This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/H48g7J5f54HPKybnkF1vukenPZg.roa
File:                     H48g7J5f54HPKybnkF1vukenPZg.roa (raw, json)
Hash identifier:          7PtKxa4yT/qOjY0FqftHzwitC0sVsAtnedeT+OfYLcM=
Subject key identifier:   1F:8F:20:EC:9E:5F:E7:81:CF:2B:26:E7:90:5D:6F:BA:47:A7:3D:98
Certificate issuer:       /CN=ef477ca3b449bbc41247e8c921e4c8dabfc1afae
Certificate serial:       019B7758817AF7FD031A763C795B14EB0539
Authority key identifier: EF:47:7C:A3:B4:49:BB:C4:12:47:E8:C9:21:E4:C8:DA:BF:C1:AF:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/H48g7J5f54HPKybnkF1vukenPZg.roa
Signing time:             Thu 01 Jan 2026 02:17:27 +0000
ROA not before:           Thu 01 Jan 2026 02:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16245
IP address blocks:        193.17.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 02:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:81:7a:f7:fd:03:1a:76:3c:79:5b:14:eb:05:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef477ca3b449bbc41247e8c921e4c8dabfc1afae
        Validity
            Not Before: Jan  1 02:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f8f20ec9e5fe781cf2b26e7905d6fba47a73d98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:11:b6:cb:f5:0f:eb:4c:16:a4:6f:80:c6:23:
                    b4:2d:ba:eb:15:2e:1e:7a:66:d2:f2:d5:82:ac:8f:
                    0f:7d:15:c9:05:e1:aa:7e:eb:2b:1d:92:89:1e:9b:
                    5a:89:88:34:5f:4c:9e:d8:9c:03:40:79:52:57:04:
                    d9:d9:d9:5e:c4:99:c3:97:3b:2a:85:c6:8a:62:5c:
                    3c:c5:c7:2c:a0:20:d1:52:13:a3:b6:c5:e5:fc:10:
                    e6:ad:9d:ca:de:a1:49:01:23:bd:fa:36:d1:c4:b5:
                    9f:c9:4f:c6:c1:5c:a1:8f:73:2c:94:37:00:ba:32:
                    13:ce:23:af:e1:cc:3e:85:40:1c:4f:7f:4f:21:69:
                    0c:68:7a:f9:ba:1c:5f:29:a2:6a:10:13:dc:e3:9c:
                    25:7d:c9:f2:39:c5:41:a9:97:73:e7:0a:70:c2:86:
                    ea:93:04:0e:04:5b:3a:68:53:ad:fc:f2:10:4b:18:
                    09:fc:87:ea:82:10:1d:be:28:09:de:45:df:56:c3:
                    db:62:f6:36:86:ab:81:1e:7b:55:77:b7:11:94:ea:
                    8f:1d:1e:4f:d6:22:f5:d1:a0:6e:ec:5f:7e:b6:40:
                    9b:f6:94:d1:4d:39:19:90:85:b3:4b:d6:79:48:5c:
                    5e:af:c4:1a:33:65:70:81:36:1d:d4:e4:e1:26:50:
                    b5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8F:20:EC:9E:5F:E7:81:CF:2B:26:E7:90:5D:6F:BA:47:A7:3D:98
            X509v3 Authority Key Identifier:
                keyid:EF:47:7C:A3:B4:49:BB:C4:12:47:E8:C9:21:E4:C8:DA:BF:C1:AF:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/H48g7J5f54HPKybnkF1vukenPZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c2:87:28:7b:8f:2f:38:b5:59:04:da:d2:7b:79:ce:cf:60:
         15:bd:01:ae:79:f8:66:83:44:84:a1:45:e3:37:c9:5b:6d:65:
         57:c9:48:f7:00:93:de:2e:d5:d8:df:93:f4:3c:8e:ae:89:3c:
         c5:4d:26:24:83:08:a7:69:40:f7:6b:9c:0d:fb:a0:9b:c7:c7:
         01:93:a2:52:5a:e4:5a:ac:f9:af:fc:84:dc:9d:69:c4:60:66:
         bd:63:f2:ee:a9:ba:3c:93:39:da:72:84:5d:1f:b1:26:dc:a7:
         8b:d1:47:41:2a:43:50:6c:dd:55:b5:9b:8b:0f:73:ec:d9:82:
         63:3d:ac:27:06:3d:ec:b0:4b:6c:e2:8b:bb:84:6c:5b:4f:fa:
         8e:53:2e:b5:55:f8:48:b1:bd:9f:2e:ee:48:94:1a:e1:87:96:
         ad:2b:81:fb:42:22:e6:28:d3:0f:68:bb:ad:98:7c:b8:ca:5c:
         22:6e:32:8d:0a:58:19:63:c1:f2:e7:69:9b:2a:7b:6b:c2:48:
         f9:cc:0a:30:c9:b1:b1:9c:c1:8a:5a:cb:1d:c3:46:87:b2:db:
         0a:7e:49:7a:61:01:a8:2e:4c:83:8c:2d:a9:ec:8f:5d:74:44:
         1e:64:d8:32:88:77:c9:1e:ca:45:0b:6d:12:55:3a:6f:64:59:
         4e:f7:06:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WIF69/0DGnY8eVsU6wU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNDc3Y2EzYjQ0OWJiYzQxMjQ3ZThjOTIxZTRjOGRhYmZj
MWFmYWUwHhcNMjYwMTAxMDIxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhmMjBlYzllNWZlNzgxY2YyYjI2ZTc5MDVkNmZiYTQ3YTczZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphG2y/UP60wWpG+AxiO0LbrrFS4e
embS8tWCrI8PfRXJBeGqfusrHZKJHptaiYg0X0ye2JwDQHlSVwTZ2dlexJnDlzsq
hcaKYlw8xccsoCDRUhOjtsXl/BDmrZ3K3qFJASO9+jbRxLWfyU/GwVyhj3MslDcA
ujITziOv4cw+hUAcT39PIWkMaHr5uhxfKaJqEBPc45wlfcnyOcVBqZdz5wpwwobq
kwQOBFs6aFOt/PIQSxgJ/IfqghAdvigJ3kXfVsPbYvY2hquBHntVd7cRlOqPHR5P
1iL10aBu7F9+tkCb9pTRTTkZkIWzS9Z5SFxer8QaM2VwgTYd1OThJlC16wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+PIOyeX+eBzysm55Bdb7pHpz2YMB8GA1UdIwQY
MBaAFO9HfKO0SbvEEkfoySHkyNq/wa+uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzBkOG83Ukp1OFFTUi1qSkllVEkycl9CcjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9mMWVlYTItOTU4Mi00YTY1LWI1YmUt
NjAzYWExZjIwOWQ4LzEvSDQ4ZzdKNWY1NEhQS3libmtGMXZ1a2VuUFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9mMWVlYTItOTU4Mi00YTY1LWI1YmUtNjAzYWExZjIwOWQ4
LzEvNzBkOG83Ukp1OFFTUi1qSkllVEkycl9CcjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHOMA0G
CSqGSIb3DQEBCwUAA4IBAQBgwocoe48vOLVZBNrSe3nOz2AVvQGuefhmg0SEoUXj
N8lbbWVXyUj3AJPeLtXY35P0PI6uiTzFTSYkgwinaUD3a5wN+6Cbx8cBk6JSWuRa
rPmv/ITcnWnEYGa9Y/Luqbo8kznacoRdH7Em3KeL0UdBKkNQbN1VtZuLD3Ps2YJj
PawnBj3ssEts4ou7hGxbT/qOUy61VfhIsb2fLu5IlBrhh5atK4H7QiLmKNMPaLut
mHy4ylwibjKNClgZY8Hy52mbKntrwkj5zAowybGxnMGKWssdw0aHstsKfkl6YQGo
LkyDjC2p7I9ddEQeZNgyiHfJHspFC20SVTpvZFlO9waP
-----END CERTIFICATE-----