This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/5de7fb-9488-4e84-83ca-14600d57808a/1/BCkDmJhYgCR9TE4jRqDw3_AqqdI.roa
File:                     BCkDmJhYgCR9TE4jRqDw3_AqqdI.roa (raw, json)
Hash identifier:          mNQmWHALaV0PGX2z6HR7E/b09jPkjPuON0y07SlXofA=
Subject key identifier:   04:29:03:98:98:58:80:24:7D:4C:4E:23:46:A0:F0:DF:F0:2A:A9:D2
Certificate issuer:       /CN=0db49122d9e9bbafa577f6447f21b8bec76c05f0
Certificate serial:       019B7B36D2EAE480D0E68AFF1382F8385982
Authority key identifier: 0D:B4:91:22:D9:E9:BB:AF:A5:77:F6:44:7F:21:B8:BE:C7:6C:05:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbSRItnpu6-ld_ZEfyG4vsdsBfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/5de7fb-9488-4e84-83ca-14600d57808a/1/BCkDmJhYgCR9TE4jRqDw3_AqqdI.roa
Signing time:             Thu 01 Jan 2026 20:19:08 +0000
ROA not before:           Thu 01 Jan 2026 20:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13128
IP address blocks:        141.15.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/5de7fb-9488-4e84-83ca-14600d57808a/1/DbSRItnpu6-ld_ZEfyG4vsdsBfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/5de7fb-9488-4e84-83ca-14600d57808a/1/DbSRItnpu6-ld_ZEfyG4vsdsBfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbSRItnpu6-ld_ZEfyG4vsdsBfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:d2:ea:e4:80:d0:e6:8a:ff:13:82:f8:38:59:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db49122d9e9bbafa577f6447f21b8bec76c05f0
        Validity
            Not Before: Jan  1 20:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04290398985880247d4c4e2346a0f0dff02aa9d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:72:b5:9b:b6:c1:2d:b2:79:c9:42:35:8f:a6:
                    73:e3:ea:02:9b:cf:5b:d3:55:23:e3:fb:c6:85:d3:
                    5a:1d:4c:83:dd:5e:04:26:49:59:1c:68:d1:c6:7b:
                    51:1b:f6:ee:7f:e7:3a:2c:a0:50:17:21:8a:11:b3:
                    00:04:32:79:b3:a9:19:c6:98:4d:86:cd:e7:d6:c1:
                    46:52:2a:a9:e1:e6:2c:9d:d3:fb:65:f5:d2:61:25:
                    d3:a4:bd:8e:d4:1d:f2:8d:42:83:c9:8b:bd:3d:ed:
                    95:ce:f2:d3:7a:d7:15:a0:ae:f6:04:e2:f4:bc:56:
                    8f:6e:b8:0d:67:7a:83:f4:07:2c:bd:60:6a:04:c7:
                    e8:0f:57:06:91:50:e5:3f:47:52:45:01:83:a4:be:
                    a0:06:f6:64:39:55:0f:cd:48:fb:c4:68:de:f1:72:
                    63:c5:d5:32:7d:11:a3:ba:0e:26:8f:7c:15:f9:76:
                    9a:af:15:1f:71:02:d9:b8:a2:e5:d9:f4:07:92:da:
                    3f:ea:59:cb:1f:58:6b:fb:c3:f3:fe:31:93:46:91:
                    eb:dd:15:4b:7d:e5:df:49:89:e4:0d:34:b8:e9:ee:
                    5a:53:67:23:3e:6f:07:d4:21:1a:5f:e0:53:94:05:
                    72:ee:66:4c:ea:4b:3a:56:57:96:67:6b:af:18:c9:
                    c9:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:29:03:98:98:58:80:24:7D:4C:4E:23:46:A0:F0:DF:F0:2A:A9:D2
            X509v3 Authority Key Identifier:
                keyid:0D:B4:91:22:D9:E9:BB:AF:A5:77:F6:44:7F:21:B8:BE:C7:6C:05:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbSRItnpu6-ld_ZEfyG4vsdsBfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5de7fb-9488-4e84-83ca-14600d57808a/1/BCkDmJhYgCR9TE4jRqDw3_AqqdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5de7fb-9488-4e84-83ca-14600d57808a/1/DbSRItnpu6-ld_ZEfyG4vsdsBfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.15.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:f1:14:a8:4f:ed:46:1d:21:74:f4:4d:2d:28:7b:c2:35:fe:
         a3:86:e0:74:ce:71:a3:1e:54:4e:ff:ec:7a:0b:f4:71:4a:a7:
         cf:d4:59:76:0c:a7:a8:49:98:a4:7f:e3:fa:ff:90:91:1b:12:
         a0:ba:f6:e7:dc:ae:61:f2:09:f0:fd:e0:1d:48:93:c8:75:a8:
         b8:69:49:3c:85:a0:eb:7d:46:e6:bc:e6:f0:55:22:1c:ac:5f:
         ef:19:8f:fb:f5:1d:f7:99:d7:93:f3:80:37:d5:9b:59:1f:e8:
         46:01:85:e1:1e:ce:a5:65:b3:6b:c1:13:95:ac:9e:af:63:41:
         8d:51:df:bb:bf:34:41:05:97:f0:f7:dd:00:28:d0:77:d1:3a:
         4c:fe:28:a9:ba:98:35:a3:50:9e:5b:e5:ef:a6:40:68:0e:a1:
         37:cb:a3:81:e1:9d:74:58:56:95:a1:2d:50:3f:d7:d2:fd:83:
         da:e8:06:ba:39:46:08:fb:26:22:38:c8:50:d3:02:49:c4:d6:
         bb:4e:cd:98:24:eb:f0:72:44:b3:50:cf:8c:60:0c:81:80:f7:
         9b:97:ef:ea:d3:00:c0:0a:06:69:81:85:33:13:69:94:2b:39:
         0b:a0:8e:66:11:10:ec:5f:7b:8a:17:b9:7b:46:50:db:6e:98:
         af:30:98:43
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7NtLq5IDQ5or/E4L4OFmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjQ5MTIyZDllOWJiYWZhNTc3ZjY0NDdmMjFiOGJlYzc2
YzA1ZjAwHhcNMjYwMTAxMjAxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDI5MDM5ODk4NTg4MDI0N2Q0YzRlMjM0NmEwZjBkZmYwMmFhOWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHK1m7bBLbJ5yUI1j6Zz4+oCm89b
01Uj4/vGhdNaHUyD3V4EJklZHGjRxntRG/buf+c6LKBQFyGKEbMABDJ5s6kZxphN
hs3n1sFGUiqp4eYsndP7ZfXSYSXTpL2O1B3yjUKDyYu9Pe2VzvLTetcVoK72BOL0
vFaPbrgNZ3qD9AcsvWBqBMfoD1cGkVDlP0dSRQGDpL6gBvZkOVUPzUj7xGje8XJj
xdUyfRGjug4mj3wV+XaarxUfcQLZuKLl2fQHkto/6lnLH1hr+8Pz/jGTRpHr3RVL
feXfSYnkDTS46e5aU2cjPm8H1CEaX+BTlAVy7mZM6ks6VleWZ2uvGMnJaQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAQpA5iYWIAkfUxOI0ag8N/wKqnSMB8GA1UdIwQY
MBaAFA20kSLZ6buvpXf2RH8huL7HbAXwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJTUkl0bnB1Ni1sZF9aRWZ5RzR2c2RzQmZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC81ZGU3ZmItOTQ4OC00ZTg0LTgzY2Et
MTQ2MDBkNTc4MDhhLzEvQkNrRG1KaFlnQ1I5VEU0alJxRHczX0FxcWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC81ZGU3ZmItOTQ4OC00ZTg0LTgzY2EtMTQ2MDBkNTc4MDhh
LzEvRGJTUkl0bnB1Ni1sZF9aRWZ5RzR2c2RzQmZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQ8wDQYJ
KoZIhvcNAQELBQADggEBAELxFKhP7UYdIXT0TS0oe8I1/qOG4HTOcaMeVE7/7HoL
9HFKp8/UWXYMp6hJmKR/4/r/kJEbEqC69ufcrmHyCfD94B1Ik8h1qLhpSTyFoOt9
Rua85vBVIhysX+8Zj/v1HfeZ15PzgDfVm1kf6EYBheEezqVls2vBE5Wsnq9jQY1R
37u/NEEFl/D33QAo0HfROkz+KKm6mDWjUJ5b5e+mQGgOoTfLo4HhnXRYVpWhLVA/
19L9g9roBro5Rgj7JiI4yFDTAknE1rtOzZgk6/ByRLNQz4xgDIGA95uX7+rTAMAK
BmmBhTMTaZQrOQugjmYREOxfe4oXuXtGUNtumK8wmEM=
-----END CERTIFICATE-----