This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/OKfVJiOZcBF7lwrejSVbnp-mJlM.roa
File:                     OKfVJiOZcBF7lwrejSVbnp-mJlM.roa (raw, json)
Hash identifier:          Xi8UZye71hwHlDGIb4Ds6g7ARS6UAoAe2f0dvg0x25c=
Subject key identifier:   38:A7:D5:26:23:99:70:11:7B:97:0A:DE:8D:25:5B:9E:9F:A6:26:53
Certificate issuer:       /CN=3c2c854011140a10947da7b53bbb350f3c54b33e
Certificate serial:       019B7C12507855545EDEF9D9DA7DF18EF16A
Authority key identifier: 3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/OKfVJiOZcBF7lwrejSVbnp-mJlM.roa
Signing time:             Fri 02 Jan 2026 00:18:53 +0000
ROA not before:           Fri 02 Jan 2026 00:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205873
IP address blocks:        193.35.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:50:78:55:54:5e:de:f9:d9:da:7d:f1:8e:f1:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c2c854011140a10947da7b53bbb350f3c54b33e
        Validity
            Not Before: Jan  2 00:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38a7d526239970117b970ade8d255b9e9fa62653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:20:10:fc:6e:a7:92:69:ce:fe:17:a0:a7:3a:
                    b2:b7:82:fe:0a:d2:d2:47:67:fb:3d:83:ba:b7:44:
                    b8:90:e4:e9:50:d0:28:f6:02:49:f5:61:c0:5b:7d:
                    f5:55:f9:ba:16:09:b3:8b:60:d9:92:47:aa:73:dc:
                    42:04:05:8b:ff:d2:92:5a:34:01:59:4f:da:90:5c:
                    c2:86:87:46:c6:72:75:7b:17:fa:2a:b5:d6:4c:6f:
                    cc:1d:29:59:25:35:76:ba:22:eb:15:36:40:b3:f3:
                    2c:a4:2c:9e:6d:12:97:32:e8:ba:41:40:b9:ec:60:
                    c0:8d:24:75:3f:30:02:be:9d:68:60:a3:0c:3f:ce:
                    f1:be:82:52:96:92:c2:a8:5d:ef:2d:3e:c6:55:21:
                    1a:23:af:b3:9d:b8:72:2f:a2:c9:d5:2e:32:4f:e1:
                    2e:f7:72:1b:00:3a:a3:9c:7c:b4:b5:7a:b1:3e:af:
                    d0:92:2d:ef:50:d5:b3:37:15:be:0c:48:f2:cb:11:
                    1a:19:9c:b1:14:38:8f:3e:ba:03:fd:f0:63:c0:5d:
                    9e:6a:27:b6:7b:8d:c5:39:85:3b:5b:2a:a4:95:20:
                    36:b9:0d:ce:e9:e1:49:ed:50:12:2b:d9:9d:b7:42:
                    3a:bb:87:3e:59:0b:33:a4:44:34:f6:99:4e:d9:88:
                    19:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:A7:D5:26:23:99:70:11:7B:97:0A:DE:8D:25:5B:9E:9F:A6:26:53
            X509v3 Authority Key Identifier:
                keyid:3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/OKfVJiOZcBF7lwrejSVbnp-mJlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:73:c3:96:e0:aa:f3:89:92:a5:be:69:6b:32:56:86:1b:30:
         60:7a:08:5e:da:cb:dd:a2:c9:ee:55:9a:b3:a5:65:4d:8e:38:
         0f:51:65:3c:2a:f9:63:e4:25:8b:32:d1:6a:74:ff:08:c2:b3:
         f4:4a:49:2b:0c:8c:04:6a:4a:93:22:bb:e7:ad:f9:12:f7:27:
         0b:de:23:f6:c5:06:d6:05:d1:6c:cd:ea:39:90:90:7c:f6:90:
         78:dc:e0:45:0d:37:57:4a:80:d6:98:2e:6c:00:c3:90:8b:eb:
         55:64:e5:9c:76:bd:f5:2c:f9:66:b8:07:aa:2e:6a:c6:9f:01:
         25:e3:61:e4:d0:87:c6:2e:44:c7:48:e6:a7:2f:4c:d7:45:f2:
         e9:25:81:37:35:81:bd:f7:d8:55:55:e0:41:b4:7d:9d:97:73:
         0d:19:0e:29:15:87:94:f1:e5:ce:20:51:7f:ae:6c:ec:2c:98:
         5c:be:7e:b9:e7:45:d8:a9:3b:80:07:a7:a3:20:83:11:f3:2f:
         d3:cd:f6:35:63:f8:f2:6d:5f:fb:b9:e8:fd:a8:72:8d:60:7c:
         5a:c4:ca:47:84:f4:35:8b:0b:2b:9e:c7:ff:56:36:cd:1c:3e:
         1b:06:4f:89:2f:b6:a5:8b:04:f4:7e:cc:7c:b4:57:84:fb:1e:
         26:62:f0:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ElB4VVRe3vnZ2n3xjvFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMmM4NTQwMTExNDBhMTA5NDdkYTdiNTNiYmIzNTBmM2M1
NGIzM2UwHhcNMjYwMTAyMDAxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGE3ZDUyNjIzOTk3MDExN2I5NzBhZGU4ZDI1NWI5ZTlmYTYyNjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviAQ/G6nkmnO/hegpzqyt4L+CtLS
R2f7PYO6t0S4kOTpUNAo9gJJ9WHAW331Vfm6Fgmzi2DZkkeqc9xCBAWL/9KSWjQB
WU/akFzChodGxnJ1exf6KrXWTG/MHSlZJTV2uiLrFTZAs/MspCyebRKXMui6QUC5
7GDAjSR1PzACvp1oYKMMP87xvoJSlpLCqF3vLT7GVSEaI6+znbhyL6LJ1S4yT+Eu
93IbADqjnHy0tXqxPq/Qki3vUNWzNxW+DEjyyxEaGZyxFDiPProD/fBjwF2eaie2
e43FOYU7WyqklSA2uQ3O6eFJ7VASK9mdt0I6u4c+WQszpEQ09plO2YgZiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDin1SYjmXARe5cK3o0lW56fpiZTMB8GA1UdIwQY
MBaAFDwshUARFAoQlH2ntTu7NQ88VLM+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYt
YjViYmQwYjVlMGFhLzEvT0tmVkppT1pjQkY3bHdyZWpTVmJucC1tSmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYtYjViYmQwYjVlMGFh
LzEvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSM9MA0G
CSqGSIb3DQEBCwUAA4IBAQAGc8OW4KrziZKlvmlrMlaGGzBgeghe2svdosnuVZqz
pWVNjjgPUWU8Kvlj5CWLMtFqdP8IwrP0SkkrDIwEakqTIrvnrfkS9ycL3iP2xQbW
BdFszeo5kJB89pB43OBFDTdXSoDWmC5sAMOQi+tVZOWcdr31LPlmuAeqLmrGnwEl
42Hk0IfGLkTHSOanL0zXRfLpJYE3NYG999hVVeBBtH2dl3MNGQ4pFYeU8eXOIFF/
rmzsLJhcvn6550XYqTuAB6ejIIMR8y/TzfY1Y/jybV/7uej9qHKNYHxaxMpHhPQ1
iwsrnsf/VjbNHD4bBk+JL7aliwT0fsx8tFeE+x4mYvAD
-----END CERTIFICATE-----