This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BSFgZnrBl9NuclTp9exqNDOAyNQ.roa
File:                     BSFgZnrBl9NuclTp9exqNDOAyNQ.roa (raw, json)
Hash identifier:          V5ilYgMywJtXbKL/PQ2Njfx1Fp3OazvHSmDmZ7KdSZ8=
Subject key identifier:   05:21:60:66:7A:C1:97:D3:6E:72:54:E9:F5:EC:6A:34:33:80:C8:D4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E393E0B94421BD6FA12C264051CABC5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BSFgZnrBl9NuclTp9exqNDOAyNQ.roa
Signing time:             Fri 02 Jan 2026 10:20:39 +0000
ROA not before:           Fri 02 Jan 2026 10:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214311
IP address blocks:        163.5.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:3e:0b:94:42:1b:d6:fa:12:c2:64:05:1c:ab:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=052160667ac197d36e7254e9f5ec6a343380c8d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:50:28:3f:29:09:d0:9a:d6:8b:29:bd:69:db:
                    2c:e6:c1:83:28:22:80:8b:7a:ed:19:05:34:2a:a5:
                    98:7c:6a:76:05:0e:5c:95:f4:a5:7f:a2:7f:f1:68:
                    35:cf:93:17:33:f8:4b:7c:68:d2:d4:8f:6c:74:29:
                    57:02:93:a2:36:af:98:60:63:d2:2a:9d:9c:f0:a7:
                    f7:a5:81:ff:a9:47:c5:c8:95:98:72:ab:9a:67:a1:
                    d5:26:58:78:b1:5a:b0:65:a0:02:27:8e:57:62:5d:
                    07:21:71:8f:5f:82:5a:fb:f6:44:29:d4:17:06:aa:
                    00:06:b0:f5:15:7c:81:2b:93:57:a4:3f:27:74:a9:
                    01:e2:0b:b7:ce:ec:17:6c:d0:76:9e:6e:d2:d7:07:
                    cd:81:40:ac:af:88:4e:9e:60:68:17:f4:da:ae:1d:
                    26:9c:2e:3c:a3:ee:3d:19:3f:c4:bb:77:6d:54:43:
                    a7:8f:a1:18:ae:29:04:0a:53:4a:9a:da:61:e7:8b:
                    9a:f8:0f:a5:7b:00:26:bb:f1:68:57:68:5a:ae:28:
                    e2:df:12:9e:31:c0:51:92:bc:e3:4b:4c:cc:bc:f0:
                    67:89:56:d7:bc:6a:e6:63:c2:ee:99:eb:fb:4f:b3:
                    a5:82:67:be:bd:3b:0d:92:fc:26:3a:f5:b6:7d:3f:
                    d1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:21:60:66:7A:C1:97:D3:6E:72:54:E9:F5:EC:6A:34:33:80:C8:D4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BSFgZnrBl9NuclTp9exqNDOAyNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:4f:04:50:e1:ab:0a:52:61:41:34:bd:c6:20:ab:df:8f:b5:
         39:4c:7a:38:9e:d5:d1:b7:91:f9:57:55:a5:fa:93:33:4f:09:
         e2:6a:1e:b6:d2:85:da:9d:7c:00:44:9f:34:c7:50:e7:03:b7:
         08:4f:91:2e:e4:4e:40:ec:d6:d8:14:9b:50:7b:fa:0d:76:07:
         12:b9:1a:9b:61:79:75:0b:ee:05:f5:7a:41:e0:ad:be:e0:d4:
         f7:e5:1f:53:b4:75:ee:71:c1:4b:7c:a2:b6:b7:d4:fc:ef:9d:
         24:b7:9c:12:14:d9:03:d4:80:ed:45:91:c0:8f:18:74:d6:32:
         5d:05:9d:08:7d:33:6d:89:e8:ff:61:6c:31:fa:11:d9:76:85:
         2f:98:a3:5e:0d:31:40:23:3d:50:79:66:7d:6b:07:b7:e5:e3:
         17:b4:ba:53:13:46:c7:a7:2e:6f:44:bf:64:09:f5:0e:8a:9a:
         9e:15:0a:7c:d7:be:16:ae:39:4a:e6:84:b2:f7:af:5c:4d:66:
         12:7b:f2:36:3d:50:4a:ee:8f:b1:1f:f6:13:77:b4:e5:e5:aa:
         c5:be:5a:b0:74:72:42:04:7e:5c:8d:36:99:17:cb:ca:22:6d:
         b4:6c:9b:cf:3f:28:8f:42:10:98:fd:61:b8:f7:fd:49:3c:cf:
         b2:d3:65:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OT4LlEIb1voSwmQFHKvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTIxNjA2NjdhYzE5N2QzNmU3MjU0ZTlmNWVjNmEzNDMzODBjOGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VAoPykJ0JrWiym9adss5sGDKCKA
i3rtGQU0KqWYfGp2BQ5clfSlf6J/8Wg1z5MXM/hLfGjS1I9sdClXApOiNq+YYGPS
Kp2c8Kf3pYH/qUfFyJWYcquaZ6HVJlh4sVqwZaACJ45XYl0HIXGPX4Ja+/ZEKdQX
BqoABrD1FXyBK5NXpD8ndKkB4gu3zuwXbNB2nm7S1wfNgUCsr4hOnmBoF/Tarh0m
nC48o+49GT/Eu3dtVEOnj6EYrikEClNKmtph54ua+A+lewAmu/FoV2hariji3xKe
McBRkrzjS0zMvPBniVbXvGrmY8Lumev7T7Olgme+vTsNkvwmOvW2fT/RKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUhYGZ6wZfTbnJU6fXsajQzgMjUMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQlNGZ1puckJsOU51Y2xUcDlleHFORE9BeU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVtMA0G
CSqGSIb3DQEBCwUAA4IBAQAiTwRQ4asKUmFBNL3GIKvfj7U5THo4ntXRt5H5V1Wl
+pMzTwniah620oXanXwARJ80x1DnA7cIT5Eu5E5A7NbYFJtQe/oNdgcSuRqbYXl1
C+4F9XpB4K2+4NT35R9TtHXuccFLfKK2t9T8750kt5wSFNkD1IDtRZHAjxh01jJd
BZ0IfTNtiej/YWwx+hHZdoUvmKNeDTFAIz1QeWZ9awe35eMXtLpTE0bHpy5vRL9k
CfUOipqeFQp8174WrjlK5oSy969cTWYSe/I2PVBK7o+xH/YTd7Tl5arFvlqwdHJC
BH5cjTaZF8vKIm20bJvPPyiPQhCY/WG49/1JPM+y02WK
-----END CERTIFICATE-----