This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/Bf1ICiFWHnqDiPMjiau8ZWQ7k-k.roa
File:                     Bf1ICiFWHnqDiPMjiau8ZWQ7k-k.roa (raw, json)
Hash identifier:          YEYPYSN2Ox9vi1nDDFcsvGXIuVBfRDtl1tK03TttRWQ=
Subject key identifier:   05:FD:48:0A:21:56:1E:7A:83:88:F3:23:89:AB:BC:65:64:3B:93:E9
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       019B77C749DB507F078A5D1BAC3A43A22D1C
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/Bf1ICiFWHnqDiPMjiau8ZWQ7k-k.roa
Signing time:             Thu 01 Jan 2026 04:18:27 +0000
ROA not before:           Thu 01 Jan 2026 04:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        45.159.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 16:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:49:db:50:7f:07:8a:5d:1b:ac:3a:43:a2:2d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Jan  1 04:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05fd480a21561e7a8388f32389abbc65643b93e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a2:84:fa:c8:1a:8c:01:40:4f:1b:0a:9f:43:
                    92:7b:2c:a1:01:57:c7:7a:ec:3e:fe:d6:f6:48:6f:
                    8f:0c:6e:2c:bc:28:17:98:0e:97:eb:9e:df:d6:c7:
                    9a:ab:fe:5b:b3:8c:fe:ee:ce:c1:59:0d:86:58:77:
                    ad:3f:2e:d2:91:71:9d:46:4d:70:3d:7c:07:de:b7:
                    d7:e2:42:ad:ae:2c:bc:79:eb:4e:7a:db:79:f6:61:
                    ee:62:19:46:13:2f:91:cc:8d:65:3b:54:5c:bc:7f:
                    51:87:2d:69:53:92:f9:57:ac:40:54:5c:b5:10:61:
                    9d:96:81:77:06:79:27:2a:8f:a6:2f:be:9f:b2:3c:
                    14:f3:12:19:8f:cd:5e:3e:a6:30:a0:ad:ea:2b:da:
                    a2:80:1f:d4:c6:04:43:ff:90:53:8d:2b:eb:0f:19:
                    c7:78:54:a7:54:f5:75:0d:01:b1:ac:1b:47:f5:ef:
                    51:e1:d7:cd:a9:70:98:19:67:72:51:07:ea:a7:e9:
                    77:cb:b8:25:0f:9d:5b:bd:73:6e:75:ae:32:3b:d3:
                    80:86:3b:ff:3d:3f:05:29:c1:03:af:ae:b4:ff:6e:
                    4a:04:71:1d:20:1c:b0:59:2b:dd:32:81:88:c2:60:
                    fd:4b:6c:60:ac:92:b4:9b:d0:19:86:85:87:4f:e7:
                    6b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:FD:48:0A:21:56:1E:7A:83:88:F3:23:89:AB:BC:65:64:3B:93:E9
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/Bf1ICiFWHnqDiPMjiau8ZWQ7k-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:a3:99:99:88:ce:17:4b:57:77:40:14:0e:22:5a:33:7d:4b:
         f8:e8:ab:f3:de:0a:ab:06:ac:9e:1b:93:4e:c3:82:cf:00:98:
         16:63:bb:f2:7b:3d:64:43:75:b0:03:46:aa:4e:e1:55:23:30:
         36:ac:a9:4f:d3:ba:4f:95:76:37:a2:7c:56:ee:31:aa:a9:ea:
         5b:62:94:8f:4f:9e:d7:48:c5:36:32:ea:d0:55:d3:b5:31:80:
         ef:e6:20:20:2a:2e:15:c5:8d:7a:d7:d9:33:d0:d6:c6:95:c2:
         bc:8a:68:4c:67:c4:78:e3:d6:67:03:98:49:64:39:f2:55:06:
         60:2e:f1:21:02:6b:c6:1b:db:62:79:aa:f4:08:8e:08:31:75:
         b1:86:d0:c4:66:66:1f:e4:89:49:1f:c4:ee:2a:a5:6c:e9:35:
         af:29:0d:1b:04:de:37:19:44:a3:ed:a3:66:4f:c0:f7:90:7d:
         8e:54:e2:60:be:28:d0:0e:9c:de:81:1e:bc:e7:df:d2:63:e7:
         33:59:ad:91:48:16:1e:dc:e5:a6:74:2e:66:7b:91:ad:29:d7:
         ed:e1:2b:36:e8:05:07:07:a2:c6:59:6a:78:08:0f:2a:db:ea:
         b0:df:4f:44:e9:7a:f4:d2:b7:07:10:e2:74:44:4d:2f:09:eb:
         bd:88:41:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x0nbUH8Hil0brDpDoi0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjYwMTAxMDQxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWZkNDgwYTIxNTYxZTdhODM4OGYzMjM4OWFiYmM2NTY0M2I5M2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qKE+sgajAFATxsKn0OSeyyhAVfH
euw+/tb2SG+PDG4svCgXmA6X657f1seaq/5bs4z+7s7BWQ2GWHetPy7SkXGdRk1w
PXwH3rfX4kKtriy8eetOett59mHuYhlGEy+RzI1lO1RcvH9Rhy1pU5L5V6xAVFy1
EGGdloF3BnknKo+mL76fsjwU8xIZj81ePqYwoK3qK9qigB/UxgRD/5BTjSvrDxnH
eFSnVPV1DQGxrBtH9e9R4dfNqXCYGWdyUQfqp+l3y7glD51bvXNuda4yO9OAhjv/
PT8FKcEDr660/25KBHEdIBywWSvdMoGIwmD9S2xgrJK0m9AZhoWHT+dr1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAX9SAohVh56g4jzI4mrvGVkO5PpMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvQmYxSUNpRldIbnFEaVBNamlhdThaV1E3ay1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ8OMA0G
CSqGSIb3DQEBCwUAA4IBAQAho5mZiM4XS1d3QBQOIlozfUv46Kvz3gqrBqyeG5NO
w4LPAJgWY7vyez1kQ3WwA0aqTuFVIzA2rKlP07pPlXY3onxW7jGqqepbYpSPT57X
SMU2MurQVdO1MYDv5iAgKi4VxY1619kz0NbGlcK8imhMZ8R449ZnA5hJZDnyVQZg
LvEhAmvGG9tiear0CI4IMXWxhtDEZmYf5IlJH8TuKqVs6TWvKQ0bBN43GUSj7aNm
T8D3kH2OVOJgvijQDpzegR6859/SY+czWa2RSBYe3OWmdC5me5GtKdft4Ss26AUH
B6LGWWp4CA8q2+qw309E6Xr00rcHEOJ0RE0vCeu9iEEj
-----END CERTIFICATE-----