This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/BG6Fp5ARaA1eX39JrGcpr7-zIWs.roa
File:                     BG6Fp5ARaA1eX39JrGcpr7-zIWs.roa (raw, json)
Hash identifier:          u8VEG4bOX2UFjz30ikvmJ/tTe5FZbU1kcVpaZMlT+ZU=
Subject key identifier:   04:6E:85:A7:90:11:68:0D:5E:5F:7F:49:AC:67:29:AF:BF:B3:21:6B
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019AFD66E2E848D5DF8E38DFBF9CF6D144AA
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/BG6Fp5ARaA1eX39JrGcpr7-zIWs.roa
Signing time:             Mon 08 Dec 2025 09:59:29 +0000
ROA not before:           Mon 08 Dec 2025 09:59:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42375
IP address blocks:        185.147.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Dec 2025 15:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:fd:66:e2:e8:48:d5:df:8e:38:df:bf:9c:f6:d1:44:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Dec  8 09:59:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=046e85a79011680d5e5f7f49ac6729afbfb3216b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d7:55:2e:61:a0:77:bb:56:6d:1d:e0:a9:eb:
                    76:1c:b1:32:9b:4e:ee:7e:3e:4a:14:36:c8:fd:96:
                    2c:5e:69:d2:8f:9d:94:17:4f:bb:0c:d0:14:60:35:
                    bb:a0:86:ab:74:ea:c8:51:f2:65:17:19:8d:2f:a0:
                    f2:b5:36:7c:ea:19:7d:6c:b2:da:99:d9:c8:30:98:
                    04:a2:2b:86:c0:15:ea:18:a6:9b:72:21:ca:cb:40:
                    f1:0b:08:1a:3c:64:88:4f:6e:27:b9:db:dd:2a:ab:
                    42:7c:e3:cd:ab:c9:85:ac:50:a7:fa:35:70:c9:43:
                    e3:b9:b3:1e:16:c0:cd:24:a4:73:1a:d6:31:8b:4b:
                    b4:5f:de:9d:63:a1:2e:6e:c0:ec:99:7f:07:10:7f:
                    21:a6:40:85:1c:1e:1e:88:ee:85:71:36:59:76:de:
                    b8:bc:29:15:9b:a3:3f:5b:e2:5c:5d:51:43:0c:b2:
                    13:9c:8e:ce:3c:6a:81:ba:63:19:ff:6d:ad:80:66:
                    9b:e6:8b:9a:85:b0:2d:81:73:60:39:55:a3:61:25:
                    46:e2:f3:93:35:44:2e:e4:aa:6e:c5:c9:9e:43:57:
                    e0:df:73:fb:f5:f1:ef:32:d3:6a:34:06:bf:d2:a7:
                    30:03:24:d1:85:8d:de:ec:1c:c4:53:97:d8:b9:af:
                    85:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:6E:85:A7:90:11:68:0D:5E:5F:7F:49:AC:67:29:AF:BF:B3:21:6B
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/BG6Fp5ARaA1eX39JrGcpr7-zIWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:b2:68:1b:b1:84:ec:07:8b:23:e3:4b:3e:2e:4e:51:6d:10:
         73:4a:06:3e:bd:25:f5:bd:72:5f:a9:05:56:76:9d:7f:14:fc:
         58:9d:b6:96:c9:45:64:e6:80:47:fb:6d:12:d9:5c:3c:af:88:
         c0:34:4d:27:cd:21:ea:86:b4:01:c4:7d:77:d1:09:68:19:06:
         39:d8:77:0f:12:fa:27:ca:a2:e0:92:a4:a4:13:75:6e:52:e5:
         b3:7e:68:6d:19:7d:d3:c2:13:9d:e8:f2:f7:43:1a:12:85:2e:
         52:29:13:c6:f8:2a:00:8c:92:2a:43:70:e4:f2:ec:0f:05:55:
         3d:7a:bd:f3:9b:32:8c:a9:bc:4f:c2:5e:23:95:6a:3a:20:f5:
         90:c8:c7:84:41:b0:e9:42:f0:24:bd:be:93:cb:9a:13:48:44:
         40:aa:fe:37:7f:03:42:14:26:fa:97:01:d6:43:a9:de:d1:cc:
         56:b4:41:5c:df:56:42:fd:47:42:69:2d:5b:4c:06:29:67:da:
         96:4a:ae:4b:fb:72:af:d9:4d:9e:48:a0:48:ee:b0:f2:95:c6:
         a6:fd:2c:95:e6:d0:27:a8:8c:e4:f7:66:b1:ff:38:f8:cb:eb:
         33:f8:06:0d:1c:ae:ec:ff:b4:e7:ea:cb:f4:a8:dd:7f:7f:13:
         76:d7:a4:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZr9ZuLoSNXfjjjfv5z20USqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjUxMjA4MDk1OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDZlODVhNzkwMTE2ODBkNWU1ZjdmNDlhYzY3MjlhZmJmYjMyMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNdVLmGgd7tWbR3gqet2HLEym07u
fj5KFDbI/ZYsXmnSj52UF0+7DNAUYDW7oIardOrIUfJlFxmNL6DytTZ86hl9bLLa
mdnIMJgEoiuGwBXqGKabciHKy0DxCwgaPGSIT24nudvdKqtCfOPNq8mFrFCn+jVw
yUPjubMeFsDNJKRzGtYxi0u0X96dY6EubsDsmX8HEH8hpkCFHB4eiO6FcTZZdt64
vCkVm6M/W+JcXVFDDLITnI7OPGqBumMZ/22tgGab5ouahbAtgXNgOVWjYSVG4vOT
NUQu5KpuxcmeQ1fg33P79fHvMtNqNAa/0qcwAyTRhY3e7BzEU5fYua+F+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARuhaeQEWgNXl9/SaxnKa+/syFrMB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEvQkc2RnA1QVJhQTFlWDM5SnJHY3ByNy16SVdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZN+MA0G
CSqGSIb3DQEBCwUAA4IBAQA/smgbsYTsB4sj40s+Lk5RbRBzSgY+vSX1vXJfqQVW
dp1/FPxYnbaWyUVk5oBH+20S2Vw8r4jANE0nzSHqhrQBxH130QloGQY52HcPEvon
yqLgkqSkE3VuUuWzfmhtGX3TwhOd6PL3QxoShS5SKRPG+CoAjJIqQ3Dk8uwPBVU9
er3zmzKMqbxPwl4jlWo6IPWQyMeEQbDpQvAkvb6Ty5oTSERAqv43fwNCFCb6lwHW
Q6ne0cxWtEFc31ZC/UdCaS1bTAYpZ9qWSq5L+3Kv2U2eSKBI7rDylcam/SyV5tAn
qIzk92ax/zj4y+sz+AYNHK7s/7Tn6sv0qN1/fxN216S+
-----END CERTIFICATE-----