This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/kaDMDof3JnegZ76WynjnrQpCAYo.roa
File:                     kaDMDof3JnegZ76WynjnrQpCAYo.roa (raw, json)
Hash identifier:          FDrbnAWfbNlBDk06C3Ts0xLMWNBRoitqJnesKeSlD6U=
Subject key identifier:   91:A0:CC:0E:87:F7:26:77:A0:67:BE:96:CA:78:E7:AD:0A:42:01:8A
Certificate issuer:       /CN=15ce06b44d8dc43dc742c40de3bda8aa3744e2bd
Certificate serial:       019B7F83C508EDE3C19D09AF48712FB781D2
Authority key identifier: 15:CE:06:B4:4D:8D:C4:3D:C7:42:C4:0D:E3:BD:A8:AA:37:44:E2:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fc4GtE2NxD3HQsQN472oqjdE4r0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/kaDMDof3JnegZ76WynjnrQpCAYo.roa
Signing time:             Fri 02 Jan 2026 16:21:40 +0000
ROA not before:           Fri 02 Jan 2026 16:21:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21467
IP address blocks:        193.109.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/Fc4GtE2NxD3HQsQN472oqjdE4r0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/Fc4GtE2NxD3HQsQN472oqjdE4r0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fc4GtE2NxD3HQsQN472oqjdE4r0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:c5:08:ed:e3:c1:9d:09:af:48:71:2f:b7:81:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ce06b44d8dc43dc742c40de3bda8aa3744e2bd
        Validity
            Not Before: Jan  2 16:21:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91a0cc0e87f72677a067be96ca78e7ad0a42018a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:42:e3:21:06:3c:51:4b:69:cb:1e:0c:87:a1:
                    f7:48:af:94:f7:bb:20:68:fc:75:37:d8:ef:f8:97:
                    be:b1:ec:ec:b7:bd:4f:e0:1f:8b:70:80:a9:43:15:
                    84:21:2b:58:11:39:14:de:3d:82:e6:e4:39:7a:8d:
                    9c:3e:f7:e9:bd:bb:d8:e3:fd:a7:74:f2:fb:1d:c6:
                    61:dc:c7:57:73:6c:f3:4a:d2:35:49:94:71:dc:0c:
                    5b:40:e1:4f:4d:15:ac:a1:f8:6d:80:f9:83:f9:48:
                    80:31:84:85:db:98:46:cf:a7:3e:a0:5b:4b:04:0f:
                    28:62:17:c4:e9:58:c6:b6:f0:da:2f:10:d3:d4:df:
                    3c:07:38:c6:f2:93:dc:55:86:36:cf:90:5c:83:d8:
                    90:aa:b0:18:9f:b8:cb:cb:e9:6d:ef:80:ce:2d:50:
                    96:e5:26:c8:6d:1b:4a:8c:73:8f:05:c4:4d:4a:37:
                    4e:74:87:92:a3:6d:8a:d5:98:2a:38:c7:b1:2e:db:
                    7c:bd:74:6e:2f:84:18:34:62:83:75:1e:2b:6d:4e:
                    87:53:3e:dd:34:bc:58:3c:fd:f7:a1:2f:db:ac:e4:
                    74:e6:46:25:0f:d5:92:d4:e9:0f:4f:d5:6d:2a:55:
                    4f:43:14:8b:a6:96:f9:34:25:82:7d:68:4e:15:99:
                    f0:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A0:CC:0E:87:F7:26:77:A0:67:BE:96:CA:78:E7:AD:0A:42:01:8A
            X509v3 Authority Key Identifier:
                keyid:15:CE:06:B4:4D:8D:C4:3D:C7:42:C4:0D:E3:BD:A8:AA:37:44:E2:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fc4GtE2NxD3HQsQN472oqjdE4r0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/kaDMDof3JnegZ76WynjnrQpCAYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/Fc4GtE2NxD3HQsQN472oqjdE4r0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:8a:44:04:5e:4f:cf:24:cd:0f:cc:7c:ae:5b:f1:db:8d:15:
         37:1b:ec:21:48:65:8f:8b:8e:e4:2b:61:1c:3e:99:79:a8:19:
         92:3e:df:38:29:69:5a:77:20:c7:46:3f:0e:36:29:4d:4e:56:
         c9:6a:f2:41:68:d0:49:26:fe:03:50:48:36:6e:77:6c:f1:3d:
         0f:c4:93:1f:84:0b:7a:46:7e:a9:0a:f6:90:ad:cf:ce:53:f1:
         56:b3:d5:16:e2:49:b7:33:56:af:92:02:66:17:50:a9:05:a0:
         cd:16:cb:b2:e4:f1:e7:80:06:55:ba:1b:93:15:35:2b:bd:4c:
         02:25:34:d6:87:ae:a8:ba:f0:e2:20:e6:b3:56:fc:85:fc:67:
         89:88:ff:a1:80:31:41:ba:4c:c2:f0:59:13:aa:c7:38:1a:e8:
         31:81:6a:94:4b:14:31:c1:e6:52:87:61:6d:d8:0b:9a:78:92:
         b1:6c:61:9d:75:1d:40:38:be:4a:b2:42:cc:7b:c1:81:99:72:
         70:35:a9:f7:f6:91:d9:9f:03:17:71:95:a1:f4:1c:c2:dd:03:
         0d:09:79:c7:0f:3b:78:73:6f:c6:97:4b:70:25:5e:23:09:92:
         bd:81:12:68:de:be:67:81:5d:ff:01:41:6f:71:2a:26:e0:a0:
         41:81:a8:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g8UI7ePBnQmvSHEvt4HSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Y2UwNmI0NGQ4ZGM0M2RjNzQyYzQwZGUzYmRhOGFhMzc0
NGUyYmQwHhcNMjYwMTAyMTYyMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWEwY2MwZTg3ZjcyNjc3YTA2N2JlOTZjYTc4ZTdhZDBhNDIwMThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsULjIQY8UUtpyx4Mh6H3SK+U97sg
aPx1N9jv+Je+sezst71P4B+LcICpQxWEIStYETkU3j2C5uQ5eo2cPvfpvbvY4/2n
dPL7HcZh3MdXc2zzStI1SZRx3AxbQOFPTRWsofhtgPmD+UiAMYSF25hGz6c+oFtL
BA8oYhfE6VjGtvDaLxDT1N88BzjG8pPcVYY2z5Bcg9iQqrAYn7jLy+lt74DOLVCW
5SbIbRtKjHOPBcRNSjdOdIeSo22K1ZgqOMexLtt8vXRuL4QYNGKDdR4rbU6HUz7d
NLxYPP33oS/brOR05kYlD9WS1OkPT9VtKlVPQxSLppb5NCWCfWhOFZnwewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGgzA6H9yZ3oGe+lsp4560KQgGKMB8GA1UdIwQY
MBaAFBXOBrRNjcQ9x0LEDeO9qKo3ROK9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmM0R3RFMk54RDNIUXNRTjQ3Mm9xamRFNHIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83YmQ5MjctYjUwNy00MzYzLTlhZGEt
ZGVlNDMxN2Y1YjE0LzEva2FETURvZjNKbmVnWjc2V3luam5yUXBDQVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83YmQ5MjctYjUwNy00MzYzLTlhZGEtZGVlNDMxN2Y1YjE0
LzEvRmM0R3RFMk54RDNIUXNRTjQ3Mm9xamRFNHIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW3nMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ikQEXk/PJM0PzHyuW/HbjRU3G+whSGWPi47kK2Ec
Ppl5qBmSPt84KWladyDHRj8ONilNTlbJavJBaNBJJv4DUEg2bnds8T0PxJMfhAt6
Rn6pCvaQrc/OU/FWs9UW4km3M1avkgJmF1CpBaDNFsuy5PHngAZVuhuTFTUrvUwC
JTTWh66ouvDiIOazVvyF/GeJiP+hgDFBukzC8FkTqsc4GugxgWqUSxQxweZSh2Ft
2AuaeJKxbGGddR1AOL5KskLMe8GBmXJwNan39pHZnwMXcZWh9BzC3QMNCXnHDzt4
c2/Gl0twJV4jCZK9gRJo3r5ngV3/AUFvcSom4KBBgaim
-----END CERTIFICATE-----