This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Boyk6o7-a3iSBDxm4k4pN1A3qSs.roa
File:                     Boyk6o7-a3iSBDxm4k4pN1A3qSs.roa (raw, json)
Hash identifier:          GPvSmxcaRxlx6ClfdOuJC79INEWj4aRhnXN0bsqgM4Y=
Subject key identifier:   06:8C:A4:EA:8E:FE:6B:78:92:04:3C:66:E2:4E:29:37:50:37:A9:2B
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B36194E4280E184B85B08A5C280AE80
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Boyk6o7-a3iSBDxm4k4pN1A3qSs.roa
Signing time:             Thu 01 Jan 2026 20:18:21 +0000
ROA not before:           Thu 01 Jan 2026 20:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213498
IP address blocks:        152.89.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:19:4e:42:80:e1:84:b8:5b:08:a5:c2:80:ae:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=068ca4ea8efe6b7892043c66e24e29375037a92b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:60:6f:42:10:c0:79:2e:ac:a8:c7:90:0d:1b:
                    f0:3a:14:1b:96:23:24:99:7d:48:74:20:bb:ec:b0:
                    0c:9e:5b:7d:69:01:96:14:95:42:72:0d:7c:37:a8:
                    14:ad:c2:37:58:b7:ab:ff:28:33:e3:67:cd:5b:c5:
                    c5:19:96:98:05:fb:c7:c7:a4:c6:d3:d6:55:9e:1c:
                    48:7c:b3:7e:9a:41:e3:92:3e:40:17:27:54:b1:d9:
                    3c:08:9e:26:1d:27:6a:f4:77:3d:13:72:af:3c:a1:
                    20:bb:89:8b:57:d8:15:27:72:e3:9e:0e:72:60:f0:
                    72:96:87:df:3e:d6:99:17:c8:9f:d2:48:71:5e:f1:
                    ea:99:e7:55:5b:27:43:b7:9d:f7:27:a8:eb:9a:58:
                    0d:37:9a:08:34:22:92:a2:c0:c0:71:fd:cc:f8:cc:
                    97:be:64:39:26:a9:4e:61:bd:45:0a:c6:9a:7b:62:
                    00:2c:97:1d:89:1b:24:a4:21:7b:41:b6:a5:7e:57:
                    3e:29:3a:40:1a:4c:f4:be:6c:42:3a:f9:1a:e2:ca:
                    68:ab:19:e8:fd:9e:c9:51:f7:ae:69:70:d0:a4:cd:
                    6e:b6:68:c5:fb:a2:37:bb:70:09:60:86:f3:21:ed:
                    cb:5f:5d:a8:5f:d1:15:ad:a9:df:fa:41:a4:8e:42:
                    8e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:8C:A4:EA:8E:FE:6B:78:92:04:3C:66:E2:4E:29:37:50:37:A9:2B
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Boyk6o7-a3iSBDxm4k4pN1A3qSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:03:72:4f:89:37:47:d0:ca:e2:de:60:7f:83:27:89:06:d2:
         11:7d:bb:ae:1d:02:b9:b3:46:c0:d1:de:70:a2:5f:f9:b3:31:
         b8:83:41:bf:46:85:4f:9e:b5:a1:0e:ee:f8:49:fa:30:29:26:
         60:03:f6:63:15:d7:ee:db:1a:4d:6d:22:25:e1:b5:ac:e1:45:
         53:35:0b:96:c9:21:d8:49:73:89:5a:8e:f7:7d:20:86:ba:53:
         6f:b1:0f:30:e2:70:67:ac:93:23:1d:c4:52:4b:a1:9a:c0:40:
         d8:00:80:47:72:1c:e7:90:00:2c:bf:7f:48:4b:32:ce:8c:9e:
         17:fb:78:ad:be:8d:2d:2c:67:4f:ce:48:2a:05:71:a0:cb:40:
         ec:4b:80:0c:69:b3:d3:f8:6c:48:2d:a7:7f:75:c1:b2:7e:bd:
         b1:3e:cb:21:9b:be:c7:f7:c5:bf:34:fe:10:34:a8:09:4f:4d:
         71:d6:f7:a2:ab:00:64:1c:f1:3c:06:b0:40:d8:e9:05:89:a5:
         5e:e3:47:d9:b1:20:58:06:ec:b1:b2:32:cf:3a:2c:ab:4d:67:
         a8:53:ed:84:5c:93:9f:b5:58:f0:51:a4:98:34:e9:3b:85:56:
         c8:a1:95:13:52:97:78:87:3d:51:58:0f:20:d1:19:f0:19:8f:
         b1:4c:4d:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NhlOQoDhhLhbCKXCgK6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjhjYTRlYThlZmU2Yjc4OTIwNDNjNjZlMjRlMjkzNzUwMzdhOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGBvQhDAeS6sqMeQDRvwOhQbliMk
mX1IdCC77LAMnlt9aQGWFJVCcg18N6gUrcI3WLer/ygz42fNW8XFGZaYBfvHx6TG
09ZVnhxIfLN+mkHjkj5AFydUsdk8CJ4mHSdq9Hc9E3KvPKEgu4mLV9gVJ3Ljng5y
YPByloffPtaZF8if0khxXvHqmedVWydDt533J6jrmlgNN5oINCKSosDAcf3M+MyX
vmQ5JqlOYb1FCsaae2IALJcdiRskpCF7Qbalflc+KTpAGkz0vmxCOvka4spoqxno
/Z7JUfeuaXDQpM1utmjF+6I3u3AJYIbzIe3LX12oX9EVranf+kGkjkKODwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaMpOqO/mt4kgQ8ZuJOKTdQN6krMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvQm95azZvNy1hM2lTQkR4bTRrNHBOMUEzcVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFnGMA0G
CSqGSIb3DQEBCwUAA4IBAQALA3JPiTdH0Mri3mB/gyeJBtIRfbuuHQK5s0bA0d5w
ol/5szG4g0G/RoVPnrWhDu74SfowKSZgA/ZjFdfu2xpNbSIl4bWs4UVTNQuWySHY
SXOJWo73fSCGulNvsQ8w4nBnrJMjHcRSS6GawEDYAIBHchznkAAsv39ISzLOjJ4X
+3itvo0tLGdPzkgqBXGgy0DsS4AMabPT+GxILad/dcGyfr2xPsshm77H98W/NP4Q
NKgJT01x1veiqwBkHPE8BrBA2OkFiaVe40fZsSBYBuyxsjLPOiyrTWeoU+2EXJOf
tVjwUaSYNOk7hVbIoZUTUpd4hz1RWA8g0RnwGY+xTE2L
-----END CERTIFICATE-----