This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/BXCxdBfLks0HpLfeX-bitV1NMQk.roa
File:                     BXCxdBfLks0HpLfeX-bitV1NMQk.roa (raw, json)
Hash identifier:          ItUsnf1V/9DVkMNqI/XvXrmX1+5XjhHHxblYA8DiEX4=
Subject key identifier:   05:70:B1:74:17:CB:92:CD:07:A4:B7:DE:5F:E6:E2:B5:5D:4D:31:09
Certificate issuer:       /CN=25a553794223e6b4c632779b51371dc4e7d70705
Certificate serial:       019B7EA523AE5FE1E133B252D42B26B5CB93
Authority key identifier: 25:A5:53:79:42:23:E6:B4:C6:32:77:9B:51:37:1D:C4:E7:D7:07:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JaVTeUIj5rTGMnebUTcdxOfXBwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/BXCxdBfLks0HpLfeX-bitV1NMQk.roa
Signing time:             Fri 02 Jan 2026 12:18:30 +0000
ROA not before:           Fri 02 Jan 2026 12:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3064
IP address blocks:        84.40.16.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/JaVTeUIj5rTGMnebUTcdxOfXBwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/JaVTeUIj5rTGMnebUTcdxOfXBwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JaVTeUIj5rTGMnebUTcdxOfXBwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Feb 2026 00:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:23:ae:5f:e1:e1:33:b2:52:d4:2b:26:b5:cb:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a553794223e6b4c632779b51371dc4e7d70705
        Validity
            Not Before: Jan  2 12:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0570b17417cb92cd07a4b7de5fe6e2b55d4d3109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:66:eb:96:cf:cf:a4:6f:3e:c6:e2:20:fc:90:
                    2e:2b:3c:f1:0e:07:2d:7c:49:52:af:fc:77:90:59:
                    d5:96:fd:0f:a2:43:0e:84:89:af:f1:a2:90:51:3d:
                    8a:fa:78:83:9d:da:76:41:94:8a:36:e5:6d:64:be:
                    c6:dc:5b:e4:e7:a5:be:60:ff:1b:29:b8:0a:bd:eb:
                    6c:6b:62:0c:c7:d7:7f:94:88:9f:3a:23:38:b2:9d:
                    74:d2:f8:80:bd:4f:70:d1:ef:13:c2:16:a1:39:d8:
                    b5:2f:c6:da:2f:d5:5b:4e:02:39:ee:13:ee:2a:f7:
                    d8:5e:15:81:74:60:9f:e0:36:f3:fe:f1:7d:63:6f:
                    34:e3:fb:f2:a5:62:6f:77:36:60:ad:92:df:d4:f8:
                    5e:e4:5d:e9:e1:94:e7:c9:12:e1:09:4e:96:d6:79:
                    0d:8d:27:ce:55:2b:67:a0:50:83:eb:b6:18:95:ab:
                    7a:1f:bf:85:59:57:76:44:a1:c7:fa:52:ea:8b:f9:
                    61:fc:47:24:69:52:19:e9:d5:af:71:70:c1:70:2d:
                    db:d3:12:78:30:12:14:76:4b:07:98:5f:91:55:5b:
                    38:2a:bc:c1:43:c9:20:97:1c:fb:5c:86:25:26:29:
                    fa:1c:5a:f9:84:c0:8c:1f:fd:59:8d:4a:b3:73:43:
                    69:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:70:B1:74:17:CB:92:CD:07:A4:B7:DE:5F:E6:E2:B5:5D:4D:31:09
            X509v3 Authority Key Identifier:
                keyid:25:A5:53:79:42:23:E6:B4:C6:32:77:9B:51:37:1D:C4:E7:D7:07:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JaVTeUIj5rTGMnebUTcdxOfXBwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/BXCxdBfLks0HpLfeX-bitV1NMQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/JaVTeUIj5rTGMnebUTcdxOfXBwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.40.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:70:98:3e:ca:74:ba:99:8c:72:8c:11:6f:0c:3b:a0:70:52:
         60:34:c2:44:6d:7b:47:e2:ec:a9:68:37:c3:31:73:e0:03:66:
         b3:2f:8a:77:7c:2c:80:12:ab:5f:03:65:6f:61:59:83:d3:76:
         66:08:af:c2:d2:53:2d:b5:00:bc:9a:ec:f1:dc:d1:77:65:82:
         1d:9c:8b:3f:04:5c:5d:1c:22:d4:10:bf:03:47:7d:4b:2e:22:
         1d:c3:fd:9f:76:61:1b:27:25:b6:93:c8:30:e2:15:d8:00:19:
         88:38:29:3b:2e:c9:bc:3d:20:2b:aa:61:98:d7:8a:b8:fc:42:
         91:80:64:4a:8c:3e:1b:a1:b7:5b:49:a6:f6:01:c7:42:81:13:
         25:80:20:56:41:b9:3c:5d:7d:80:9c:dd:de:50:f8:14:54:20:
         29:79:0e:26:3c:37:bd:76:9d:13:0a:75:a2:ca:5d:55:21:e4:
         71:68:10:4a:42:67:8a:97:18:a2:fb:71:1f:b9:43:c9:df:63:
         56:30:6c:57:ce:9f:ae:cd:97:c7:ae:15:4a:ae:7e:44:e4:9a:
         61:b7:94:dc:2f:4f:9f:b9:a2:83:66:0c:4d:c4:4b:9b:0c:50:
         2a:13:7f:f5:3b:3f:b3:27:26:d6:8d:d8:e2:c4:13:a6:3b:cd:
         06:d7:5a:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pSOuX+HhM7JS1CsmtcuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTU1Mzc5NDIyM2U2YjRjNjMyNzc5YjUxMzcxZGM0ZTdk
NzA3MDUwHhcNMjYwMTAyMTIxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcwYjE3NDE3Y2I5MmNkMDdhNGI3ZGU1ZmU2ZTJiNTVkNGQzMTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAombrls/PpG8+xuIg/JAuKzzxDgct
fElSr/x3kFnVlv0PokMOhImv8aKQUT2K+niDndp2QZSKNuVtZL7G3Fvk56W+YP8b
KbgKvetsa2IMx9d/lIifOiM4sp100viAvU9w0e8TwhahOdi1L8baL9VbTgI57hPu
KvfYXhWBdGCf4Dbz/vF9Y2804/vypWJvdzZgrZLf1Phe5F3p4ZTnyRLhCU6W1nkN
jSfOVStnoFCD67YYlat6H7+FWVd2RKHH+lLqi/lh/EckaVIZ6dWvcXDBcC3b0xJ4
MBIUdksHmF+RVVs4KrzBQ8kglxz7XIYlJin6HFr5hMCMH/1ZjUqzc0Np6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVwsXQXy5LNB6S33l/m4rVdTTEJMB8GA1UdIwQY
MBaAFCWlU3lCI+a0xjJ3m1E3HcTn1wcFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFWVGVVSWo1clRHTW5lYlVUY2R4T2ZYQndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8xZjk2Y2MtNWVhNi00OWUzLThmNWYt
MzBlOTI5ZWQxMDYzLzEvQlhDeGRCZkxrczBIcExmZVgtYml0VjFOTVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8xZjk2Y2MtNWVhNi00OWUzLThmNWYtMzBlOTI5ZWQxMDYz
LzEvSmFWVGVVSWo1clRHTW5lYlVUY2R4T2ZYQndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVCgQMA0G
CSqGSIb3DQEBCwUAA4IBAQAQcJg+ynS6mYxyjBFvDDugcFJgNMJEbXtH4uypaDfD
MXPgA2azL4p3fCyAEqtfA2VvYVmD03ZmCK/C0lMttQC8muzx3NF3ZYIdnIs/BFxd
HCLUEL8DR31LLiIdw/2fdmEbJyW2k8gw4hXYABmIOCk7Lsm8PSArqmGY14q4/EKR
gGRKjD4bobdbSab2AcdCgRMlgCBWQbk8XX2AnN3eUPgUVCApeQ4mPDe9dp0TCnWi
yl1VIeRxaBBKQmeKlxii+3EfuUPJ32NWMGxXzp+uzZfHrhVKrn5E5Jpht5TcL0+f
uaKDZgxNxEubDFAqE3/1Oz+zJybWjdjixBOmO80G11oC
-----END CERTIFICATE-----