This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/BaQ-Dwx4jGTP-WyiH6nK6TF34ds.roa
File:                     BaQ-Dwx4jGTP-WyiH6nK6TF34ds.roa (raw, json)
Hash identifier:          Nnb+Pm8QW6nU8DXHtnpp7btMXm7Fsm1NDGac760ezUQ=
Subject key identifier:   05:A4:3E:0F:0C:78:8C:64:CF:F9:6C:A2:1F:A9:CA:E9:31:77:E1:DB
Certificate issuer:       /CN=d881e5777cce990c0b2b0f4c29cc8d2cf9afe83b
Certificate serial:       019B7758E9ED13C56A191857FD7F318361C0
Authority key identifier: D8:81:E5:77:7C:CE:99:0C:0B:2B:0F:4C:29:CC:8D:2C:F9:AF:E8:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2IHld3zOmQwLKw9MKcyNLPmv6Ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/BaQ-Dwx4jGTP-WyiH6nK6TF34ds.roa
Signing time:             Thu 01 Jan 2026 02:17:54 +0000
ROA not before:           Thu 01 Jan 2026 02:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        141.33.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/2IHld3zOmQwLKw9MKcyNLPmv6Ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/2IHld3zOmQwLKw9MKcyNLPmv6Ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2IHld3zOmQwLKw9MKcyNLPmv6Ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:e9:ed:13:c5:6a:19:18:57:fd:7f:31:83:61:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d881e5777cce990c0b2b0f4c29cc8d2cf9afe83b
        Validity
            Not Before: Jan  1 02:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05a43e0f0c788c64cff96ca21fa9cae93177e1db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a6:f9:ac:19:b1:87:b3:89:7e:c1:8b:a2:7b:
                    62:cb:47:21:08:8e:5f:e2:73:6f:4e:53:8c:20:03:
                    86:c1:e0:39:47:b7:50:fc:e2:e2:2f:27:24:ad:b1:
                    3d:b9:7e:10:56:9f:6b:1e:0a:66:83:56:a9:a3:24:
                    11:24:6c:6b:77:23:03:5f:68:6b:51:62:b2:f1:94:
                    86:32:e6:44:a4:a7:fb:ef:db:0e:f5:66:5e:88:7c:
                    13:b5:0d:6f:0f:ca:5f:cf:50:48:a3:20:c4:91:f2:
                    d6:04:a4:dc:4a:2d:0d:07:ba:6e:64:6a:1c:b9:47:
                    41:30:f2:01:16:40:70:ed:2c:5f:e5:22:9d:53:f0:
                    85:05:24:72:d3:6f:9c:20:f5:e8:a3:5f:23:30:72:
                    b6:e2:ad:e6:df:ee:46:94:47:9b:bc:e0:a2:0d:15:
                    83:89:83:d1:5c:38:1f:7c:d2:7c:a5:ff:ea:64:e2:
                    55:64:b8:7d:a9:84:a7:92:e3:db:6e:61:c6:05:9f:
                    dc:c3:e7:33:00:d1:4a:45:b8:f8:d8:f9:a9:af:7c:
                    80:e2:b1:b7:22:3b:75:e0:4c:3f:00:80:f9:d4:1a:
                    a9:cb:ba:8b:77:ea:cd:c6:40:11:d9:0b:d4:fa:4f:
                    88:6e:7a:77:8c:53:16:f5:65:ee:6c:94:35:16:64:
                    d5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A4:3E:0F:0C:78:8C:64:CF:F9:6C:A2:1F:A9:CA:E9:31:77:E1:DB
            X509v3 Authority Key Identifier:
                keyid:D8:81:E5:77:7C:CE:99:0C:0B:2B:0F:4C:29:CC:8D:2C:F9:AF:E8:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2IHld3zOmQwLKw9MKcyNLPmv6Ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/BaQ-Dwx4jGTP-WyiH6nK6TF34ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/2IHld3zOmQwLKw9MKcyNLPmv6Ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.33.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         95:53:99:02:66:7b:8e:d7:2b:10:47:7d:7f:fc:bb:79:72:97:
         a8:ec:8e:37:5d:31:76:18:0f:fc:14:ae:ee:84:c8:12:13:d0:
         02:68:63:a9:a6:29:c6:7b:9f:57:87:ca:91:e5:9d:68:90:b3:
         42:aa:c5:78:e6:94:5f:a1:f3:f8:ad:e9:c6:fd:40:1c:33:ba:
         d6:b5:10:54:8b:32:4a:7a:20:2a:8f:b8:49:c3:b4:ff:1b:a2:
         76:01:48:7b:e6:39:20:7d:53:3c:3c:a0:2a:ad:a5:37:49:b7:
         86:1a:ac:03:54:62:ac:c0:2d:4b:c9:25:c4:c2:46:b2:a4:bd:
         b9:40:6e:d6:55:44:9a:b3:0d:23:1c:a0:fd:c1:a4:ea:8e:d8:
         5d:89:23:b5:c6:cb:c5:ba:6a:84:2e:02:49:6a:4f:f3:e8:c2:
         b6:39:c2:a2:e2:40:1c:0a:d4:52:92:34:0b:39:72:ac:ff:50:
         73:73:41:05:41:89:ab:19:2b:f1:d0:d8:42:4d:f8:fc:f7:8c:
         96:6c:d9:58:d7:cc:e5:f3:4f:2e:b0:34:e7:c4:6d:55:a6:2c:
         aa:1b:fb:9c:f1:73:4c:66:5e:78:de:8e:e9:27:b7:ed:2d:00:
         8d:b9:13:80:c8:0c:9d:89:dd:68:1c:91:fb:e6:c4:84:8c:66:
         90:9f:88:86
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt3WOntE8VqGRhX/X8xg2HAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ODFlNTc3N2NjZTk5MGMwYjJiMGY0YzI5Y2M4ZDJjZjlh
ZmU4M2IwHhcNMjYwMTAxMDIxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE0M2UwZjBjNzg4YzY0Y2ZmOTZjYTIxZmE5Y2FlOTMxNzdlMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36b5rBmxh7OJfsGLontiy0chCI5f
4nNvTlOMIAOGweA5R7dQ/OLiLyckrbE9uX4QVp9rHgpmg1apoyQRJGxrdyMDX2hr
UWKy8ZSGMuZEpKf779sO9WZeiHwTtQ1vD8pfz1BIoyDEkfLWBKTcSi0NB7puZGoc
uUdBMPIBFkBw7Sxf5SKdU/CFBSRy02+cIPXoo18jMHK24q3m3+5GlEebvOCiDRWD
iYPRXDgffNJ8pf/qZOJVZLh9qYSnkuPbbmHGBZ/cw+czANFKRbj42Pmpr3yA4rG3
Ijt14Ew/AID51Bqpy7qLd+rNxkAR2QvU+k+Ibnp3jFMW9WXubJQ1FmTV+wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAWkPg8MeIxkz/lsoh+pyukxd+HbMB8GA1UdIwQY
MBaAFNiB5Xd8zpkMCysPTCnMjSz5r+g7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMklIbGQzek9tUXdMS3c5TUtjeU5MUG12NkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zYzk1ZjMtZGMzZC00OGViLWI2ZDct
ZDgzNWRlMDhiY2Y2LzEvQmFRLUR3eDRqR1RQLVd5aUg2bks2VEYzNGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zYzk1ZjMtZGMzZC00OGViLWI2ZDctZDgzNWRlMDhiY2Y2
LzEvMklIbGQzek9tUXdMS3c5TUtjeU5MUG12NkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSEwDQYJ
KoZIhvcNAQELBQADggEBAJVTmQJme47XKxBHfX/8u3lyl6jsjjddMXYYD/wUru6E
yBIT0AJoY6mmKcZ7n1eHypHlnWiQs0KqxXjmlF+h8/it6cb9QBwzuta1EFSLMkp6
ICqPuEnDtP8bonYBSHvmOSB9Uzw8oCqtpTdJt4YarANUYqzALUvJJcTCRrKkvblA
btZVRJqzDSMcoP3BpOqO2F2JI7XGy8W6aoQuAklqT/PowrY5wqLiQBwK1FKSNAs5
cqz/UHNzQQVBiasZK/HQ2EJN+Pz3jJZs2VjXzOXzTy6wNOfEbVWmLKob+5zxc0xm
Xnjejuknt+0tAI25E4DIDJ2J3WgckfvmxISMZpCfiIY=
-----END CERTIFICATE-----