This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/OCaG69L4oGw_KiLZLKBePPSp7CE.roa
File:                     OCaG69L4oGw_KiLZLKBePPSp7CE.roa (raw, json)
Hash identifier:          vtJ6sg+cCvGmbdxUocxZh93rGJH1rOZrPXnfYKxcVyQ=
Subject key identifier:   38:26:86:EB:D2:F8:A0:6C:3F:2A:22:D9:2C:A0:5E:3C:F4:A9:EC:21
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       019B7C8040795BBCFBAB001C4114A33A6EC8
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/OCaG69L4oGw_KiLZLKBePPSp7CE.roa
Signing time:             Fri 02 Jan 2026 02:18:58 +0000
ROA not before:           Fri 02 Jan 2026 02:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205879
IP address blocks:        213.156.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:40:79:5b:bc:fb:ab:00:1c:41:14:a3:3a:6e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Jan  2 02:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=382686ebd2f8a06c3f2a22d92ca05e3cf4a9ec21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:09:96:eb:1b:4e:46:8b:dd:ff:af:f9:58:a8:
                    4f:66:b3:b5:c4:e0:a0:6c:4a:28:19:ca:d4:87:fa:
                    d9:77:4c:c5:6d:f1:61:58:54:9a:f2:99:16:dd:44:
                    f8:40:8a:b8:9f:a4:20:9f:b6:94:d9:e7:0e:61:20:
                    39:91:35:41:ec:05:80:b4:31:2c:b7:92:43:13:e1:
                    26:f0:e1:82:70:67:cb:c1:a7:89:5d:21:99:00:bf:
                    db:57:88:34:a5:d6:c5:c8:09:1f:ab:4d:9e:27:d4:
                    3e:e5:86:c9:e6:44:e6:4a:08:96:20:28:f7:4c:1b:
                    c9:ab:67:1a:28:53:9b:94:9b:4b:e2:ef:84:00:a1:
                    d7:fa:fa:6d:58:fd:f4:42:cf:4a:65:32:2f:fa:ba:
                    a3:ba:36:97:4d:7d:c7:60:03:33:87:70:9d:1f:d8:
                    5b:2e:ed:9c:c3:80:53:04:23:3d:29:3c:76:4c:ad:
                    7e:3a:63:85:d1:53:21:ed:87:0d:ff:6a:ef:a8:2a:
                    ee:37:8c:4f:0e:7c:39:e9:2d:fa:d7:76:7f:94:a1:
                    85:a4:d5:fc:d0:47:6d:e3:4b:56:c2:c7:fb:0b:6a:
                    0a:7a:17:96:6e:49:c6:f2:a8:cd:90:b9:55:fb:96:
                    25:51:c4:be:57:95:fa:b3:9c:ac:a9:53:66:69:a3:
                    2d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:26:86:EB:D2:F8:A0:6C:3F:2A:22:D9:2C:A0:5E:3C:F4:A9:EC:21
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/OCaG69L4oGw_KiLZLKBePPSp7CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:fa:44:13:be:6e:87:19:98:4e:c0:9a:f1:5b:5a:c9:40:5e:
         1a:c2:b0:84:43:de:dc:a7:47:31:af:ea:b5:f0:d4:c5:35:5e:
         5e:56:97:f2:de:d9:a1:05:da:f0:56:41:03:d6:5d:34:cc:bc:
         48:3d:69:e7:64:a5:0c:d8:ef:6b:26:c6:aa:74:cd:67:86:cb:
         d0:34:9d:1d:99:53:6a:12:48:70:45:d2:5f:a0:f5:0d:cb:4b:
         b8:5a:05:a9:12:30:da:21:17:04:9e:db:cd:40:7a:a5:e9:f5:
         20:45:92:7e:77:4d:29:e6:83:be:46:3e:11:a3:ab:93:1e:e1:
         f5:1e:fa:91:37:61:aa:da:a9:09:54:5f:46:e7:26:eb:2d:da:
         17:d4:a1:73:a8:a1:46:26:06:6e:97:df:88:d4:ac:b2:02:31:
         66:e9:ba:ee:7e:01:68:cc:3d:e6:eb:53:f2:1e:b4:30:01:ce:
         e6:ae:b3:fc:d8:ee:af:3d:02:b4:ae:56:22:72:c9:11:e9:5c:
         14:b0:39:6b:1d:9a:41:b4:21:67:4d:75:a5:c6:c3:6c:05:40:
         14:2f:34:5f:d4:40:9a:e8:98:9f:76:33:bc:28:2a:c6:22:21:
         99:4c:b5:97:b6:a6:0f:4b:11:81:79:fa:5b:13:e0:c6:69:89:
         83:af:69:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gEB5W7z7qwAcQRSjOm7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjYwMTAyMDIxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI2ODZlYmQyZjhhMDZjM2YyYTIyZDkyY2EwNWUzY2Y0YTllYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AmW6xtORovd/6/5WKhPZrO1xOCg
bEooGcrUh/rZd0zFbfFhWFSa8pkW3UT4QIq4n6Qgn7aU2ecOYSA5kTVB7AWAtDEs
t5JDE+Em8OGCcGfLwaeJXSGZAL/bV4g0pdbFyAkfq02eJ9Q+5YbJ5kTmSgiWICj3
TBvJq2caKFOblJtL4u+EAKHX+vptWP30Qs9KZTIv+rqjujaXTX3HYAMzh3CdH9hb
Lu2cw4BTBCM9KTx2TK1+OmOF0VMh7YcN/2rvqCruN4xPDnw56S3613Z/lKGFpNX8
0Edt40tWwsf7C2oKeheWbknG8qjNkLlV+5YlUcS+V5X6s5ysqVNmaaMtsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgmhuvS+KBsPyoi2SygXjz0qewhMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvT0NhRzY5TDRvR3dfS2lMWkxLQmVQUFNwN0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZxlMA0G
CSqGSIb3DQEBCwUAA4IBAQBI+kQTvm6HGZhOwJrxW1rJQF4awrCEQ97cp0cxr+q1
8NTFNV5eVpfy3tmhBdrwVkED1l00zLxIPWnnZKUM2O9rJsaqdM1nhsvQNJ0dmVNq
EkhwRdJfoPUNy0u4WgWpEjDaIRcEntvNQHql6fUgRZJ+d00p5oO+Rj4Ro6uTHuH1
HvqRN2Gq2qkJVF9G5ybrLdoX1KFzqKFGJgZul9+I1KyyAjFm6brufgFozD3m61Py
HrQwAc7mrrP82O6vPQK0rlYicskR6VwUsDlrHZpBtCFnTXWlxsNsBUAULzRf1ECa
6JifdjO8KCrGIiGZTLWXtqYPSxGBefpbE+DGaYmDr2k0
-----END CERTIFICATE-----