This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/bsA14uz-YOXsaSFd_5h3VNt_UOk.roa
File:                     bsA14uz-YOXsaSFd_5h3VNt_UOk.roa (raw, json)
Hash identifier:          IXOAQlZ/L2ESEYgfrmyIYrixLqYgar9WBc4G2uIdJEk=
Subject key identifier:   6E:C0:35:E2:EC:FE:60:E5:EC:69:21:5D:FF:98:77:54:DB:7F:50:E9
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019B7D5AA7CC36E411EEB2304AA8EE4E1ACB
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/bsA14uz-YOXsaSFd_5h3VNt_UOk.roa
Signing time:             Fri 02 Jan 2026 06:17:31 +0000
ROA not before:           Fri 02 Jan 2026 06:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213990
IP address blocks:        62.60.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:a7:cc:36:e4:11:ee:b2:30:4a:a8:ee:4e:1a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 06:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ec035e2ecfe60e5ec69215dff987754db7f50e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e3:82:6e:8c:ae:49:9e:23:bc:c6:d0:46:6d:
                    83:01:3d:61:3b:92:49:77:f4:c9:18:d0:43:c8:07:
                    5b:4d:96:91:f2:cb:17:e0:c9:28:ab:3f:97:bf:5c:
                    4b:53:f1:96:cc:43:72:f3:aa:a3:d8:6d:23:a8:4f:
                    45:75:ef:c3:06:20:c4:ad:ae:2f:75:c1:bc:4c:b0:
                    7f:ac:88:0f:91:1a:ce:90:8c:03:82:79:eb:9a:de:
                    c8:13:86:a7:50:46:52:18:ac:65:fe:4a:e6:94:81:
                    46:36:a0:02:5d:1f:37:11:be:1c:18:99:13:64:79:
                    b0:49:96:7d:50:18:02:0b:28:ff:70:34:3c:a6:58:
                    4c:33:e9:eb:77:18:c7:19:d7:f1:dc:49:30:60:93:
                    fc:b7:78:00:44:88:20:e3:7a:1a:71:71:f8:6a:b2:
                    a9:f8:7a:f1:c3:a0:12:9b:5a:2a:9c:2a:85:bd:f3:
                    fd:55:1a:7b:9b:fc:46:03:81:6c:66:f9:ac:5d:75:
                    9b:74:7c:ce:ba:cc:6c:08:5b:57:a9:21:73:af:38:
                    41:fa:44:18:15:40:8c:21:cd:61:a7:95:97:ad:34:
                    00:40:d9:ec:2a:4b:8f:f3:eb:cf:76:80:e3:e9:68:
                    c4:84:d1:ca:db:81:ce:0b:41:f4:25:65:15:2e:a3:
                    d6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C0:35:E2:EC:FE:60:E5:EC:69:21:5D:FF:98:77:54:DB:7F:50:E9
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/bsA14uz-YOXsaSFd_5h3VNt_UOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:e2:44:1c:5b:a4:f8:dd:d6:8f:34:92:59:d1:fd:51:eb:26:
         55:e8:9b:c2:14:5e:68:e4:69:78:6c:17:18:3d:e2:28:13:ba:
         35:23:a7:f9:a0:68:a9:3a:d6:f7:14:85:14:d0:a6:02:a9:dd:
         4e:23:72:8b:fa:19:ca:ae:b3:7d:30:8a:fa:9a:bf:75:3e:bd:
         9f:0d:70:5e:98:44:0d:65:67:31:31:76:a2:ae:51:65:cc:3a:
         64:c9:61:45:e2:0d:30:5e:f3:2d:d0:85:6d:81:6b:3f:58:7f:
         10:85:47:01:80:3a:11:f6:05:6e:fb:b4:9c:2f:7f:dd:07:ec:
         8c:d0:a5:26:76:4d:4f:a4:79:8a:10:a8:fd:54:3e:df:51:0b:
         fa:0f:01:db:ae:ec:99:4f:39:6a:f8:71:61:d6:ee:a8:c7:e7:
         e0:8d:7d:ac:04:b6:66:fb:7b:8a:f0:77:0e:f5:f7:ca:99:83:
         a4:42:60:86:5a:a5:81:af:71:e9:33:db:b5:11:63:e3:8f:4f:
         72:c9:62:35:19:f9:25:84:19:b2:82:02:25:c5:ef:50:71:60:
         04:38:2b:0a:2f:59:41:79:eb:b4:e5:14:fc:ac:dd:cd:03:44:
         0e:c4:ce:c7:83:33:2d:16:fb:bf:27:14:1b:32:ea:48:93:78:
         95:99:f4:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WqfMNuQR7rIwSqjuThrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjYwMTAyMDYxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWMwMzVlMmVjZmU2MGU1ZWM2OTIxNWRmZjk4Nzc1NGRiN2Y1MGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+OCboyuSZ4jvMbQRm2DAT1hO5JJ
d/TJGNBDyAdbTZaR8ssX4Mkoqz+Xv1xLU/GWzENy86qj2G0jqE9Fde/DBiDEra4v
dcG8TLB/rIgPkRrOkIwDgnnrmt7IE4anUEZSGKxl/krmlIFGNqACXR83Eb4cGJkT
ZHmwSZZ9UBgCCyj/cDQ8plhMM+nrdxjHGdfx3EkwYJP8t3gARIgg43oacXH4arKp
+Hrxw6ASm1oqnCqFvfP9VRp7m/xGA4FsZvmsXXWbdHzOusxsCFtXqSFzrzhB+kQY
FUCMIc1hp5WXrTQAQNnsKkuP8+vPdoDj6WjEhNHK24HOC0H0JWUVLqPWdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7ANeLs/mDl7GkhXf+Yd1Tbf1DpMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvYnNBMTR1ei1ZT1hzYVNGZF81aDNWTnRfVU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjyGMA0G
CSqGSIb3DQEBCwUAA4IBAQCd4kQcW6T43daPNJJZ0f1R6yZV6JvCFF5o5Gl4bBcY
PeIoE7o1I6f5oGipOtb3FIUU0KYCqd1OI3KL+hnKrrN9MIr6mr91Pr2fDXBemEQN
ZWcxMXairlFlzDpkyWFF4g0wXvMt0IVtgWs/WH8QhUcBgDoR9gVu+7ScL3/dB+yM
0KUmdk1PpHmKEKj9VD7fUQv6DwHbruyZTzlq+HFh1u6ox+fgjX2sBLZm+3uK8HcO
9ffKmYOkQmCGWqWBr3HpM9u1EWPjj09yyWI1GfklhBmyggIlxe9QcWAEOCsKL1lB
eeu05RT8rN3NA0QOxM7HgzMtFvu/JxQbMupIk3iVmfQX
-----END CERTIFICATE-----