This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/0kteYDEknBDxG9W3J3cL9QhFRvc.roa
File:                     0kteYDEknBDxG9W3J3cL9QhFRvc.roa (raw, json)
Hash identifier:          1XWojZWd6G7wDLkk3o7HBTuYxtsrR+gEZcfWZE2ZhEU=
Subject key identifier:   D2:4B:5E:60:31:24:9C:10:F1:1B:D5:B7:27:77:0B:F5:08:45:46:F7
Certificate issuer:       /CN=3d897bd8c6df1cb71410fe194bed739a2f8a6773
Certificate serial:       019B77C6684E8D4E80F783E7603F777FD47F
Authority key identifier: 3D:89:7B:D8:C6:DF:1C:B7:14:10:FE:19:4B:ED:73:9A:2F:8A:67:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/0kteYDEknBDxG9W3J3cL9QhFRvc.roa
Signing time:             Thu 01 Jan 2026 04:17:30 +0000
ROA not before:           Thu 01 Jan 2026 04:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15497
IP address blocks:        193.41.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:68:4e:8d:4e:80:f7:83:e7:60:3f:77:7f:d4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d897bd8c6df1cb71410fe194bed739a2f8a6773
        Validity
            Not Before: Jan  1 04:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d24b5e6031249c10f11bd5b727770bf5084546f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ec:cd:e8:ae:e4:8f:e9:df:60:d7:d7:a6:c0:
                    d3:9e:9e:9e:e6:4a:72:17:1d:29:39:2f:ca:ce:1a:
                    fa:40:ff:39:ec:ab:0e:fd:09:ba:83:cf:ec:df:35:
                    39:b0:67:52:6b:0a:a3:47:c7:85:96:39:39:30:cb:
                    54:c2:e9:7a:e1:c4:9c:5c:4e:e9:b6:0c:2f:d2:f3:
                    a6:d5:5d:cb:12:4d:aa:e1:af:c3:a1:ba:f4:b4:ba:
                    d4:19:a1:de:19:c0:b0:d4:d5:4a:32:79:4c:79:05:
                    23:da:b6:45:eb:8a:d8:b8:5b:79:c5:6c:72:9d:02:
                    8a:e4:3c:29:a3:66:c2:02:0b:ee:1b:df:3e:82:6c:
                    95:75:bf:29:96:9c:4f:0b:c5:0f:8c:7c:e7:f1:40:
                    4a:ea:b4:6e:80:5a:88:d4:29:ea:42:92:40:81:6d:
                    f1:aa:16:2e:52:c8:d1:21:40:28:10:d0:e7:fa:0f:
                    71:1f:43:f8:6d:b8:28:e3:aa:5d:7b:8e:43:24:97:
                    b2:cd:e2:76:fe:d0:35:7f:1a:c2:b1:ed:c0:88:24:
                    82:9c:39:0c:4f:05:28:5a:7a:73:bc:23:e9:8d:e9:
                    c3:29:8e:5d:12:bb:29:86:c4:95:e1:f7:de:3e:4d:
                    e6:ba:2e:17:60:9b:52:02:aa:31:e2:51:82:f8:79:
                    14:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:4B:5E:60:31:24:9C:10:F1:1B:D5:B7:27:77:0B:F5:08:45:46:F7
            X509v3 Authority Key Identifier:
                keyid:3D:89:7B:D8:C6:DF:1C:B7:14:10:FE:19:4B:ED:73:9A:2F:8A:67:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/0kteYDEknBDxG9W3J3cL9QhFRvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5471f8-c938-40cc-b139-f9f92150cd39/1/PYl72MbfHLcUEP4ZS-1zmi-KZ3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:0b:c1:1e:2e:4a:45:89:33:4b:42:58:51:33:4f:52:17:a5:
         00:3e:f6:c1:4a:ec:ca:e0:a9:56:f0:8a:e7:d7:bc:65:7b:4d:
         6a:d4:49:29:9a:11:1a:71:88:5c:7a:02:34:f8:04:9d:0c:76:
         28:f5:8a:b7:5d:03:58:3a:57:69:67:30:f8:4c:06:7a:3b:2b:
         0e:60:f1:55:df:6d:f2:ed:df:af:5d:55:63:b3:99:fc:78:48:
         8b:b6:37:63:f7:c5:e4:33:ba:58:69:4f:54:20:ff:0d:94:04:
         06:91:3d:30:41:6e:d4:f8:0e:db:54:4f:87:f7:00:e8:d9:3f:
         c3:82:1c:5b:f9:99:6f:78:2c:46:d7:1a:c4:f9:7a:3f:ef:c1:
         5d:29:00:25:b7:56:d7:ee:88:fe:42:0b:ab:ad:83:1a:a6:a0:
         58:7c:04:57:3d:a5:5b:4a:b3:04:fc:d8:d0:db:32:ec:f9:95:
         5d:ee:fa:6f:be:e7:0f:fd:1b:f4:ae:f8:6c:e8:4a:a0:cc:8b:
         e5:ee:9a:bf:3b:11:7a:ec:05:b8:64:c9:b3:8e:9e:bf:69:4f:
         ca:a3:19:01:b0:78:c3:14:71:e3:22:dc:12:6f:86:ac:42:3c:
         f1:cb:ad:24:85:08:8d:52:19:b6:74:5b:da:65:af:c3:0f:85:
         aa:99:c7:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xmhOjU6A94PnYD93f9R/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkODk3YmQ4YzZkZjFjYjcxNDEwZmUxOTRiZWQ3MzlhMmY4
YTY3NzMwHhcNMjYwMTAxMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjRiNWU2MDMxMjQ5YzEwZjExYmQ1YjcyNzc3MGJmNTA4NDU0NmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuzN6K7kj+nfYNfXpsDTnp6e5kpy
Fx0pOS/Kzhr6QP857KsO/Qm6g8/s3zU5sGdSawqjR8eFljk5MMtUwul64cScXE7p
tgwv0vOm1V3LEk2q4a/Dobr0tLrUGaHeGcCw1NVKMnlMeQUj2rZF64rYuFt5xWxy
nQKK5Dwpo2bCAgvuG98+gmyVdb8plpxPC8UPjHzn8UBK6rRugFqI1CnqQpJAgW3x
qhYuUsjRIUAoENDn+g9xH0P4bbgo46pde45DJJeyzeJ2/tA1fxrCse3AiCSCnDkM
TwUoWnpzvCPpjenDKY5dErsphsSV4ffePk3mui4XYJtSAqox4lGC+HkUowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJLXmAxJJwQ8RvVtyd3C/UIRUb3MB8GA1UdIwQY
MBaAFD2Je9jG3xy3FBD+GUvtc5ovimdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlsNzJNYmZITGNVRVA0WlMtMXptaS1LWjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81NDcxZjgtYzkzOC00MGNjLWIxMzkt
ZjlmOTIxNTBjZDM5LzEvMGt0ZVlERWtuQkR4RzlXM0ozY0w5UWhGUnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81NDcxZjgtYzkzOC00MGNjLWIxMzktZjlmOTIxNTBjZDM5
LzEvUFlsNzJNYmZITGNVRVA0WlMtMXptaS1LWjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSnvMA0G
CSqGSIb3DQEBCwUAA4IBAQChC8EeLkpFiTNLQlhRM09SF6UAPvbBSuzK4KlW8Irn
17xle01q1EkpmhEacYhcegI0+ASdDHYo9Yq3XQNYOldpZzD4TAZ6OysOYPFV323y
7d+vXVVjs5n8eEiLtjdj98XkM7pYaU9UIP8NlAQGkT0wQW7U+A7bVE+H9wDo2T/D
ghxb+ZlveCxG1xrE+Xo/78FdKQAlt1bX7oj+QgurrYMapqBYfARXPaVbSrME/NjQ
2zLs+ZVd7vpvvucP/Rv0rvhs6EqgzIvl7pq/OxF67AW4ZMmzjp6/aU/KoxkBsHjD
FHHjItwSb4asQjzxy60khQiNUhm2dFvaZa/DD4WqmceY
-----END CERTIFICATE-----