This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/kBUNjbSsmm7Mn3Q5G8pHzfSdrJM.roa
File:                     kBUNjbSsmm7Mn3Q5G8pHzfSdrJM.roa (raw, json)
Hash identifier:          btnz9PZAp3acMBNeW36Iy/hL1kzMf0nqH+ga7/me2mw=
Subject key identifier:   90:15:0D:8D:B4:AC:9A:6E:CC:9F:74:39:1B:CA:47:CD:F4:9D:AC:93
Certificate issuer:       /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial:       019B78A30AB37CBED77BF1656034269867C1
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/kBUNjbSsmm7Mn3Q5G8pHzfSdrJM.roa
Signing time:             Thu 01 Jan 2026 08:18:29 +0000
ROA not before:           Thu 01 Jan 2026 08:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204779
IP address blocks:        46.254.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:0a:b3:7c:be:d7:7b:f1:65:60:34:26:98:67:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
        Validity
            Not Before: Jan  1 08:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90150d8db4ac9a6ecc9f74391bca47cdf49dac93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:78:a7:88:4b:3a:10:55:1e:25:29:9d:4b:ac:
                    8e:d2:29:1e:a9:f0:31:29:af:83:78:b4:51:14:35:
                    6f:73:80:b2:dd:91:58:9e:72:41:d0:e8:37:39:8c:
                    b7:50:0e:b4:a0:b6:56:2e:75:70:ce:e7:5a:90:78:
                    c4:4d:be:7f:21:54:88:c4:d7:4d:f1:98:10:8c:72:
                    1c:c8:9f:09:a2:69:b3:89:c7:51:c3:da:e9:99:ff:
                    ed:ad:c6:35:41:0d:f5:9c:10:73:ce:e6:ae:53:67:
                    e1:f1:d0:2e:60:cb:25:c6:d8:c4:b5:da:e9:02:76:
                    c6:72:c2:2e:a2:f4:09:e0:2f:fb:4b:53:e6:66:6a:
                    fa:7a:0e:bd:46:2f:f0:a0:bb:95:bf:fb:cf:2a:05:
                    c7:3a:cf:70:f9:1b:ef:2c:31:43:9a:ed:a5:5a:84:
                    16:03:f4:90:3f:a2:74:fd:ae:fc:bb:89:db:2b:73:
                    b1:af:4f:0f:fb:91:90:b8:df:3a:a7:18:8b:27:e5:
                    d8:e2:b2:3b:69:02:9f:32:3b:d6:c2:33:17:9c:f5:
                    ed:c4:58:cf:d5:f5:09:75:1f:b5:bd:01:f0:be:7e:
                    3d:36:8e:52:52:8d:f3:e8:e0:b4:04:23:b8:39:7f:
                    91:3f:b7:7b:69:58:67:fd:d8:af:70:fc:40:35:00:
                    67:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:15:0D:8D:B4:AC:9A:6E:CC:9F:74:39:1B:CA:47:CD:F4:9D:AC:93
            X509v3 Authority Key Identifier:
                keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/kBUNjbSsmm7Mn3Q5G8pHzfSdrJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:33:35:3b:86:56:9d:e7:22:fb:d9:99:4f:7e:8d:f7:c1:a8:
         19:69:40:c9:67:be:af:f8:c2:10:49:65:7b:a9:07:95:f8:27:
         9e:51:9b:4d:34:51:0c:8c:e2:92:d3:ff:21:5e:c4:66:f3:32:
         b4:bb:0a:31:fe:dc:aa:84:a5:cc:ae:b5:28:1b:78:83:41:39:
         37:4e:ef:28:43:b3:2f:3a:a0:f0:26:26:fd:5e:e8:d2:9d:8c:
         26:14:6a:23:33:ef:a3:8b:72:50:30:17:fa:42:28:fc:79:b7:
         b2:4d:5a:9b:53:05:ea:8c:5a:87:96:cb:19:de:26:a4:b3:77:
         0c:e7:4a:4e:03:6a:84:a3:95:4a:63:60:14:3c:87:ec:a2:dd:
         72:1c:f7:01:bd:7a:d5:09:67:5d:2a:0c:4d:0e:88:36:29:7a:
         58:49:da:8f:62:79:a9:04:13:7d:83:20:3a:b8:c2:01:77:74:
         a2:0d:5f:a0:fb:b5:14:8a:1a:8c:12:fb:8b:33:a8:9e:be:76:
         05:8b:de:d5:90:82:0d:9d:68:42:65:33:f4:5e:c7:f7:8d:89:
         6c:d0:6f:6f:46:ea:e3:ec:04:7c:9a:a1:d7:9a:94:fc:25:2d:
         2f:9c:fb:e2:3b:65:84:65:6f:16:27:99:7f:d2:d3:aa:85:12:
         5e:b2:1e:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4owqzfL7Xe/FlYDQmmGfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjYwMTAxMDgxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDE1MGQ4ZGI0YWM5YTZlY2M5Zjc0MzkxYmNhNDdjZGY0OWRhYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3iniEs6EFUeJSmdS6yO0ikeqfAx
Ka+DeLRRFDVvc4Cy3ZFYnnJB0Og3OYy3UA60oLZWLnVwzudakHjETb5/IVSIxNdN
8ZgQjHIcyJ8JommzicdRw9rpmf/trcY1QQ31nBBzzuauU2fh8dAuYMslxtjEtdrp
AnbGcsIuovQJ4C/7S1PmZmr6eg69Ri/woLuVv/vPKgXHOs9w+RvvLDFDmu2lWoQW
A/SQP6J0/a78u4nbK3Oxr08P+5GQuN86pxiLJ+XY4rI7aQKfMjvWwjMXnPXtxFjP
1fUJdR+1vQHwvn49No5SUo3z6OC0BCO4OX+RP7d7aVhn/divcPxANQBnbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAVDY20rJpuzJ90ORvKR830nayTMB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEva0JVTmpiU3NtbTdNbjNRNUc4cEh6ZlNkckpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv7RMA0G
CSqGSIb3DQEBCwUAA4IBAQBpMzU7hlad5yL72ZlPfo33wagZaUDJZ76v+MIQSWV7
qQeV+CeeUZtNNFEMjOKS0/8hXsRm8zK0uwox/tyqhKXMrrUoG3iDQTk3Tu8oQ7Mv
OqDwJib9XujSnYwmFGojM++ji3JQMBf6Qij8ebeyTVqbUwXqjFqHlssZ3iaks3cM
50pOA2qEo5VKY2AUPIfsot1yHPcBvXrVCWddKgxNDog2KXpYSdqPYnmpBBN9gyA6
uMIBd3SiDV+g+7UUihqMEvuLM6ievnYFi97VkIINnWhCZTP0Xsf3jYls0G9vRurj
7AR8mqHXmpT8JS0vnPviO2WEZW8WJ5l/0tOqhRJesh5U
-----END CERTIFICATE-----