This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BRnPzixAWFA8fpuIrud5WnmBK3Y.roa
File:                     BRnPzixAWFA8fpuIrud5WnmBK3Y.roa (raw, json)
Hash identifier:          LSaiQRhcnwPArUvfZTXBIuWto16gVVfgUjF0+SrSwuw=
Subject key identifier:   05:19:CF:CE:2C:40:58:50:3C:7E:9B:88:AE:E7:79:5A:79:81:2B:76
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019B797E100327662C8D44FBF5C9C18A3E09
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BRnPzixAWFA8fpuIrud5WnmBK3Y.roa
Signing time:             Thu 01 Jan 2026 12:17:43 +0000
ROA not before:           Thu 01 Jan 2026 12:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399471
IP address blocks:        194.85.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:10:03:27:66:2c:8d:44:fb:f5:c9:c1:8a:3e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 12:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0519cfce2c4058503c7e9b88aee7795a79812b76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5f:11:1f:e4:81:29:41:c5:a2:e2:6c:07:a2:
                    1f:9d:36:be:23:f9:a7:5c:36:fe:cc:c6:e2:99:9c:
                    69:2a:28:e1:b6:80:88:bf:89:31:9d:68:e6:7f:d1:
                    4d:c5:22:19:94:5b:4c:2c:5f:3e:ab:51:40:87:af:
                    81:86:00:cd:13:dd:6f:4e:f5:f8:b4:fb:bb:00:ff:
                    0d:0e:bf:21:24:4e:4e:7d:37:8a:66:f5:38:d4:57:
                    24:eb:f2:d7:87:79:2e:21:7b:a1:0f:ee:62:0f:69:
                    e3:fb:c3:d5:25:63:7b:9f:f6:4b:d0:73:a1:74:0c:
                    29:d7:ef:02:9b:ec:2d:ea:5f:57:8e:be:9a:e2:69:
                    b7:0c:4a:a1:41:ff:ed:82:42:c0:4d:aa:f4:14:8a:
                    ed:51:e8:3e:64:6e:4e:6b:1a:0b:fd:f2:a4:a8:1a:
                    bb:fe:0c:92:53:5a:92:ac:12:fe:5f:2a:ae:b0:03:
                    c5:87:59:01:5f:d8:99:74:2c:48:87:2c:e6:3e:90:
                    d5:b8:c8:55:f6:bf:1c:f3:fc:b8:c2:0a:da:71:03:
                    c9:93:aa:f8:0a:bf:27:cf:31:52:e0:97:78:80:43:
                    19:5b:8a:5e:31:73:e1:03:46:44:18:9a:c4:e9:42:
                    da:c1:a4:65:e0:95:4c:3d:22:86:45:c0:f4:b9:b8:
                    74:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:19:CF:CE:2C:40:58:50:3C:7E:9B:88:AE:E7:79:5A:79:81:2B:76
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BRnPzixAWFA8fpuIrud5WnmBK3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:87:66:34:de:cc:0a:eb:c9:34:7f:a2:8a:80:b3:df:8c:a3:
         05:95:5a:1a:c6:0b:0f:6d:63:81:14:eb:22:da:05:c0:73:4d:
         44:40:ea:4c:9f:51:69:fa:4a:1e:dc:57:bd:e0:e9:9d:e3:11:
         76:a1:ff:1e:ac:74:55:c6:54:dd:ad:6e:63:4c:f8:5c:aa:44:
         19:a5:ae:ad:78:49:70:38:15:c2:93:e7:85:76:c7:7d:92:a2:
         16:04:32:59:ab:b4:8c:35:3d:d9:5a:88:9c:3a:08:c6:d5:1e:
         42:fc:77:6a:9b:2e:6f:ae:e4:84:4e:52:42:17:61:3b:4e:d9:
         99:15:db:a5:57:f3:46:55:22:75:89:ac:ed:bb:21:33:09:de:
         9e:d0:ea:db:a5:35:f1:1d:78:f4:e1:56:c2:94:6f:a9:9e:8f:
         60:95:ee:0d:74:f0:1e:2b:26:69:89:3d:92:8e:60:30:32:f2:
         28:4c:4f:f0:86:c2:77:54:45:29:53:e1:8c:18:9e:94:b6:88:
         7b:e8:07:95:cd:98:1b:57:a8:e4:8e:1b:c0:e7:b7:64:d6:72:
         3f:d8:08:98:e4:46:ce:8e:25:c4:f2:0e:b5:41:37:15:41:0d:
         8b:54:74:4d:c6:0d:f0:bd:dd:11:bf:1f:54:af:77:4a:3b:fd:
         99:62:fc:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fhADJ2YsjUT79cnBij4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMTAxMTIxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTE5Y2ZjZTJjNDA1ODUwM2M3ZTliODhhZWU3Nzk1YTc5ODEyYjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx18RH+SBKUHFouJsB6IfnTa+I/mn
XDb+zMbimZxpKijhtoCIv4kxnWjmf9FNxSIZlFtMLF8+q1FAh6+BhgDNE91vTvX4
tPu7AP8NDr8hJE5OfTeKZvU41Fck6/LXh3kuIXuhD+5iD2nj+8PVJWN7n/ZL0HOh
dAwp1+8Cm+wt6l9Xjr6a4mm3DEqhQf/tgkLATar0FIrtUeg+ZG5OaxoL/fKkqBq7
/gySU1qSrBL+XyqusAPFh1kBX9iZdCxIhyzmPpDVuMhV9r8c8/y4wgracQPJk6r4
Cr8nzzFS4Jd4gEMZW4peMXPhA0ZEGJrE6ULawaRl4JVMPSKGRcD0ubh0swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUZz84sQFhQPH6biK7neVp5gSt2MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvQlJuUHppeEFXRkE4ZnB1SXJ1ZDVXbm1CSzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlX6MA0G
CSqGSIb3DQEBCwUAA4IBAQA4h2Y03swK68k0f6KKgLPfjKMFlVoaxgsPbWOBFOsi
2gXAc01EQOpMn1Fp+koe3Fe94Omd4xF2of8erHRVxlTdrW5jTPhcqkQZpa6teElw
OBXCk+eFdsd9kqIWBDJZq7SMNT3ZWoicOgjG1R5C/Hdqmy5vruSETlJCF2E7TtmZ
FdulV/NGVSJ1iaztuyEzCd6e0OrbpTXxHXj04VbClG+pno9gle4NdPAeKyZpiT2S
jmAwMvIoTE/whsJ3VEUpU+GMGJ6Utoh76AeVzZgbV6jkjhvA57dk1nI/2AiY5EbO
jiXE8g61QTcVQQ2LVHRNxg3wvd0Rvx9Ur3dKO/2ZYvwR
-----END CERTIFICATE-----