This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/bGSEPaNtMNtWUlVTHFzssRogxAw.roa
File:                     bGSEPaNtMNtWUlVTHFzssRogxAw.roa (raw, json)
Hash identifier:          MF4TkWoRFFtVq0wlpaLP7q78ww43mp6CC35kVOFtuyc=
Subject key identifier:   6C:64:84:3D:A3:6D:30:DB:56:52:55:53:1C:5C:EC:B1:1A:20:C4:0C
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019B7FF199FDC89B2E43F6A9AB58C08E4889
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/bGSEPaNtMNtWUlVTHFzssRogxAw.roa
Signing time:             Fri 02 Jan 2026 18:21:38 +0000
ROA not before:           Fri 02 Jan 2026 18:21:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212027
IP address blocks:        212.80.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:99:fd:c8:9b:2e:43:f6:a9:ab:58:c0:8e:48:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  2 18:21:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c64843da36d30db565255531c5cecb11a20c40c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:77:65:e0:cf:57:b7:a6:9e:b7:3c:90:aa:2c:
                    5c:44:56:9b:80:4b:76:42:47:b0:e3:ed:28:a5:aa:
                    f6:21:fb:64:c1:ef:d5:20:9f:f3:bb:05:52:f4:e2:
                    87:03:0f:ce:5c:71:fd:f5:a4:5a:d4:95:07:f8:7a:
                    12:be:62:f5:7c:f8:b3:32:5a:6a:98:59:52:54:13:
                    8a:31:47:62:f2:94:4e:23:2e:83:2f:87:32:48:6c:
                    1b:e7:77:ae:8e:42:3c:6a:f2:47:94:7c:29:c9:03:
                    2a:b6:c1:a7:cf:04:20:a9:21:90:9d:f8:80:c0:d2:
                    5f:63:93:31:77:dc:9d:93:75:13:f8:c7:88:b2:9e:
                    b7:99:2e:b4:16:1e:ac:5f:8b:4b:53:4c:b5:ed:2a:
                    08:0d:d2:97:82:d5:d3:6a:28:ea:43:28:e4:9e:13:
                    11:24:0c:fd:7f:f4:9e:31:55:bc:75:73:2c:09:b0:
                    68:a0:e3:62:91:65:17:03:3e:3f:bf:70:67:d1:4b:
                    23:95:f0:3d:81:c3:1c:b5:a7:44:b2:22:27:3f:28:
                    e8:d9:bd:2d:31:7f:54:85:25:48:04:f9:2c:24:3f:
                    cd:48:ff:22:fe:73:c4:5a:75:91:ac:20:51:da:55:
                    a1:27:50:12:27:c1:d2:83:48:ad:bc:d1:f0:80:fd:
                    70:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:64:84:3D:A3:6D:30:DB:56:52:55:53:1C:5C:EC:B1:1A:20:C4:0C
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/bGSEPaNtMNtWUlVTHFzssRogxAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:95:66:18:f3:32:fb:c7:50:32:d3:93:52:60:95:dc:e3:80:
         39:96:19:b9:e4:55:8c:77:d8:62:fa:c0:41:54:04:03:c6:41:
         b4:c5:3b:a9:fe:ea:b3:3f:cb:3b:09:ae:c9:ff:2c:f4:86:48:
         03:30:7a:c0:ff:b8:f0:2c:62:32:65:5b:1e:01:8e:2d:75:53:
         15:04:c4:1a:e2:45:91:9c:b1:16:0d:8b:07:87:c1:35:1e:e3:
         1e:97:97:b1:03:ce:8b:01:6f:de:ab:5e:72:62:8e:ef:45:c3:
         05:8f:c9:dc:ad:7e:e3:8e:bb:02:9d:36:47:f6:d7:3c:20:40:
         5d:d1:b7:c1:a8:96:46:cd:54:f6:44:eb:f4:bc:a4:16:75:7c:
         6d:95:c6:23:00:76:67:fb:2d:ee:bc:e6:f0:b6:cf:71:23:90:
         ca:6c:1a:59:1a:60:4c:6c:1c:cb:d7:28:ff:8c:bd:4b:78:55:
         6d:dd:4e:9f:16:41:a9:33:8c:42:8d:3c:70:f5:88:e9:52:21:
         e5:dc:fc:7b:a8:64:72:9d:c4:87:91:32:38:60:5b:a3:a1:4c:
         2e:ee:3d:a7:43:65:c8:59:7a:e5:53:95:5a:56:ec:99:3a:20:
         ae:49:78:23:a1:5f:b7:2f:d0:57:13:8e:d6:89:cf:38:bb:45:
         cc:29:10:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8Zn9yJsuQ/apq1jAjkiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwMTAyMTgyMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzY0ODQzZGEzNmQzMGRiNTY1MjU1NTMxYzVjZWNiMTFhMjBjNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArndl4M9Xt6aetzyQqixcRFabgEt2
Qkew4+0opar2Iftkwe/VIJ/zuwVS9OKHAw/OXHH99aRa1JUH+HoSvmL1fPizMlpq
mFlSVBOKMUdi8pROIy6DL4cySGwb53eujkI8avJHlHwpyQMqtsGnzwQgqSGQnfiA
wNJfY5Mxd9ydk3UT+MeIsp63mS60Fh6sX4tLU0y17SoIDdKXgtXTaijqQyjknhMR
JAz9f/SeMVW8dXMsCbBooONikWUXAz4/v3Bn0UsjlfA9gcMctadEsiInPyjo2b0t
MX9UhSVIBPksJD/NSP8i/nPEWnWRrCBR2lWhJ1ASJ8HSg0itvNHwgP1wVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxkhD2jbTDbVlJVUxxc7LEaIMQMMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvYkdTRVBhTnRNTnRXVWxWVEhGenNzUm9neEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAGMA0G
CSqGSIb3DQEBCwUAA4IBAQC6lWYY8zL7x1Ay05NSYJXc44A5lhm55FWMd9hi+sBB
VAQDxkG0xTup/uqzP8s7Ca7J/yz0hkgDMHrA/7jwLGIyZVseAY4tdVMVBMQa4kWR
nLEWDYsHh8E1HuMel5exA86LAW/eq15yYo7vRcMFj8ncrX7jjrsCnTZH9tc8IEBd
0bfBqJZGzVT2ROv0vKQWdXxtlcYjAHZn+y3uvObwts9xI5DKbBpZGmBMbBzL1yj/
jL1LeFVt3U6fFkGpM4xCjTxw9YjpUiHl3Px7qGRyncSHkTI4YFujoUwu7j2nQ2XI
WXrlU5VaVuyZOiCuSXgjoV+3L9BXE47Wic84u0XMKRBY
-----END CERTIFICATE-----