This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/BHtYTKXAhvuK5qQH2dMZrKgOMHg.roa
File:                     BHtYTKXAhvuK5qQH2dMZrKgOMHg.roa (raw, json)
Hash identifier:          x0aDgSbM0k6Qn4DXz0HQEQO8d3rc25aCpgfGk0kEatY=
Subject key identifier:   04:7B:58:4C:A5:C0:86:FB:8A:E6:A4:07:D9:D3:19:AC:A8:0E:30:78
Certificate issuer:       /CN=eb153da3c24ce1236e20c46861635dc8efb56a92
Certificate serial:       019B7E374A9ADEFC70868C58BE86B67A3897
Authority key identifier: EB:15:3D:A3:C2:4C:E1:23:6E:20:C4:68:61:63:5D:C8:EF:B5:6A:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6xU9o8JM4SNuIMRoYWNdyO-1apI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/BHtYTKXAhvuK5qQH2dMZrKgOMHg.roa
Signing time:             Fri 02 Jan 2026 10:18:31 +0000
ROA not before:           Fri 02 Jan 2026 10:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8708
IP address blocks:        193.201.20.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6xU9o8JM4SNuIMRoYWNdyO-1apI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:4a:9a:de:fc:70:86:8c:58:be:86:b6:7a:38:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb153da3c24ce1236e20c46861635dc8efb56a92
        Validity
            Not Before: Jan  2 10:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=047b584ca5c086fb8ae6a407d9d319aca80e3078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a7:1e:53:13:c8:97:85:e9:70:e2:de:6f:55:
                    aa:fe:b8:f4:67:15:1b:a0:26:01:3b:e4:2f:99:d8:
                    9a:89:06:5f:57:16:5e:ae:9b:62:97:4a:83:28:3d:
                    fc:cf:03:1f:e8:4f:a4:56:00:91:0d:6f:f1:d4:91:
                    05:0a:bd:61:5b:20:70:ae:7f:4f:4c:4b:4b:3d:14:
                    e5:bf:d7:75:a0:f6:4d:ae:6e:52:dc:5d:5c:9d:cd:
                    0e:6d:cf:59:df:1b:f3:26:11:21:07:4e:c5:af:0d:
                    30:20:3a:03:0c:f7:db:95:26:53:57:db:c4:eb:1c:
                    50:2c:36:ab:d6:44:50:9a:ba:c6:f9:13:de:01:ba:
                    58:b0:f6:b0:47:87:bf:39:a3:7f:4b:19:b4:9d:08:
                    6d:40:7c:41:e0:ac:48:06:be:21:f1:64:8d:0c:4d:
                    e3:3b:80:a7:7e:97:d2:2e:5b:39:b8:10:8a:7b:08:
                    08:66:39:d8:94:9f:ed:03:9a:34:80:4d:60:d8:20:
                    ea:94:37:62:0e:17:db:99:69:ca:db:73:76:05:a2:
                    70:dc:42:4f:00:20:a2:4c:e5:d2:7f:41:b4:51:f2:
                    bd:fc:f5:36:69:69:8e:a8:e6:ce:c1:16:fe:5d:2f:
                    9e:2d:bb:57:5c:65:1f:1b:a8:1e:9e:1c:4b:0b:fd:
                    ce:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:7B:58:4C:A5:C0:86:FB:8A:E6:A4:07:D9:D3:19:AC:A8:0E:30:78
            X509v3 Authority Key Identifier:
                keyid:EB:15:3D:A3:C2:4C:E1:23:6E:20:C4:68:61:63:5D:C8:EF:B5:6A:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6xU9o8JM4SNuIMRoYWNdyO-1apI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/BHtYTKXAhvuK5qQH2dMZrKgOMHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:30:3e:51:b6:0d:70:49:a9:1a:bc:d0:88:23:2b:37:84:60:
         e4:53:80:a2:a1:38:d2:bc:ab:8b:77:65:0a:2c:1a:3a:2d:77:
         b4:32:d2:8b:98:19:ae:81:f4:c7:90:40:0e:c4:6f:0a:48:f8:
         05:18:8e:4b:a6:a5:0c:8a:af:52:7f:7d:2a:7b:37:64:d5:0b:
         d2:1b:d6:1b:92:a1:14:57:e9:e7:41:3c:73:a0:3a:fd:04:b6:
         fd:90:88:7a:1a:43:e8:7d:36:7e:0a:e5:bf:ac:4d:41:04:1a:
         83:7c:ac:12:35:f2:9b:d4:a7:03:b5:09:83:7d:45:52:1b:46:
         2c:bc:b0:f9:8d:58:53:2f:3a:0d:30:0a:a8:6d:70:0c:87:55:
         f4:ad:23:04:d7:ee:26:9f:f5:26:33:6d:b5:6f:98:22:a1:04:
         1b:5f:01:8d:2d:ce:5a:1e:95:2f:8c:d2:c4:d2:27:a2:f1:01:
         b5:41:8a:dd:03:2f:b2:c5:58:14:57:a8:b6:f8:71:55:b7:9c:
         2a:e4:5a:d1:b1:b1:75:e4:6c:1b:ed:11:25:2d:a8:1d:4e:8a:
         8a:c8:a6:32:22:65:4d:5e:8f:c0:84:d1:f3:51:3d:de:3f:35:
         ce:dc:4c:43:60:c2:b4:38:30:1c:f7:bb:12:98:89:03:f6:39:
         0b:a6:46:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N0qa3vxwhoxYvoa2ejiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMTUzZGEzYzI0Y2UxMjM2ZTIwYzQ2ODYxNjM1ZGM4ZWZi
NTZhOTIwHhcNMjYwMTAyMTAxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDdiNTg0Y2E1YzA4NmZiOGFlNmE0MDdkOWQzMTlhY2E4MGUzMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaceUxPIl4XpcOLeb1Wq/rj0ZxUb
oCYBO+QvmdiaiQZfVxZerptil0qDKD38zwMf6E+kVgCRDW/x1JEFCr1hWyBwrn9P
TEtLPRTlv9d1oPZNrm5S3F1cnc0Obc9Z3xvzJhEhB07Frw0wIDoDDPfblSZTV9vE
6xxQLDar1kRQmrrG+RPeAbpYsPawR4e/OaN/Sxm0nQhtQHxB4KxIBr4h8WSNDE3j
O4CnfpfSLls5uBCKewgIZjnYlJ/tA5o0gE1g2CDqlDdiDhfbmWnK23N2BaJw3EJP
ACCiTOXSf0G0UfK9/PU2aWmOqObOwRb+XS+eLbtXXGUfG6genhxLC/3O/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR7WEylwIb7iuakB9nTGayoDjB4MB8GA1UdIwQY
MBaAFOsVPaPCTOEjbiDEaGFjXcjvtWqSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnhVOW84Sk00U051SU1Sb1lXTmR5Ty0xYXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80YmIwNjctYzM2NS00NTJlLWE5M2Ut
MzlkYTFhZThiNzMxLzEvQkh0WVRLWEFodnVLNXFRSDJkTVpyS2dPTUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80YmIwNjctYzM2NS00NTJlLWE5M2UtMzlkYTFhZThiNzMx
LzEvNnhVOW84Sk00U051SU1Sb1lXTmR5Ty0xYXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwckUMA0G
CSqGSIb3DQEBCwUAA4IBAQBjMD5Rtg1wSakavNCIIys3hGDkU4CioTjSvKuLd2UK
LBo6LXe0MtKLmBmugfTHkEAOxG8KSPgFGI5LpqUMiq9Sf30qezdk1QvSG9YbkqEU
V+nnQTxzoDr9BLb9kIh6GkPofTZ+CuW/rE1BBBqDfKwSNfKb1KcDtQmDfUVSG0Ys
vLD5jVhTLzoNMAqobXAMh1X0rSME1+4mn/UmM221b5gioQQbXwGNLc5aHpUvjNLE
0iei8QG1QYrdAy+yxVgUV6i2+HFVt5wq5FrRsbF15Gwb7RElLagdToqKyKYyImVN
Xo/AhNHzUT3ePzXO3ExDYMK0ODAc97sSmIkD9jkLpkY6
-----END CERTIFICATE-----