This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bROvODYcy6wtKLCkE4gVtDpHT3E.roa
File:                     bROvODYcy6wtKLCkE4gVtDpHT3E.roa (raw, json)
Hash identifier:          lHfPXCG+0uLXf5HeyoVAytSQA3wBc/Yb4lxRpjjqjsk=
Subject key identifier:   6D:13:AF:38:36:1C:CB:AC:2D:28:B0:A4:13:88:15:B4:3A:47:4F:71
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A335B7B01E79FF2A0E21F551674062
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bROvODYcy6wtKLCkE4gVtDpHT3E.roa
Signing time:             Thu 01 Jan 2026 08:18:40 +0000
ROA not before:           Thu 01 Jan 2026 08:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208626
IP address blocks:        94.156.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:35:b7:b0:1e:79:ff:2a:0e:21:f5:51:67:40:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d13af38361ccbac2d28b0a4138815b43a474f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ab:60:8a:4f:de:e5:1b:ec:26:f2:70:f2:e8:
                    e8:a3:55:d2:f7:86:e9:6e:56:47:97:b9:69:71:4f:
                    98:f5:41:af:3e:46:7a:f4:10:fa:c5:af:e6:b9:b6:
                    66:f2:03:e0:6f:da:bc:ad:e9:c5:3c:5f:94:fa:45:
                    17:ec:d3:f6:fa:b6:df:cc:86:28:4a:99:ed:ec:1d:
                    65:7f:84:0e:ea:16:dd:5b:1f:cf:e1:2b:6a:40:6c:
                    5c:db:ea:a1:19:de:44:25:9c:c8:8a:15:66:2a:36:
                    b9:8f:53:97:80:41:54:5c:68:6a:94:70:16:24:08:
                    25:f9:67:9a:a6:45:0b:d7:f0:b8:f1:e7:87:31:ce:
                    13:9b:af:02:bc:f5:5f:c8:81:ac:65:be:c8:45:2b:
                    ed:d3:29:d3:95:4c:c5:62:40:69:f3:de:32:5d:6b:
                    0b:f4:4c:fb:f6:64:4a:94:6e:5a:0c:53:18:8e:00:
                    87:3d:1a:8e:78:7f:40:71:cb:19:af:ba:4f:93:f1:
                    b1:6d:a4:ce:f3:11:f9:47:8c:7a:52:4a:18:e6:7a:
                    9c:dd:c8:ae:30:7e:7a:9f:89:69:53:16:82:e3:6f:
                    c0:15:5a:10:e6:23:1d:2a:a1:76:6f:e2:fd:92:4e:
                    d5:dc:34:75:df:f5:c8:6b:84:15:9d:f1:3b:87:8e:
                    d1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:13:AF:38:36:1C:CB:AC:2D:28:B0:A4:13:88:15:B4:3A:47:4F:71
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bROvODYcy6wtKLCkE4gVtDpHT3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:b1:95:1d:25:83:4d:9e:3d:93:75:4c:5e:34:36:58:a5:9f:
         87:90:4d:a3:7b:93:0d:3d:39:65:a3:a7:98:f9:27:e9:a0:24:
         a1:e4:e7:5c:ea:fc:84:1e:e1:f3:a5:64:9f:73:d8:a5:fd:fa:
         1f:80:9d:4a:a2:97:71:eb:90:85:2a:de:9e:91:c1:b2:e0:91:
         76:14:ac:ba:d6:b4:7f:ad:57:d9:e2:4c:17:ba:43:0f:d1:eb:
         70:e4:23:72:aa:bb:6a:68:c5:44:e9:0e:0f:9e:63:b8:03:b4:
         98:af:d2:44:bd:16:b9:fd:46:cb:49:78:53:11:38:2c:81:de:
         bf:f0:a5:61:07:33:4e:e9:a4:32:f4:ad:77:be:e2:9a:17:8e:
         c2:e5:60:8d:17:a6:d4:5b:85:76:b4:5b:14:05:64:37:7d:c4:
         f8:f4:22:55:ad:1e:54:31:24:1b:85:9f:3c:9f:d1:18:b8:8e:
         9a:b6:26:cc:5b:45:7b:4d:e2:43:fb:a8:91:60:fb:a4:58:15:
         7d:bc:c6:4b:a7:88:f4:62:c9:68:a7:6c:5e:43:d2:14:4d:3a:
         e2:09:ee:68:87:cb:6d:8e:9a:90:10:90:01:d6:e2:62:3b:99:
         e5:e3:14:bc:5a:a3:10:6a:61:7a:f8:3e:a9:b9:27:a5:67:96:
         1c:1b:3a:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ozW3sB55/yoOIfVRZ0BiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDEzYWYzODM2MWNjYmFjMmQyOGIwYTQxMzg4MTViNDNhNDc0ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlatgik/e5RvsJvJw8ujoo1XS94bp
blZHl7lpcU+Y9UGvPkZ69BD6xa/mubZm8gPgb9q8renFPF+U+kUX7NP2+rbfzIYo
Spnt7B1lf4QO6hbdWx/P4StqQGxc2+qhGd5EJZzIihVmKja5j1OXgEFUXGhqlHAW
JAgl+WeapkUL1/C48eeHMc4Tm68CvPVfyIGsZb7IRSvt0ynTlUzFYkBp894yXWsL
9Ez79mRKlG5aDFMYjgCHPRqOeH9AccsZr7pPk/GxbaTO8xH5R4x6UkoY5nqc3ciu
MH56n4lpUxaC42/AFVoQ5iMdKqF2b+L9kk7V3DR13/XIa4QVnfE7h47RjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0Trzg2HMusLSiwpBOIFbQ6R09xMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYlJPdk9EWWN5Nnd0S0xDa0U0Z1Z0RHBIVDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpwCMA0G
CSqGSIb3DQEBCwUAA4IBAQCtsZUdJYNNnj2TdUxeNDZYpZ+HkE2je5MNPTllo6eY
+SfpoCSh5Odc6vyEHuHzpWSfc9il/fofgJ1Kopdx65CFKt6ekcGy4JF2FKy61rR/
rVfZ4kwXukMP0etw5CNyqrtqaMVE6Q4PnmO4A7SYr9JEvRa5/UbLSXhTETgsgd6/
8KVhBzNO6aQy9K13vuKaF47C5WCNF6bUW4V2tFsUBWQ3fcT49CJVrR5UMSQbhZ88
n9EYuI6atibMW0V7TeJD+6iRYPukWBV9vMZLp4j0Yslop2xeQ9IUTTriCe5oh8tt
jpqQEJAB1uJiO5nl4xS8WqMQamF6+D6puSelZ5YcGzqI
-----END CERTIFICATE-----