This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/d02b32-967d-4751-82d3-121a14a9a40e/1/BcT1YlHw7D1Dk2z_LIFmn3rThJY.roa
File:                     BcT1YlHw7D1Dk2z_LIFmn3rThJY.roa (raw, json)
Hash identifier:          Eovd3kGKSBHE8soZjKT4R8yDeoxnP/onLhr4NTs+e6o=
Subject key identifier:   05:C4:F5:62:51:F0:EC:3D:43:93:6C:FF:2C:81:66:9F:7A:D3:84:96
Certificate issuer:       /CN=68bc3940055d1574f263b5f96ab0900c6bb4c5f9
Certificate serial:       019B7A5B8B49A1CEDA1CA55D24088545D1D1
Authority key identifier: 68:BC:39:40:05:5D:15:74:F2:63:B5:F9:6A:B0:90:0C:6B:B4:C5:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aLw5QAVdFXTyY7X5arCQDGu0xfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/d02b32-967d-4751-82d3-121a14a9a40e/1/BcT1YlHw7D1Dk2z_LIFmn3rThJY.roa
Signing time:             Thu 01 Jan 2026 16:19:38 +0000
ROA not before:           Thu 01 Jan 2026 16:19:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39704
IP address blocks:        2001:67c:f14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/d02b32-967d-4751-82d3-121a14a9a40e/1/aLw5QAVdFXTyY7X5arCQDGu0xfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/d02b32-967d-4751-82d3-121a14a9a40e/1/aLw5QAVdFXTyY7X5arCQDGu0xfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aLw5QAVdFXTyY7X5arCQDGu0xfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 19:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:8b:49:a1:ce:da:1c:a5:5d:24:08:85:45:d1:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68bc3940055d1574f263b5f96ab0900c6bb4c5f9
        Validity
            Not Before: Jan  1 16:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05c4f56251f0ec3d43936cff2c81669f7ad38496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2f:7e:5f:e4:ea:d5:b1:71:50:1f:46:85:f4:
                    41:65:20:35:8b:75:0f:05:81:ec:24:5f:96:ea:81:
                    0b:51:0d:39:a9:3e:49:69:f8:65:4e:e4:8b:ca:d7:
                    30:87:d0:5a:be:eb:1f:1a:5f:7e:54:37:99:0d:fd:
                    32:97:56:c6:52:9f:35:78:17:b5:b0:3c:9b:93:47:
                    31:ea:0d:b5:1b:f4:da:f5:9b:b7:0a:fd:f4:c6:a6:
                    06:b6:d9:d3:9d:37:b2:f4:0c:fc:31:bd:07:4f:96:
                    1e:4b:60:34:26:33:64:5b:b6:ff:b1:e0:4f:8d:b7:
                    cf:c0:cf:b9:3c:90:e0:86:85:ad:97:b9:83:80:ec:
                    66:c7:60:26:f6:8c:4f:ce:62:c8:57:e6:ca:0c:5a:
                    11:05:6e:5e:ca:bd:f2:be:a4:c0:ad:f6:63:fd:eb:
                    0d:66:91:52:c1:ff:92:5d:09:e9:34:37:c3:1c:3c:
                    96:f0:fe:e4:02:0f:a7:1c:2d:5b:e6:1d:f9:33:60:
                    93:01:fb:78:30:8a:d2:d1:b0:99:4c:5d:32:43:f9:
                    a8:63:d1:82:a1:8c:bf:47:b0:b8:96:32:14:2f:c0:
                    fc:97:02:1a:c4:fc:e2:dd:0a:c5:90:ff:87:25:fc:
                    93:31:25:97:bd:60:a5:ed:d3:30:fb:ef:ac:1e:ed:
                    1e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C4:F5:62:51:F0:EC:3D:43:93:6C:FF:2C:81:66:9F:7A:D3:84:96
            X509v3 Authority Key Identifier:
                keyid:68:BC:39:40:05:5D:15:74:F2:63:B5:F9:6A:B0:90:0C:6B:B4:C5:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLw5QAVdFXTyY7X5arCQDGu0xfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/d02b32-967d-4751-82d3-121a14a9a40e/1/BcT1YlHw7D1Dk2z_LIFmn3rThJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/d02b32-967d-4751-82d3-121a14a9a40e/1/aLw5QAVdFXTyY7X5arCQDGu0xfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f14::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:0b:04:58:0b:32:f5:90:ad:dd:36:80:35:88:92:58:48:63:
         99:ee:57:eb:c9:b7:bc:66:c0:f6:9b:ba:92:33:64:16:ba:3e:
         ce:4c:5c:6d:3e:ee:5d:3e:22:38:43:a5:ab:e0:60:62:57:81:
         f4:fa:25:11:3e:e9:81:47:34:e8:64:1d:b7:ba:d0:8a:8a:4f:
         68:39:5c:71:65:de:af:5b:73:4e:2c:e2:58:3e:85:21:85:fd:
         2f:76:8d:75:99:58:bb:62:d4:9f:83:02:78:fc:79:8d:55:4b:
         88:df:d4:3a:16:97:3f:b0:6a:5f:25:53:40:b0:87:0b:44:ce:
         60:b0:3a:57:56:8e:38:67:90:68:36:7f:7e:8d:5b:ab:41:9a:
         00:cd:19:07:ad:fb:f7:75:15:e0:00:44:ae:ae:9b:c5:df:b2:
         a3:e4:c1:ac:93:81:04:db:e3:18:5f:25:e7:d7:e3:87:ac:12:
         fb:52:af:49:63:04:9d:1e:62:14:70:db:cf:eb:cc:7d:7b:e4:
         da:d9:ee:56:6b:fc:f0:2b:a6:09:13:9a:e2:9c:32:14:40:aa:
         83:12:57:68:79:c0:98:6f:4e:c6:95:3f:74:5b:e9:a4:05:b9:
         a0:a4:a5:f0:7e:d6:0a:96:07:5d:2d:f3:d8:6a:7b:ba:df:fa:
         80:71:ce:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6W4tJoc7aHKVdJAiFRdHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YmMzOTQwMDU1ZDE1NzRmMjYzYjVmOTZhYjA5MDBjNmJi
NGM1ZjkwHhcNMjYwMTAxMTYxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWM0ZjU2MjUxZjBlYzNkNDM5MzZjZmYyYzgxNjY5ZjdhZDM4NDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy9+X+Tq1bFxUB9GhfRBZSA1i3UP
BYHsJF+W6oELUQ05qT5JafhlTuSLytcwh9BavusfGl9+VDeZDf0yl1bGUp81eBe1
sDybk0cx6g21G/Ta9Zu3Cv30xqYGttnTnTey9Az8Mb0HT5YeS2A0JjNkW7b/seBP
jbfPwM+5PJDghoWtl7mDgOxmx2Am9oxPzmLIV+bKDFoRBW5eyr3yvqTArfZj/esN
ZpFSwf+SXQnpNDfDHDyW8P7kAg+nHC1b5h35M2CTAft4MIrS0bCZTF0yQ/moY9GC
oYy/R7C4ljIUL8D8lwIaxPzi3QrFkP+HJfyTMSWXvWCl7dMw+++sHu0e6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAXE9WJR8Ow9Q5Ns/yyBZp9604SWMB8GA1UdIwQY
MBaAFGi8OUAFXRV08mO1+WqwkAxrtMX5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUx3NVFBVmRGWFR5WTdYNWFyQ1FER3UweGZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9kMDJiMzItOTY3ZC00NzUxLTgyZDMt
MTIxYTE0YTlhNDBlLzEvQmNUMVlsSHc3RDFEazJ6X0xJRm1uM3JUaEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9kMDJiMzItOTY3ZC00NzUxLTgyZDMtMTIxYTE0YTlhNDBl
LzEvYUx3NVFBVmRGWFR5WTdYNWFyQ1FER3UweGZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA8U
MA0GCSqGSIb3DQEBCwUAA4IBAQALCwRYCzL1kK3dNoA1iJJYSGOZ7lfrybe8ZsD2
m7qSM2QWuj7OTFxtPu5dPiI4Q6Wr4GBiV4H0+iURPumBRzToZB23utCKik9oOVxx
Zd6vW3NOLOJYPoUhhf0vdo11mVi7YtSfgwJ4/HmNVUuI39Q6Fpc/sGpfJVNAsIcL
RM5gsDpXVo44Z5BoNn9+jVurQZoAzRkHrfv3dRXgAESurpvF37Kj5MGsk4EE2+MY
XyXn1+OHrBL7Uq9JYwSdHmIUcNvP68x9e+Ta2e5Wa/zwK6YJE5rinDIUQKqDEldo
ecCYb07GlT90W+mkBbmgpKXwftYKlgddLfPYanu63/qAcc6I
-----END CERTIFICATE-----