This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/5KeRhOyb086eeciztDQbKFDzrso.roa
File:                     5KeRhOyb086eeciztDQbKFDzrso.roa (raw, json)
Hash identifier:          ySXvhH64ggwnsQNYdFNSvhmS1S+iYiesXOZvpdcRhg8=
Subject key identifier:   E4:A7:91:84:EC:9B:D3:CE:9E:79:C8:B3:B4:34:1B:28:50:F3:AE:CA
Certificate issuer:       /CN=bfbb03016c83cea8aa4fa9c36a3643a565cc93e6
Certificate serial:       019B7C12D30BE96E7C6D2766A2F94E03A81F
Authority key identifier: BF:BB:03:01:6C:83:CE:A8:AA:4F:A9:C3:6A:36:43:A5:65:CC:93:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7sDAWyDzqiqT6nDajZDpWXMk-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/5KeRhOyb086eeciztDQbKFDzrso.roa
Signing time:             Fri 02 Jan 2026 00:19:27 +0000
ROA not before:           Fri 02 Jan 2026 00:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20676
IP address blocks:        193.100.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/v7sDAWyDzqiqT6nDajZDpWXMk-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/v7sDAWyDzqiqT6nDajZDpWXMk-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7sDAWyDzqiqT6nDajZDpWXMk-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:d3:0b:e9:6e:7c:6d:27:66:a2:f9:4e:03:a8:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfbb03016c83cea8aa4fa9c36a3643a565cc93e6
        Validity
            Not Before: Jan  2 00:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4a79184ec9bd3ce9e79c8b3b4341b2850f3aeca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:be:46:68:4b:58:d4:13:78:66:bc:39:d2:7f:
                    bf:f9:33:24:58:46:51:9d:90:1e:53:07:b3:6b:52:
                    09:a9:c7:d2:d1:bb:fc:4d:cc:7b:74:c6:9a:93:39:
                    7c:5c:f1:c8:c1:db:db:46:95:aa:32:8e:ae:01:b2:
                    e5:11:f5:b0:83:ca:de:f8:21:5b:1f:50:52:ae:ff:
                    05:79:c4:56:b6:01:28:78:96:15:00:0b:67:93:c5:
                    2c:0b:5c:b2:b9:b5:a5:f7:37:98:f8:f0:f2:59:28:
                    7c:ec:f6:8c:5a:c7:b4:c2:9d:ae:96:5b:39:4c:26:
                    5c:59:96:86:e7:9f:55:68:0d:b7:44:5d:e2:62:a3:
                    76:4b:6f:f3:5c:f1:01:70:16:0b:f8:85:25:30:ee:
                    aa:c6:68:76:e4:15:9d:a4:4e:98:9c:0b:f7:b9:e5:
                    bd:85:fb:9e:88:c1:a8:7a:e9:55:46:3f:91:cb:bf:
                    46:2d:0e:2a:44:5d:8e:09:65:ef:fb:92:de:da:36:
                    d6:53:9c:ff:46:d9:da:b6:80:dc:d6:2a:58:38:e9:
                    2a:fa:d8:68:b9:13:69:9e:c7:41:0e:cf:b0:24:48:
                    a4:65:85:ed:dd:93:1b:73:d4:0e:39:bb:cb:26:07:
                    fc:00:74:53:41:67:23:a7:67:37:ea:28:79:4b:b8:
                    0d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A7:91:84:EC:9B:D3:CE:9E:79:C8:B3:B4:34:1B:28:50:F3:AE:CA
            X509v3 Authority Key Identifier:
                keyid:BF:BB:03:01:6C:83:CE:A8:AA:4F:A9:C3:6A:36:43:A5:65:CC:93:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7sDAWyDzqiqT6nDajZDpWXMk-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/5KeRhOyb086eeciztDQbKFDzrso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/v7sDAWyDzqiqT6nDajZDpWXMk-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:96:5d:e7:29:75:a9:e0:c0:2a:7e:b3:79:60:18:ca:ec:08:
         85:86:e8:74:bc:2b:b5:f8:35:09:d2:4b:21:a0:91:20:71:55:
         89:17:cb:14:8f:4b:7c:a8:2a:0b:ab:c9:ad:b8:0c:1b:e2:96:
         ab:15:88:49:21:12:fa:00:02:e1:da:d0:ee:07:db:1f:20:4e:
         b7:17:0f:2e:fd:76:7d:c6:67:fb:29:23:f1:3f:27:3f:13:72:
         ff:c0:16:e3:58:73:54:97:eb:50:f1:a4:f4:d9:89:b7:3a:74:
         dc:71:4c:30:18:14:df:6d:97:45:a3:b0:5e:74:dc:0e:de:27:
         79:70:9a:65:09:d4:a8:9d:61:08:d4:16:13:76:88:5e:f4:59:
         73:f3:bf:02:3b:49:86:bd:da:17:f0:cd:92:bb:b1:f1:92:6f:
         e7:c2:7a:63:8c:c2:28:2a:ce:f2:a4:fe:d4:ba:3f:f2:28:09:
         fd:66:15:7d:0e:76:a2:5c:5a:c5:cf:c2:82:63:96:20:32:b0:
         46:88:8a:e6:27:d4:07:55:5e:12:35:73:30:2d:3c:4a:07:5b:
         1c:3e:db:47:60:27:37:38:41:98:e0:9d:08:55:0d:a7:b1:b1:
         2c:b5:23:0f:8f:e0:de:f1:38:15:2c:92:18:e5:c8:9d:db:e5:
         34:16:b9:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EtML6W58bSdmovlOA6gfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYmIwMzAxNmM4M2NlYThhYTRmYTljMzZhMzY0M2E1NjVj
YzkzZTYwHhcNMjYwMTAyMDAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGE3OTE4NGVjOWJkM2NlOWU3OWM4YjNiNDM0MWIyODUwZjNhZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5L5GaEtY1BN4Zrw50n+/+TMkWEZR
nZAeUweza1IJqcfS0bv8Tcx7dMaakzl8XPHIwdvbRpWqMo6uAbLlEfWwg8re+CFb
H1BSrv8FecRWtgEoeJYVAAtnk8UsC1yyubWl9zeY+PDyWSh87PaMWse0wp2ulls5
TCZcWZaG559VaA23RF3iYqN2S2/zXPEBcBYL+IUlMO6qxmh25BWdpE6YnAv3ueW9
hfueiMGoeulVRj+Ry79GLQ4qRF2OCWXv+5Le2jbWU5z/RtnatoDc1ipYOOkq+tho
uRNpnsdBDs+wJEikZYXt3ZMbc9QOObvLJgf8AHRTQWcjp2c36ih5S7gNJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSnkYTsm9POnnnIs7Q0GyhQ867KMB8GA1UdIwQY
MBaAFL+7AwFsg86oqk+pw2o2Q6VlzJPmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdzREFXeUR6cWlxVDZuRGFqWkRwV1hNay1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zZjNlNTctMGUwMC00ZjJmLTk3NmIt
NDE0ZjA5YjkyYzE1LzEvNUtlUmhPeWIwODZlZWNpenREUWJLRkR6cnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zZjNlNTctMGUwMC00ZjJmLTk3NmItNDE0ZjA5YjkyYzE1
LzEvdjdzREFXeUR6cWlxVDZuRGFqWkRwV1hNay1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWTRMA0G
CSqGSIb3DQEBCwUAA4IBAQBUll3nKXWp4MAqfrN5YBjK7AiFhuh0vCu1+DUJ0ksh
oJEgcVWJF8sUj0t8qCoLq8mtuAwb4parFYhJIRL6AALh2tDuB9sfIE63Fw8u/XZ9
xmf7KSPxPyc/E3L/wBbjWHNUl+tQ8aT02Ym3OnTccUwwGBTfbZdFo7BedNwO3id5
cJplCdSonWEI1BYTdohe9Flz878CO0mGvdoX8M2Su7Hxkm/nwnpjjMIoKs7ypP7U
uj/yKAn9ZhV9DnaiXFrFz8KCY5YgMrBGiIrmJ9QHVV4SNXMwLTxKB1scPttHYCc3
OEGY4J0IVQ2nsbEstSMPj+De8TgVLJIY5cid2+U0FrlK
-----END CERTIFICATE-----