This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/Bryd42xc20l8yGYzsCePWUyIRpQ.roa
File:                     Bryd42xc20l8yGYzsCePWUyIRpQ.roa (raw, json)
Hash identifier:          SfEAMcqg1lAI6lIUE6EnsEoR1LWkzVlNk7fPcXSOd1o=
Subject key identifier:   06:BC:9D:E3:6C:5C:DB:49:7C:C8:66:33:B0:27:8F:59:4C:88:46:94
Certificate issuer:       /CN=b83973bce4a1923a751d36a91d447e0c5c1698fd
Certificate serial:       019B7BA3DCCF51FF318AACEA83E201B450A1
Authority key identifier: B8:39:73:BC:E4:A1:92:3A:75:1D:36:A9:1D:44:7E:0C:5C:16:98:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uDlzvOShkjp1HTapHUR-DFwWmP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/Bryd42xc20l8yGYzsCePWUyIRpQ.roa
Signing time:             Thu 01 Jan 2026 22:18:14 +0000
ROA not before:           Thu 01 Jan 2026 22:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199188
IP address blocks:        185.187.148.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/uDlzvOShkjp1HTapHUR-DFwWmP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/uDlzvOShkjp1HTapHUR-DFwWmP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uDlzvOShkjp1HTapHUR-DFwWmP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:dc:cf:51:ff:31:8a:ac:ea:83:e2:01:b4:50:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b83973bce4a1923a751d36a91d447e0c5c1698fd
        Validity
            Not Before: Jan  1 22:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06bc9de36c5cdb497cc86633b0278f594c884694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5f:e8:4e:54:c0:c7:94:dd:db:9e:95:96:fb:
                    34:14:ab:ae:65:1e:78:33:b6:67:40:19:b1:4b:ff:
                    27:e2:4f:b5:53:24:cb:35:1d:02:dc:ae:a2:03:58:
                    16:55:cc:35:05:bf:e7:e8:e9:4b:6a:c1:ee:e3:dc:
                    2c:93:8c:66:81:d1:a6:14:2f:b2:ce:89:38:63:4c:
                    29:91:cf:02:bb:31:e2:a4:5f:06:1c:7a:c3:3a:12:
                    66:ab:e4:c6:8d:e7:58:b6:af:5c:3b:15:b5:c0:bb:
                    45:99:05:71:85:c8:4f:61:b6:4a:a6:3e:dd:7e:ce:
                    ab:12:52:0d:4d:2c:f6:1d:9f:32:6d:1c:ae:22:79:
                    ea:05:6b:0f:67:b2:b8:9a:a6:b7:87:4d:2e:bd:6c:
                    d0:15:65:5d:de:a2:7a:17:37:55:0f:d9:cb:c0:6d:
                    4b:7f:48:35:6d:e3:eb:d4:f7:6b:32:6f:1e:d5:04:
                    78:2c:85:cb:7e:8f:95:72:4d:f2:df:11:69:db:86:
                    16:9e:e4:9a:55:fd:d3:af:d1:02:d7:5b:45:5e:fe:
                    3c:31:6d:4b:10:3a:5f:99:18:18:71:f5:1a:b6:f4:
                    78:8a:3a:8e:41:3f:7b:eb:43:4e:a9:bd:c7:f8:f2:
                    69:00:b2:27:06:67:69:79:a2:c6:f9:ea:fe:1b:fa:
                    23:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:BC:9D:E3:6C:5C:DB:49:7C:C8:66:33:B0:27:8F:59:4C:88:46:94
            X509v3 Authority Key Identifier:
                keyid:B8:39:73:BC:E4:A1:92:3A:75:1D:36:A9:1D:44:7E:0C:5C:16:98:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uDlzvOShkjp1HTapHUR-DFwWmP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/Bryd42xc20l8yGYzsCePWUyIRpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/uDlzvOShkjp1HTapHUR-DFwWmP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:37:62:d2:de:cf:d1:61:a5:7e:35:7f:d6:a4:90:ee:b0:a9:
         1c:2c:f6:d6:f8:e0:e1:84:78:f7:50:3b:d0:bb:e2:37:de:a2:
         75:cb:2c:0e:8b:3f:59:51:f3:ff:5c:d7:44:4b:06:38:12:42:
         7e:37:1e:c1:71:f1:e2:2d:82:52:d2:87:b0:e7:72:39:0f:81:
         e3:f0:c8:a3:15:5f:e8:cd:18:12:b7:5f:59:6a:d2:21:2d:d7:
         40:6d:21:b9:38:af:f4:8e:f8:90:54:44:be:0b:bf:49:39:33:
         93:cb:cc:73:e3:a0:3f:e6:8c:e0:bd:3b:b9:77:4d:77:d1:92:
         57:bc:4c:98:43:93:0b:47:de:f5:6c:c7:76:6e:94:04:2c:1e:
         b6:86:6c:c6:bf:44:98:21:80:e6:29:b2:e6:24:ad:6c:2e:c9:
         cb:94:ec:a5:64:93:9b:19:06:8a:3e:21:fd:c7:cf:31:2e:fd:
         9d:22:ae:c6:67:0b:f5:a8:c8:0d:94:a3:ad:09:98:f8:4e:6e:
         c7:f7:fb:fe:ee:2d:de:84:57:8b:63:d8:e6:40:94:f7:01:b2:
         7f:79:46:3b:7b:c0:5d:35:48:f2:65:91:61:86:45:38:4a:70:
         2a:44:74:22:8a:50:aa:89:f0:21:6b:79:43:50:4c:f9:c0:3b:
         c6:a4:ec:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o9zPUf8xiqzqg+IBtFChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4Mzk3M2JjZTRhMTkyM2E3NTFkMzZhOTFkNDQ3ZTBjNWMx
Njk4ZmQwHhcNMjYwMTAxMjIxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmJjOWRlMzZjNWNkYjQ5N2NjODY2MzNiMDI3OGY1OTRjODg0Njk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0V/oTlTAx5Td256Vlvs0FKuuZR54
M7ZnQBmxS/8n4k+1UyTLNR0C3K6iA1gWVcw1Bb/n6OlLasHu49wsk4xmgdGmFC+y
zok4Y0wpkc8CuzHipF8GHHrDOhJmq+TGjedYtq9cOxW1wLtFmQVxhchPYbZKpj7d
fs6rElINTSz2HZ8ybRyuInnqBWsPZ7K4mqa3h00uvWzQFWVd3qJ6FzdVD9nLwG1L
f0g1bePr1PdrMm8e1QR4LIXLfo+Vck3y3xFp24YWnuSaVf3Tr9EC11tFXv48MW1L
EDpfmRgYcfUatvR4ijqOQT9760NOqb3H+PJpALInBmdpeaLG+er+G/ojJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa8neNsXNtJfMhmM7Anj1lMiEaUMB8GA1UdIwQY
MBaAFLg5c7zkoZI6dR02qR1EfgxcFpj9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdURsenZPU2hranAxSFRhcEhVUi1ERndXbVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9kOTE2ZGEtOGQ4NC00OTM0LTk1ZDct
ZDg1MDZjOTVmZWQ4LzEvQnJ5ZDQyeGMyMGw4eUdZenNDZVBXVXlJUnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9kOTE2ZGEtOGQ4NC00OTM0LTk1ZDctZDg1MDZjOTVmZWQ4
LzEvdURsenZPU2hranAxSFRhcEhVUi1ERndXbVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubuUMA0G
CSqGSIb3DQEBCwUAA4IBAQB2N2LS3s/RYaV+NX/WpJDusKkcLPbW+ODhhHj3UDvQ
u+I33qJ1yywOiz9ZUfP/XNdESwY4EkJ+Nx7BcfHiLYJS0oew53I5D4Hj8MijFV/o
zRgSt19ZatIhLddAbSG5OK/0jviQVES+C79JOTOTy8xz46A/5ozgvTu5d0130ZJX
vEyYQ5MLR971bMd2bpQELB62hmzGv0SYIYDmKbLmJK1sLsnLlOylZJObGQaKPiH9
x88xLv2dIq7GZwv1qMgNlKOtCZj4Tm7H9/v+7i3ehFeLY9jmQJT3AbJ/eUY7e8Bd
NUjyZZFhhkU4SnAqRHQiilCqifAha3lDUEz5wDvGpOwH
-----END CERTIFICATE-----