This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bGJBzSxi5G9T19uOwVAeyc2kRNU.roa
File:                     bGJBzSxi5G9T19uOwVAeyc2kRNU.roa (raw, json)
Hash identifier:          lGsmSPwlfGYpoyz7aVlFQ6fE+YLTAVhLtoc/26tgoYQ=
Subject key identifier:   6C:62:41:CD:2C:62:E4:6F:53:D7:DB:8E:C1:50:1E:C9:CD:A4:44:D5
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E393FE0CAF1F3CA87AAFDA5AD8C0171
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bGJBzSxi5G9T19uOwVAeyc2kRNU.roa
Signing time:             Fri 02 Jan 2026 10:20:39 +0000
ROA not before:           Fri 02 Jan 2026 10:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207301
IP address blocks:        2a0c:b641:780::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:3f:e0:ca:f1:f3:ca:87:aa:fd:a5:ad:8c:01:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c6241cd2c62e46f53d7db8ec1501ec9cda444d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c4:91:c1:cf:33:e2:b8:6b:d4:5f:7d:26:b0:
                    a9:7d:08:b8:0d:ab:12:2d:eb:3c:8b:72:49:93:90:
                    7d:02:01:11:01:7a:25:99:e7:3b:93:6b:89:9e:b4:
                    f6:0b:60:3d:0c:16:ca:a6:37:6a:83:da:50:3f:40:
                    45:a5:41:b1:cd:94:e0:68:61:0a:0f:79:cd:fe:80:
                    56:0e:94:af:a4:d8:35:c3:94:c8:d2:5b:0a:d4:cd:
                    9e:1b:fe:59:bc:20:ac:a2:6d:dc:a3:47:3d:8f:be:
                    9a:62:7c:f0:4e:c4:21:b4:54:fa:5f:73:74:ed:91:
                    33:8b:53:b3:44:5d:09:b7:9f:61:a4:ef:89:40:62:
                    ef:25:46:b9:d2:1f:19:f8:22:8f:e5:96:d7:62:80:
                    3a:07:8b:60:14:fe:3c:5c:51:5a:b8:48:f8:69:50:
                    76:ae:6a:eb:d5:85:1c:fb:c4:c2:d7:c8:6d:b4:75:
                    2a:67:57:f9:86:b0:eb:d4:2b:14:2f:c8:fe:a2:a9:
                    c0:f7:10:2c:46:71:21:4e:b7:c1:d3:0c:73:1b:11:
                    f2:e5:f4:99:1f:e8:4f:2e:3d:db:39:5c:94:41:1e:
                    79:8d:4f:70:a9:4c:58:dc:86:31:8e:e5:31:a8:a1:
                    b5:23:23:6b:22:16:e4:95:d8:c7:38:8a:ef:ca:91:
                    f9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:62:41:CD:2C:62:E4:6F:53:D7:DB:8E:C1:50:1E:C9:CD:A4:44:D5
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bGJBzSxi5G9T19uOwVAeyc2kRNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:780::/44

    Signature Algorithm: sha256WithRSAEncryption
         26:45:3f:e7:b9:19:2c:ac:97:a3:da:15:02:66:be:6d:d4:2b:
         a2:70:97:e5:f8:48:39:96:48:85:32:28:62:33:de:d1:70:fa:
         4d:32:78:64:ee:f6:0d:3d:47:bb:b9:cf:a2:68:00:63:c2:2f:
         95:4c:b9:1e:21:18:4d:df:4a:eb:3f:ec:6a:d6:71:3e:85:0e:
         68:96:bc:22:15:17:75:29:36:15:9f:d0:8d:91:9e:40:99:a4:
         0e:97:f9:8e:3e:6c:cc:f2:18:ce:1d:5a:91:3c:51:cc:30:07:
         1b:c1:79:bd:6f:c9:15:ed:cb:37:5e:8e:73:b2:b5:c2:b6:31:
         60:bc:37:8f:22:75:72:90:76:e5:1f:9a:eb:47:8b:66:7b:c0:
         a8:cb:ab:03:ac:48:c0:37:6d:d2:ad:8c:14:31:a5:ab:2f:1e:
         49:57:93:b8:e9:94:a0:9b:28:42:00:83:7a:69:61:c4:ec:76:
         1c:42:f7:7c:51:e9:f3:bf:a7:37:4f:1b:d4:ac:2d:64:79:08:
         50:1f:41:ba:f5:32:63:ff:f7:47:83:9e:26:eb:25:4b:07:b0:
         b1:31:3c:30:68:19:3b:f4:96:04:15:d2:c4:c6:23:a3:98:a3:
         3d:2b:2c:5f:9c:b1:80:35:30:cf:77:9b:a4:62:ef:80:94:34:
         3a:45:85:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OT/gyvHzyoeq/aWtjAFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzYyNDFjZDJjNjJlNDZmNTNkN2RiOGVjMTUwMWVjOWNkYTQ0NGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMSRwc8z4rhr1F99JrCpfQi4DasS
Les8i3JJk5B9AgERAXolmec7k2uJnrT2C2A9DBbKpjdqg9pQP0BFpUGxzZTgaGEK
D3nN/oBWDpSvpNg1w5TI0lsK1M2eG/5ZvCCsom3co0c9j76aYnzwTsQhtFT6X3N0
7ZEzi1OzRF0Jt59hpO+JQGLvJUa50h8Z+CKP5ZbXYoA6B4tgFP48XFFauEj4aVB2
rmrr1YUc+8TC18httHUqZ1f5hrDr1CsUL8j+oqnA9xAsRnEhTrfB0wxzGxHy5fSZ
H+hPLj3bOVyUQR55jU9wqUxY3IYxjuUxqKG1IyNrIhbkldjHOIrvypH5hwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGxiQc0sYuRvU9fbjsFQHsnNpETVMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYkdKQnpTeGk1RzlUMTl1T3dWQWV5YzJrUk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQeA
MA0GCSqGSIb3DQEBCwUAA4IBAQAmRT/nuRksrJej2hUCZr5t1CuicJfl+Eg5lkiF
MihiM97RcPpNMnhk7vYNPUe7uc+iaABjwi+VTLkeIRhN30rrP+xq1nE+hQ5olrwi
FRd1KTYVn9CNkZ5AmaQOl/mOPmzM8hjOHVqRPFHMMAcbwXm9b8kV7cs3Xo5zsrXC
tjFgvDePInVykHblH5rrR4tme8Coy6sDrEjAN23SrYwUMaWrLx5JV5O46ZSgmyhC
AIN6aWHE7HYcQvd8Uenzv6c3TxvUrC1keQhQH0G69TJj//dHg54m6yVLB7CxMTww
aBk79JYEFdLExiOjmKM9KyxfnLGANTDPd5ukYu+AlDQ6RYWn
-----END CERTIFICATE-----