This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/BEhnA8HlzocKBTFbTGvomzgDLXw.roa
File:                     BEhnA8HlzocKBTFbTGvomzgDLXw.roa (raw, json)
Hash identifier:          mgS7+wib0aUsSecsF7X4olbYLZrwELJ+ASFG23dhOnM=
Subject key identifier:   04:48:67:03:C1:E5:CE:87:0A:05:31:5B:4C:6B:E8:9B:38:03:2D:7C
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019B7EA709C0665B1A8A30C2CB56C34146D2
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/BEhnA8HlzocKBTFbTGvomzgDLXw.roa
Signing time:             Fri 02 Jan 2026 12:20:34 +0000
ROA not before:           Fri 02 Jan 2026 12:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206097
IP address blocks:        2a01:ecc0:800::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:09:c0:66:5b:1a:8a:30:c2:cb:56:c3:41:46:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Jan  2 12:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04486703c1e5ce870a05315b4c6be89b38032d7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:24:5b:9f:ca:e0:bb:40:2a:9a:9e:42:c9:ef:
                    39:fe:02:24:a3:0a:7b:5c:7b:37:c5:4f:d1:95:32:
                    f5:c7:45:25:e5:61:31:73:ce:8b:bf:f6:eb:dc:d7:
                    e1:b0:b7:a2:61:83:04:b7:19:0e:6d:2f:5a:b7:a2:
                    a5:e6:97:fa:15:ee:b9:c7:0f:b8:53:7a:93:67:a6:
                    87:01:c9:01:78:9d:34:21:7d:fc:79:92:b8:03:0e:
                    2a:d0:cc:c4:06:ee:85:f0:d2:4b:2b:fb:e9:0d:a9:
                    e1:40:bb:38:92:d3:89:3a:08:40:d1:7c:75:06:cc:
                    0e:24:69:c4:3b:0a:de:b7:9b:2e:57:87:34:eb:26:
                    96:b3:85:80:0d:b8:37:04:d7:84:3d:d8:01:a3:9a:
                    f2:88:2d:01:f6:bd:6e:31:45:f0:f6:b1:35:1a:06:
                    e4:db:25:a0:58:ae:a0:b4:5d:23:58:9a:86:65:a9:
                    f1:d6:1d:40:1f:a1:7a:12:c4:b9:2b:e3:0e:af:2c:
                    81:4a:d4:a8:f0:8c:78:22:b4:ae:ca:6b:fa:25:d9:
                    de:ae:ee:0e:41:53:2c:2e:9c:5f:08:23:74:1e:f4:
                    43:df:0f:e1:d9:77:57:86:c5:31:22:66:73:ac:51:
                    f0:5b:6e:67:69:e8:e4:e5:fc:0a:05:b3:df:25:95:
                    f9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:48:67:03:C1:E5:CE:87:0A:05:31:5B:4C:6B:E8:9B:38:03:2D:7C
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/BEhnA8HlzocKBTFbTGvomzgDLXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:800::/42

    Signature Algorithm: sha256WithRSAEncryption
         af:1a:02:6a:b9:e7:ed:5e:61:b3:1e:74:cd:41:8f:ac:30:2f:
         bc:e3:fb:90:9e:e5:c4:21:20:bf:fb:3f:40:7e:ba:ab:94:aa:
         fb:86:14:99:58:af:3b:fb:4d:70:42:cb:bd:1d:70:fc:a1:14:
         f9:f8:66:23:f4:46:0b:da:ea:4d:64:bf:7a:c4:67:80:66:ef:
         d8:28:7d:aa:a8:3f:e6:67:e9:ac:04:b4:18:8a:82:5a:f9:2e:
         ab:90:1f:74:ac:a7:27:8d:1b:03:03:9f:b9:a6:12:e8:73:0a:
         c3:14:de:dd:82:35:d5:5d:97:1c:df:49:db:89:6f:dd:96:c3:
         32:48:e7:7e:63:f4:e6:6a:18:ce:bd:99:30:d8:5c:96:8c:51:
         3b:fe:e7:df:3a:2c:9b:a8:3f:4a:a9:b9:50:3f:fe:e8:cc:69:
         3e:b4:1e:cc:dd:eb:07:40:11:22:0f:ca:d7:df:2d:8c:4c:6b:
         ab:86:58:2b:ad:66:99:38:3a:14:a0:09:5f:38:1f:48:d2:fc:
         d8:7e:5d:7f:80:64:aa:50:d0:14:d8:e8:82:f4:55:2e:5a:fe:
         2f:df:20:ea:00:e3:f4:a2:cb:4b:9c:ad:cd:00:50:1a:85:27:
         34:7b:ad:af:eb:6e:65:7c:7a:78:c4:40:fe:38:12:f4:af:fe:
         d9:cd:35:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+pwnAZlsaijDCy1bDQUbSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwMTAyMTIyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDQ4NjcwM2MxZTVjZTg3MGEwNTMxNWI0YzZiZTg5YjM4MDMyZDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCRbn8rgu0Aqmp5Cye85/gIkowp7
XHs3xU/RlTL1x0Ul5WExc86Lv/br3NfhsLeiYYMEtxkObS9at6Kl5pf6Fe65xw+4
U3qTZ6aHAckBeJ00IX38eZK4Aw4q0MzEBu6F8NJLK/vpDanhQLs4ktOJOghA0Xx1
BswOJGnEOwret5suV4c06yaWs4WADbg3BNeEPdgBo5ryiC0B9r1uMUXw9rE1Ggbk
2yWgWK6gtF0jWJqGZanx1h1AH6F6EsS5K+MOryyBStSo8Ix4IrSuymv6Jdneru4O
QVMsLpxfCCN0HvRD3w/h2XdXhsUxImZzrFHwW25naejk5fwKBbPfJZX5IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFARIZwPB5c6HCgUxW0xr6Js4Ay18MB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvQkVobkE4SGx6b2NLQlRGYlRHdm9temdETFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgHswAgA
MA0GCSqGSIb3DQEBCwUAA4IBAQCvGgJqueftXmGzHnTNQY+sMC+84/uQnuXEISC/
+z9AfrqrlKr7hhSZWK87+01wQsu9HXD8oRT5+GYj9EYL2upNZL96xGeAZu/YKH2q
qD/mZ+msBLQYioJa+S6rkB90rKcnjRsDA5+5phLocwrDFN7dgjXVXZcc30nbiW/d
lsMySOd+Y/TmahjOvZkw2FyWjFE7/uffOiybqD9KqblQP/7ozGk+tB7M3esHQBEi
D8rX3y2MTGurhlgrrWaZODoUoAlfOB9I0vzYfl1/gGSqUNAU2OiC9FUuWv4v3yDq
AOP0ostLnK3NAFAahSc0e62v625lfHp4xED+OBL0r/7ZzTU5
-----END CERTIFICATE-----