This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/6OYyBwnBQqodEO0D6OBeEicE16I.roa
File:                     6OYyBwnBQqodEO0D6OBeEicE16I.roa (raw, json)
Hash identifier:          lKNm1QNO9okpnlJcH6XegMaYpAT8le74f9AsZf1bkAs=
Subject key identifier:   E8:E6:32:07:09:C1:42:AA:1D:10:ED:03:E8:E0:5E:12:27:04:D7:A2
Certificate issuer:       /CN=0d2f81b8c17f55dcdddec54c8cceadd695d28f07
Certificate serial:       019B7F827FBACE2DC88BF9A217D946BAC900
Authority key identifier: 0D:2F:81:B8:C1:7F:55:DC:DD:DE:C5:4C:8C:CE:AD:D6:95:D2:8F:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/6OYyBwnBQqodEO0D6OBeEicE16I.roa
Signing time:             Fri 02 Jan 2026 16:20:17 +0000
ROA not before:           Fri 02 Jan 2026 16:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20849
IP address blocks:        194.153.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:7f:ba:ce:2d:c8:8b:f9:a2:17:d9:46:ba:c9:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2f81b8c17f55dcdddec54c8cceadd695d28f07
        Validity
            Not Before: Jan  2 16:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8e6320709c142aa1d10ed03e8e05e122704d7a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6e:1d:1d:e5:d3:83:ad:20:c4:b3:26:5c:8a:
                    ea:81:10:83:18:6c:44:6d:36:10:ad:07:d6:08:53:
                    5a:c7:7e:3f:40:e1:f9:3d:83:7e:d8:1f:82:30:3c:
                    8a:53:e6:bb:8c:a1:e0:06:2c:57:3e:e2:d8:38:00:
                    dc:be:6b:a4:07:97:d6:f8:4e:04:a7:f5:c2:ac:22:
                    f5:97:ae:a1:5d:b0:d4:7a:7a:f5:97:c1:38:05:3b:
                    19:30:94:5f:ca:dd:bd:41:67:f0:d7:93:f6:73:ac:
                    8c:9c:05:3b:67:1a:76:c0:9b:5a:1f:0a:e3:f7:d5:
                    a5:70:be:54:80:88:6f:ab:5d:fa:23:c4:ac:70:cd:
                    fd:21:78:cc:14:11:da:5c:18:63:6c:fa:62:ca:8b:
                    a3:a1:3c:34:0e:b1:a3:b9:53:bb:da:76:d4:7e:a7:
                    bd:ea:ea:94:54:52:d1:ba:5f:45:95:91:e7:1c:60:
                    95:b4:fa:22:c1:56:b4:d3:85:7d:52:cf:38:95:b1:
                    7f:c5:6e:fb:e0:bd:4e:ab:04:6b:a6:c0:e6:e2:37:
                    11:71:02:f5:fd:52:39:fb:c9:60:7e:58:60:44:f6:
                    ef:d2:28:07:47:88:6c:b4:1a:0a:82:58:77:70:62:
                    ed:c0:5f:00:ea:cc:09:c8:38:dc:37:5d:42:3e:79:
                    23:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:E6:32:07:09:C1:42:AA:1D:10:ED:03:E8:E0:5E:12:27:04:D7:A2
            X509v3 Authority Key Identifier:
                keyid:0D:2F:81:B8:C1:7F:55:DC:DD:DE:C5:4C:8C:CE:AD:D6:95:D2:8F:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/6OYyBwnBQqodEO0D6OBeEicE16I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/af19a0-7cbf-4078-a987-68f2fa001fa7/1/DS-BuMF_Vdzd3sVMjM6t1pXSjwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:3b:85:6a:d8:b2:61:c4:37:94:df:21:b0:f1:7c:27:de:ab:
         92:78:c9:74:0f:97:f0:5f:84:b9:de:0d:09:aa:f7:1d:df:57:
         56:0a:d2:78:e8:c9:58:dd:b6:93:46:cc:e7:6e:b7:d8:ca:e7:
         d9:d0:17:58:32:1c:db:b1:92:b0:c7:d0:46:7b:08:5c:58:ab:
         93:c8:18:79:9b:7a:91:11:5b:5c:e8:86:77:69:38:01:af:5a:
         3a:60:ee:1a:ff:99:e7:ca:d5:ef:f5:72:3d:d1:9c:22:bd:7b:
         49:39:ef:9c:4d:b9:bd:45:c8:2e:d0:98:12:21:5d:3e:6a:8e:
         35:96:12:0c:cf:a2:ba:01:3f:d6:65:ef:63:59:1e:58:5f:3d:
         d7:5d:c7:6e:af:62:3d:e0:21:5d:39:38:ac:9f:98:65:69:97:
         96:23:5c:29:8d:d5:35:c2:76:0e:a7:c3:62:c2:48:05:f6:cd:
         ca:be:6a:bd:9c:26:af:99:a8:99:21:9b:70:e5:b2:48:bb:0a:
         b9:94:1b:89:c4:70:2a:2a:90:72:96:5f:45:61:e4:f2:13:8b:
         f8:50:04:8b:34:41:14:b8:a1:71:83:2b:9b:c7:9e:91:a0:ba:
         03:18:67:0e:93:ac:6b:15:ef:43:7b:08:7a:cd:7e:fc:3c:e0:
         6a:37:bd:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gn+6zi3Ii/miF9lGuskAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMmY4MWI4YzE3ZjU1ZGNkZGRlYzU0YzhjY2VhZGQ2OTVk
MjhmMDcwHhcNMjYwMTAyMTYyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGU2MzIwNzA5YzE0MmFhMWQxMGVkMDNlOGUwNWUxMjI3MDRkN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx24dHeXTg60gxLMmXIrqgRCDGGxE
bTYQrQfWCFNax34/QOH5PYN+2B+CMDyKU+a7jKHgBixXPuLYOADcvmukB5fW+E4E
p/XCrCL1l66hXbDUenr1l8E4BTsZMJRfyt29QWfw15P2c6yMnAU7Zxp2wJtaHwrj
99WlcL5UgIhvq136I8SscM39IXjMFBHaXBhjbPpiyoujoTw0DrGjuVO72nbUfqe9
6uqUVFLRul9FlZHnHGCVtPoiwVa004V9Us84lbF/xW774L1OqwRrpsDm4jcRcQL1
/VI5+8lgflhgRPbv0igHR4hstBoKglh3cGLtwF8A6swJyDjcN11CPnkjXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjmMgcJwUKqHRDtA+jgXhInBNeiMB8GA1UdIwQY
MBaAFA0vgbjBf1Xc3d7FTIzOrdaV0o8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFMtQnVNRl9WZHpkM3NWTWpNNnQxcFhTandjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZjE5YTAtN2NiZi00MDc4LWE5ODct
NjhmMmZhMDAxZmE3LzEvNk9ZeUJ3bkJRcW9kRU8wRDZPQmVFaWNFMTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZjE5YTAtN2NiZi00MDc4LWE5ODctNjhmMmZhMDAxZmE3
LzEvRFMtQnVNRl9WZHpkM3NWTWpNNnQxcFhTandjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpmSMA0G
CSqGSIb3DQEBCwUAA4IBAQBVO4Vq2LJhxDeU3yGw8Xwn3quSeMl0D5fwX4S53g0J
qvcd31dWCtJ46MlY3baTRsznbrfYyufZ0BdYMhzbsZKwx9BGewhcWKuTyBh5m3qR
EVtc6IZ3aTgBr1o6YO4a/5nnytXv9XI90ZwivXtJOe+cTbm9Rcgu0JgSIV0+ao41
lhIMz6K6AT/WZe9jWR5YXz3XXcdur2I94CFdOTisn5hlaZeWI1wpjdU1wnYOp8Ni
wkgF9s3Kvmq9nCavmaiZIZtw5bJIuwq5lBuJxHAqKpByll9FYeTyE4v4UASLNEEU
uKFxgyubx56RoLoDGGcOk6xrFe9Dewh6zX78POBqN70l
-----END CERTIFICATE-----