This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/d6c55a-8628-429f-a2ec-4f2c19bd54d7/1/O4sAh3xkbKW8_1R4ygmeymIKXCo.roa
File:                     O4sAh3xkbKW8_1R4ygmeymIKXCo.roa (raw, json)
Hash identifier:          3590EWq8UBW+NRuB0qqAJxA1WOGNS1btb/g2MoAacyw=
Subject key identifier:   3B:8B:00:87:7C:64:6C:A5:BC:FF:54:78:CA:09:9E:CA:62:0A:5C:2A
Certificate issuer:       /CN=a4f3f76e3ecef2497e113ea3bbaeb853f62f58fe
Certificate serial:       019B7D5C4376B8A5A74CA5B3585F0F52032B
Authority key identifier: A4:F3:F7:6E:3E:CE:F2:49:7E:11:3E:A3:BB:AE:B8:53:F6:2F:58:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPP3bj7O8kl-ET6ju664U_YvWP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/d6c55a-8628-429f-a2ec-4f2c19bd54d7/1/O4sAh3xkbKW8_1R4ygmeymIKXCo.roa
Signing time:             Fri 02 Jan 2026 06:19:17 +0000
ROA not before:           Fri 02 Jan 2026 06:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8708
IP address blocks:        194.102.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/d6c55a-8628-429f-a2ec-4f2c19bd54d7/1/pPP3bj7O8kl-ET6ju664U_YvWP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/d6c55a-8628-429f-a2ec-4f2c19bd54d7/1/pPP3bj7O8kl-ET6ju664U_YvWP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPP3bj7O8kl-ET6ju664U_YvWP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:43:76:b8:a5:a7:4c:a5:b3:58:5f:0f:52:03:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f3f76e3ecef2497e113ea3bbaeb853f62f58fe
        Validity
            Not Before: Jan  2 06:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b8b00877c646ca5bcff5478ca099eca620a5c2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:33:0e:02:fc:53:d5:10:63:0d:13:7c:86:41:
                    18:ea:b6:a2:a3:6e:ad:7c:85:a8:a3:ed:f3:2e:0f:
                    1e:9a:26:94:39:c7:80:31:77:72:67:44:0d:47:10:
                    1c:1a:72:46:ba:d2:fc:43:dd:83:a1:4f:ea:90:e7:
                    3f:34:39:89:1b:6d:13:44:10:59:10:a7:1a:6d:ed:
                    e6:30:1f:8f:a5:f0:76:e5:3d:e4:f1:a0:4c:aa:79:
                    ec:9e:30:65:77:d3:c1:ac:20:70:03:e1:07:08:9c:
                    89:40:81:9e:a5:d2:49:1c:cb:58:41:65:71:dd:0a:
                    f9:8c:25:7d:00:6a:57:52:e5:b1:54:fd:cf:41:bf:
                    53:43:bf:70:45:6d:f2:5c:09:b9:79:fc:dc:f1:58:
                    e7:14:81:fb:ec:a5:81:76:f3:1f:f3:12:71:4e:82:
                    57:07:ec:4c:42:93:c8:85:6a:0f:5b:f7:72:48:c0:
                    37:9f:4b:5b:7e:f3:8a:33:5e:32:09:34:22:fa:33:
                    12:8b:a5:9e:e5:32:ba:30:f3:d5:5c:81:34:ab:c5:
                    14:ca:58:24:e5:70:41:8b:2e:55:f4:5b:b0:a7:3f:
                    69:f2:54:f8:d6:fe:00:21:3a:19:a0:44:d4:98:c9:
                    f1:57:6c:04:92:e2:c3:58:ab:97:a5:fa:6c:f4:11:
                    cf:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:8B:00:87:7C:64:6C:A5:BC:FF:54:78:CA:09:9E:CA:62:0A:5C:2A
            X509v3 Authority Key Identifier:
                keyid:A4:F3:F7:6E:3E:CE:F2:49:7E:11:3E:A3:BB:AE:B8:53:F6:2F:58:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPP3bj7O8kl-ET6ju664U_YvWP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d6c55a-8628-429f-a2ec-4f2c19bd54d7/1/O4sAh3xkbKW8_1R4ygmeymIKXCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d6c55a-8628-429f-a2ec-4f2c19bd54d7/1/pPP3bj7O8kl-ET6ju664U_YvWP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:8f:11:50:51:38:f8:7a:d6:95:3e:ed:aa:05:fd:55:08:41:
         1f:ca:5a:b0:54:a9:18:6a:52:51:98:b6:fc:09:57:71:cf:30:
         0c:3e:77:ff:2a:cd:b9:a9:5f:69:03:7f:33:1b:b3:ac:f4:b1:
         3c:f4:ca:72:17:3e:81:61:a6:68:44:a7:e4:7e:27:24:98:c6:
         42:0d:b8:38:50:74:59:9f:d8:c5:d4:66:c4:55:91:28:ca:79:
         e2:a2:2c:41:b8:fe:4e:25:25:67:d6:42:b9:df:6e:8b:db:b8:
         ad:af:b6:ea:ed:84:9f:e1:5e:d7:d9:c2:10:25:2a:8f:1c:23:
         43:e2:9d:89:c9:f3:61:47:40:2c:1a:cc:5a:ad:f2:90:74:a1:
         9a:18:97:e2:f6:34:62:66:fb:4f:e2:aa:2b:20:2d:78:1a:47:
         8c:e7:cb:ca:b4:82:53:d7:51:8a:11:64:88:a5:99:f7:8b:2d:
         74:19:b2:07:2c:e7:fb:53:e9:3e:38:c5:d2:9b:31:97:5d:f0:
         fa:2f:05:78:99:53:e6:c1:d6:7c:ff:cf:df:e0:93:99:d4:82:
         54:d9:76:2a:1b:0a:5b:a2:fe:b9:44:27:57:b0:65:8e:83:44:
         b2:89:58:b1:38:3e:8e:58:b5:99:ab:74:64:b8:fc:4a:b1:d1:
         89:7d:74:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XEN2uKWnTKWzWF8PUgMrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZjNmNzZlM2VjZWYyNDk3ZTExM2VhM2JiYWViODUzZjYy
ZjU4ZmUwHhcNMjYwMTAyMDYxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhiMDA4NzdjNjQ2Y2E1YmNmZjU0NzhjYTA5OWVjYTYyMGE1YzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDMOAvxT1RBjDRN8hkEY6raio26t
fIWoo+3zLg8emiaUOceAMXdyZ0QNRxAcGnJGutL8Q92DoU/qkOc/NDmJG20TRBBZ
EKcabe3mMB+PpfB25T3k8aBMqnnsnjBld9PBrCBwA+EHCJyJQIGepdJJHMtYQWVx
3Qr5jCV9AGpXUuWxVP3PQb9TQ79wRW3yXAm5efzc8VjnFIH77KWBdvMf8xJxToJX
B+xMQpPIhWoPW/dySMA3n0tbfvOKM14yCTQi+jMSi6We5TK6MPPVXIE0q8UUylgk
5XBBiy5V9Fuwpz9p8lT41v4AIToZoETUmMnxV2wEkuLDWKuXpfps9BHPNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuLAId8ZGylvP9UeMoJnspiClwqMB8GA1UdIwQY
MBaAFKTz924+zvJJfhE+o7uuuFP2L1j+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBQM2JqN084a2wtRVQ2anU2NjRVX1l2V1A0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kNmM1NWEtODYyOC00MjlmLWEyZWMt
NGYyYzE5YmQ1NGQ3LzEvTzRzQWgzeGtiS1c4XzFSNHlnbWV5bUlLWENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kNmM1NWEtODYyOC00MjlmLWEyZWMtNGYyYzE5YmQ1NGQ3
LzEvcFBQM2JqN084a2wtRVQ2anU2NjRVX1l2V1A0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmZmMA0G
CSqGSIb3DQEBCwUAA4IBAQBcjxFQUTj4etaVPu2qBf1VCEEfylqwVKkYalJRmLb8
CVdxzzAMPnf/Ks25qV9pA38zG7Os9LE89MpyFz6BYaZoRKfkfickmMZCDbg4UHRZ
n9jF1GbEVZEoynnioixBuP5OJSVn1kK5326L27itr7bq7YSf4V7X2cIQJSqPHCND
4p2JyfNhR0AsGsxarfKQdKGaGJfi9jRiZvtP4qorIC14GkeM58vKtIJT11GKEWSI
pZn3iy10GbIHLOf7U+k+OMXSmzGXXfD6LwV4mVPmwdZ8/8/f4JOZ1IJU2XYqGwpb
ov65RCdXsGWOg0SyiVixOD6OWLWZq3RkuPxKsdGJfXSL
-----END CERTIFICATE-----