This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ooBKY1-HwVB0tAorZ2YuYBEsDc0.roa
File:                     ooBKY1-HwVB0tAorZ2YuYBEsDc0.roa (raw, json)
Hash identifier:          Z4UR1BfgNMl5QK5SmuWC/M8+s3Vhzs8L+BYFDZfRHro=
Subject key identifier:   A2:80:4A:63:5F:87:C1:50:74:B4:0A:2B:67:66:2E:60:11:2C:0D:CD
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B356428B8B7FA6DC5375E5114CCBA4A
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ooBKY1-HwVB0tAorZ2YuYBEsDc0.roa
Signing time:             Thu 01 Jan 2026 20:17:35 +0000
ROA not before:           Thu 01 Jan 2026 20:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31454
IP address blocks:        193.230.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:64:28:b8:b7:fa:6d:c5:37:5e:51:14:cc:ba:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2804a635f87c15074b40a2b67662e60112c0dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:26:ae:f7:1a:2b:19:1b:84:b3:94:cb:5b:53:
                    01:2f:14:22:92:93:e9:cd:b0:7d:aa:d0:29:96:79:
                    4a:1c:b7:83:d1:0d:5d:6f:bc:1b:9c:8a:79:a9:de:
                    0a:bd:db:1d:c3:9d:56:9a:8e:c8:70:ee:79:a8:d0:
                    44:5c:14:52:d5:98:9d:8d:c0:29:39:8a:75:72:3f:
                    3b:10:cd:48:e7:77:f1:1c:c4:18:1e:22:1c:aa:f4:
                    41:d2:5f:cc:1a:49:d5:cd:46:44:e4:5b:33:c8:ef:
                    89:b3:65:95:5d:c8:0b:36:2c:67:40:83:00:28:fc:
                    13:f5:83:0f:4c:b8:b2:6a:d4:58:2f:da:9d:bc:d0:
                    41:14:1d:63:57:c3:29:0e:93:af:c7:2a:a2:89:bd:
                    72:98:c6:37:aa:a5:61:5e:9e:f5:9f:df:d9:a6:c4:
                    da:ed:8d:8b:20:44:fa:17:7a:2b:27:7c:48:1f:2d:
                    d5:a9:f2:d7:53:60:cb:d5:67:91:bd:0e:5b:33:6b:
                    87:24:3f:38:73:a1:55:15:b3:10:b2:7d:41:5c:f0:
                    38:a6:9e:c6:12:60:81:0a:08:7e:c0:8c:54:19:79:
                    83:7c:fc:a4:09:d8:8d:9f:34:b8:c3:f6:14:7e:21:
                    6c:a6:5e:17:e8:d6:c5:fd:b0:3c:d2:e9:f7:ad:7d:
                    ae:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:80:4A:63:5F:87:C1:50:74:B4:0A:2B:67:66:2E:60:11:2C:0D:CD
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ooBKY1-HwVB0tAorZ2YuYBEsDc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.230.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:e9:b7:22:46:91:80:ea:6a:8d:a7:f5:29:1a:e0:a6:08:c7:
         a9:0c:71:60:97:23:86:cb:39:2c:89:af:b8:2a:90:52:bd:10:
         a2:3e:c1:72:4c:23:41:ec:e6:a0:11:82:1d:6b:c2:4b:57:31:
         81:98:f0:aa:41:22:ad:d0:4d:6e:bb:bb:af:0b:0c:f8:ed:94:
         a3:bc:2b:6e:62:af:c7:a4:a2:0e:98:a3:c3:52:7c:97:c2:9c:
         38:8d:0b:94:00:e3:69:2d:6c:46:10:13:70:73:9a:0f:36:96:
         b4:14:a9:6f:2f:b4:6a:ff:ab:2f:c9:a0:47:56:d7:22:ad:ad:
         32:95:79:e0:db:fe:a1:a2:27:53:4e:e3:15:3d:e1:0a:c0:2e:
         1c:94:e4:f2:93:38:c5:de:d4:b2:6e:c7:5a:4e:ad:45:df:8f:
         d0:21:56:7d:bc:0e:35:df:80:0d:6b:62:7a:6d:ee:5e:64:05:
         6a:60:6c:37:98:aa:a5:f8:ed:d7:26:7d:db:20:69:5a:93:98:
         9d:18:45:68:1a:56:26:27:1f:cc:0b:43:4f:8b:2a:d2:65:0a:
         09:94:c6:19:b4:1c:11:aa:5e:ac:b8:2d:f8:35:cc:a2:6a:d0:
         69:55:10:22:5b:b1:51:ed:02:26:2a:05:fe:a5:d2:61:b8:21:
         75:6e:e5:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWQouLf6bcU3XlEUzLpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjgwNGE2MzVmODdjMTUwNzRiNDBhMmI2NzY2MmU2MDExMmMwZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCau9xorGRuEs5TLW1MBLxQikpPp
zbB9qtAplnlKHLeD0Q1db7wbnIp5qd4Kvdsdw51Wmo7IcO55qNBEXBRS1ZidjcAp
OYp1cj87EM1I53fxHMQYHiIcqvRB0l/MGknVzUZE5FszyO+Js2WVXcgLNixnQIMA
KPwT9YMPTLiyatRYL9qdvNBBFB1jV8MpDpOvxyqiib1ymMY3qqVhXp71n9/ZpsTa
7Y2LIET6F3orJ3xIHy3VqfLXU2DL1WeRvQ5bM2uHJD84c6FVFbMQsn1BXPA4pp7G
EmCBCgh+wIxUGXmDfPykCdiNnzS4w/YUfiFspl4X6NbF/bA80un3rX2uwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKASmNfh8FQdLQKK2dmLmARLA3NMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvb29CS1kxLUh3VkIwdEFvcloyWXVZQkVzRGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweaXMA0G
CSqGSIb3DQEBCwUAA4IBAQBU6bciRpGA6mqNp/UpGuCmCMepDHFglyOGyzksia+4
KpBSvRCiPsFyTCNB7OagEYIda8JLVzGBmPCqQSKt0E1uu7uvCwz47ZSjvCtuYq/H
pKIOmKPDUnyXwpw4jQuUAONpLWxGEBNwc5oPNpa0FKlvL7Rq/6svyaBHVtcira0y
lXng2/6hoidTTuMVPeEKwC4clOTykzjF3tSybsdaTq1F34/QIVZ9vA4134ANa2J6
be5eZAVqYGw3mKql+O3XJn3bIGlak5idGEVoGlYmJx/MC0NPiyrSZQoJlMYZtBwR
ql6suC34NcyiatBpVRAiW7FR7QImKgX+pdJhuCF1buVr
-----END CERTIFICATE-----