This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/Bs4-wDTWZhdrUJPjnmHAAhFT9Xg.roa
File:                     Bs4-wDTWZhdrUJPjnmHAAhFT9Xg.roa (raw, json)
Hash identifier:          6OMArpIsIaojsmbebqPGL9yNN2iOhKDqxEQ3VsEqyz4=
Subject key identifier:   06:CE:3E:C0:34:D6:66:17:6B:50:93:E3:9E:61:C0:02:11:53:F5:78
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       019B79ED3FFE1D334D1E687D408B59222CA4
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/Bs4-wDTWZhdrUJPjnmHAAhFT9Xg.roa
Signing time:             Thu 01 Jan 2026 14:19:10 +0000
ROA not before:           Thu 01 Jan 2026 14:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200435
IP address blocks:        94.143.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:3f:fe:1d:33:4d:1e:68:7d:40:8b:59:22:2c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jan  1 14:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06ce3ec034d666176b5093e39e61c0021153f578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:30:20:a2:b9:65:00:cb:6d:4e:a3:4e:fd:bb:
                    39:45:1e:40:ad:5d:c1:a5:14:4b:58:68:bc:99:63:
                    d6:1b:d9:bd:15:e5:68:6f:6b:6b:f8:57:01:a9:bc:
                    97:70:53:6b:82:21:60:37:8d:3b:35:a0:e4:9e:b8:
                    8d:04:93:fd:4e:76:5e:2b:24:56:eb:39:ca:2d:e6:
                    5a:3a:bf:84:60:a1:4d:d9:5a:e3:3a:e0:3b:17:13:
                    eb:13:ce:ab:bf:5a:53:87:18:bf:51:f6:eb:98:9a:
                    29:0f:ee:31:32:df:f5:0e:9d:27:e1:68:0d:ca:d5:
                    93:fb:26:c2:ea:a0:0e:0f:58:94:04:fc:e5:af:92:
                    ed:fc:83:94:42:c1:a0:b8:7a:88:51:aa:9f:5b:20:
                    ad:91:db:a2:5b:17:49:5e:62:da:18:f9:0f:a5:34:
                    76:12:73:2e:20:9a:11:76:6e:54:20:93:92:8f:a4:
                    47:85:10:e2:be:a9:94:e2:d9:05:9a:de:63:78:14:
                    f0:2b:75:0a:03:4a:78:e7:f9:89:f5:0b:b9:73:de:
                    9a:30:86:dc:ae:29:06:51:8d:3e:73:56:b7:a9:f5:
                    8f:e9:46:c1:f2:97:3c:51:19:0b:5d:a1:b8:3a:8b:
                    bc:d7:d3:4e:44:a1:f2:e8:28:94:11:1b:98:a3:a5:
                    38:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:CE:3E:C0:34:D6:66:17:6B:50:93:E3:9E:61:C0:02:11:53:F5:78
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/Bs4-wDTWZhdrUJPjnmHAAhFT9Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:03:f9:69:be:09:20:59:de:56:c2:69:9f:c5:86:7f:e4:49:
         78:23:6c:8b:f3:6a:49:a6:61:92:0f:be:03:79:2c:dc:d5:8d:
         8c:71:af:19:30:b3:93:63:1c:07:31:aa:ca:4a:94:0b:4a:0a:
         db:0e:1a:26:8d:ca:92:36:5d:8c:fc:0f:b1:20:17:70:07:8e:
         12:c1:ca:76:06:5a:3a:7e:a6:2f:30:34:6c:99:5c:46:51:b3:
         40:a3:26:54:a9:dd:1c:77:56:a2:c4:3d:b4:8f:b2:20:0b:6c:
         5d:bd:81:74:9f:d1:01:5b:7c:19:83:c5:e7:b3:96:80:d7:74:
         c2:9b:fa:c6:44:fd:f5:57:af:c6:cc:67:11:d2:70:15:54:cf:
         3c:1a:f4:fc:24:b7:29:d2:c3:81:fe:a0:d6:0d:0a:b9:71:f4:
         0e:dd:57:6a:2e:a7:bb:49:b8:00:b2:71:63:2d:51:75:df:88:
         d7:9c:0e:9e:27:9b:45:dc:16:2a:65:c9:55:8e:df:ae:fe:3b:
         58:55:63:0b:9a:c3:b0:fc:c0:a0:e7:8f:e5:22:69:e6:e3:f8:
         17:d2:e6:c7:c1:e6:06:13:3e:81:34:b4:a7:f5:35:74:25:dd:
         f3:d6:e7:52:d1:53:f7:b0:ac:50:12:31:fb:18:ac:07:b4:e8:
         6e:6b:6d:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57T/+HTNNHmh9QItZIiykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjYwMTAxMTQxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmNlM2VjMDM0ZDY2NjE3NmI1MDkzZTM5ZTYxYzAwMjExNTNmNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzAgorllAMttTqNO/bs5RR5ArV3B
pRRLWGi8mWPWG9m9FeVob2tr+FcBqbyXcFNrgiFgN407NaDknriNBJP9TnZeKyRW
6znKLeZaOr+EYKFN2VrjOuA7FxPrE86rv1pThxi/UfbrmJopD+4xMt/1Dp0n4WgN
ytWT+ybC6qAOD1iUBPzlr5Lt/IOUQsGguHqIUaqfWyCtkduiWxdJXmLaGPkPpTR2
EnMuIJoRdm5UIJOSj6RHhRDivqmU4tkFmt5jeBTwK3UKA0p45/mJ9Qu5c96aMIbc
rikGUY0+c1a3qfWP6UbB8pc8URkLXaG4Oou819NORKHy6CiUERuYo6U4+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbOPsA01mYXa1CT455hwAIRU/V4MB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvQnM0LXdEVFdaaGRyVUpQam5tSEFBaEZUOVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo/hMA0G
CSqGSIb3DQEBCwUAA4IBAQBvA/lpvgkgWd5WwmmfxYZ/5El4I2yL82pJpmGSD74D
eSzc1Y2Mca8ZMLOTYxwHMarKSpQLSgrbDhomjcqSNl2M/A+xIBdwB44Swcp2Blo6
fqYvMDRsmVxGUbNAoyZUqd0cd1aixD20j7IgC2xdvYF0n9EBW3wZg8Xns5aA13TC
m/rGRP31V6/GzGcR0nAVVM88GvT8JLcp0sOB/qDWDQq5cfQO3VdqLqe7SbgAsnFj
LVF134jXnA6eJ5tF3BYqZclVjt+u/jtYVWMLmsOw/MCg54/lImnm4/gX0ubHweYG
Ez6BNLSn9TV0Jd3z1udS0VP3sKxQEjH7GKwHtOhua21w
-----END CERTIFICATE-----