IRkVRNE9rREF1UndFdjljZ2pBNlJtR3Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9iM2JjNzAtNWRiMC00N2I5LWI2OTYt
NjdkYTU0MDkxMTZmLzEvb2Y1ZnZiQk9sXzJaT3lhNlNRMHhzWGxPVm5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9iM2JjNzAtNWRiMC00N2I5LWI2OTYtNjdkYTU0MDkxMTZm
LzEvSk9IRkVRNE9rREF1UndFdjljZ2pBNlJtR3Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA70
MA0GCSqGSIb3DQEBCwUAA4IBAQCNMdtP5Q34V5nVuP5562BH0BMOqSmTCsCw5229
jhn1RxoP6PxSvEgIvR1WRNEeS4fEL2pWaFMjAnaTwkYH5nKUARg8GAJN4D8w31sH
vgxmiX7TNd9icLA1lB7bf1IYwpMVk+v4gfyCaA0f9fQMLBJvigb/Mpc0vnRVBCJ6
mPCGWMBgZ5QQoGKk2dYkwse8ymxuEkwiG5/sU0dfypKqrk/jgw1fMxEZaSvLJiLB
eSYC88K7ErHCB/8UFZvLPzqkdc2MN1tqSfDQzozcxXKic70DMy6vq5kHzpkNSmRv
lMDDrMg1C1/SGIoyY058bclbmYAxFg+hmfd+7LDPartFxdYg
-----END CERTIFICATE-----