This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/btpZBI2XWHAKS63fnL73LqvVNfk.roa
File:                     btpZBI2XWHAKS63fnL73LqvVNfk.roa (raw, json)
Hash identifier:          M2QuBhhoZDDE/3+2mzs7vceIBE782dg62RnFjR+wfWw=
Subject key identifier:   6E:DA:59:04:8D:97:58:70:0A:4B:AD:DF:9C:BE:F7:2E:AB:D5:35:F9
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019ACB53F551B1887A21E7C1BCCA014109C7
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/btpZBI2XWHAKS63fnL73LqvVNfk.roa
Signing time:             Fri 28 Nov 2025 16:37:48 +0000
ROA not before:           Fri 28 Nov 2025 16:37:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401776
IP address blocks:        31.42.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 19:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:cb:53:f5:51:b1:88:7a:21:e7:c1:bc:ca:01:41:09:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Nov 28 16:37:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6eda59048d9758700a4baddf9cbef72eabd535f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b2:13:5c:3a:e1:2e:40:8a:1c:8e:28:3e:f7:
                    f9:05:74:22:c6:f9:c3:df:e1:c2:f5:46:64:e0:eb:
                    08:75:7c:b5:c1:74:0c:14:27:17:ca:61:1e:93:2d:
                    0a:98:b9:db:47:35:5a:d6:a5:b8:64:2f:f9:21:bf:
                    0e:1f:1c:13:41:64:48:2e:b1:77:f9:3f:c8:7c:2c:
                    86:7a:6e:8a:d5:7f:7c:91:ef:0a:ac:98:e7:08:90:
                    d7:b5:e4:84:ff:be:b8:ed:27:2f:25:6a:70:ca:71:
                    72:78:7e:ab:a3:e3:df:66:84:58:2c:0c:dd:96:63:
                    da:2b:44:ad:e8:3c:fc:d0:4c:60:b9:a3:2f:71:cc:
                    48:10:74:30:ba:b7:20:77:18:c4:84:01:4c:e6:24:
                    8b:d4:5c:5e:73:94:f2:98:57:97:4b:45:b1:60:53:
                    f8:45:7e:60:a7:1e:a6:36:5d:85:24:50:c4:ac:07:
                    59:df:04:c2:50:4b:34:7e:03:b8:2e:fc:64:61:18:
                    9f:ba:3e:1c:8d:ff:30:18:f6:00:8a:30:5e:e9:e4:
                    25:b2:2e:bb:20:6b:95:52:d7:b8:8d:21:f5:cf:70:
                    61:3d:fc:bb:2e:7b:f5:6b:34:3d:5f:01:54:26:31:
                    8c:54:6e:93:67:24:f1:8c:6d:1e:a3:92:d0:f7:25:
                    f9:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:DA:59:04:8D:97:58:70:0A:4B:AD:DF:9C:BE:F7:2E:AB:D5:35:F9
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/btpZBI2XWHAKS63fnL73LqvVNfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:8d:50:06:be:59:70:1d:bb:2d:37:cf:e5:41:8a:be:b4:6f:
         c2:ca:31:dd:ca:1e:af:5a:d5:c1:43:d5:64:66:30:c6:13:0e:
         13:c6:dc:04:53:7d:84:45:bf:da:c7:4d:2c:4b:84:33:36:46:
         a7:3a:5a:ab:5f:ed:df:9d:cf:78:cd:11:ba:49:70:fe:78:d7:
         a2:b1:9d:ce:53:eb:c3:b7:fe:7b:77:b6:b7:15:20:9e:28:50:
         21:a1:26:7d:72:83:95:c4:7c:8e:0d:97:2f:86:2c:e8:94:c3:
         a4:90:96:80:52:02:66:85:55:5a:d6:b9:5a:a3:5e:1b:0d:0c:
         fc:a1:ef:22:1f:9d:b6:a9:b3:f9:96:a8:67:13:96:e6:dd:5b:
         d4:a9:a0:ca:5a:87:44:d7:4f:9d:cb:f4:50:32:61:4d:de:73:
         4b:f4:29:fe:6d:4e:ef:5b:6d:05:af:96:ef:cf:1a:8f:54:09:
         6d:72:6a:bd:d6:3e:9d:75:ec:77:9c:46:44:c0:82:a6:b1:0c:
         e9:ae:27:5c:45:d9:75:d6:2b:39:eb:6b:5e:d8:32:55:54:b8:
         4d:f1:37:97:b5:28:8e:e2:44:f8:79:c6:b5:53:c6:e8:f9:64:
         39:d2:fc:f3:b1:75:11:e8:96:34:4d:af:a5:a6:cf:4c:06:0d:
         0b:0d:af:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrLU/VRsYh6IefBvMoBQQnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUxMTI4MTYzNzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWRhNTkwNDhkOTc1ODcwMGE0YmFkZGY5Y2JlZjcyZWFiZDUzNWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrITXDrhLkCKHI4oPvf5BXQixvnD
3+HC9UZk4OsIdXy1wXQMFCcXymEeky0KmLnbRzVa1qW4ZC/5Ib8OHxwTQWRILrF3
+T/IfCyGem6K1X98ke8KrJjnCJDXteSE/7647ScvJWpwynFyeH6ro+PfZoRYLAzd
lmPaK0St6Dz80ExguaMvccxIEHQwurcgdxjEhAFM5iSL1Fxec5TymFeXS0WxYFP4
RX5gpx6mNl2FJFDErAdZ3wTCUEs0fgO4LvxkYRifuj4cjf8wGPYAijBe6eQlsi67
IGuVUte4jSH1z3BhPfy7Lnv1azQ9XwFUJjGMVG6TZyTxjG0eo5LQ9yX5ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7aWQSNl1hwCkut35y+9y6r1TX5MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvYnRwWkJJMlhXSEFLUzYzZm5MNzNMcXZWTmZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp4MA0G
CSqGSIb3DQEBCwUAA4IBAQCGjVAGvllwHbstN8/lQYq+tG/CyjHdyh6vWtXBQ9Vk
ZjDGEw4TxtwEU32ERb/ax00sS4QzNkanOlqrX+3fnc94zRG6SXD+eNeisZ3OU+vD
t/57d7a3FSCeKFAhoSZ9coOVxHyODZcvhizolMOkkJaAUgJmhVVa1rlao14bDQz8
oe8iH522qbP5lqhnE5bm3VvUqaDKWodE10+dy/RQMmFN3nNL9Cn+bU7vW20Fr5bv
zxqPVAltcmq91j6ddex3nEZEwIKmsQzpridcRdl11is562te2DJVVLhN8TeXtSiO
4kT4eca1U8bo+WQ50vzzsXUR6JY0Ta+lps9MBg0LDa/z
-----END CERTIFICATE-----