This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/BfJnrLEnL98XNsJzTgaLMLePYBM.roa
File:                     BfJnrLEnL98XNsJzTgaLMLePYBM.roa (raw, json)
Hash identifier:          IfJYAAE+k+2AREMYBR3fX7Q4H0VbZm7wobJ2dutpdGE=
Subject key identifier:   05:F2:67:AC:B1:27:2F:DF:17:36:C2:73:4E:06:8B:30:B7:8F:60:13
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019B7C133B62E9A72DB7D0084E8EF524FA30
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/BfJnrLEnL98XNsJzTgaLMLePYBM.roa
Signing time:             Fri 02 Jan 2026 00:19:53 +0000
ROA not before:           Fri 02 Jan 2026 00:19:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201671
IP address blocks:        185.78.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 13:16:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:3b:62:e9:a7:2d:b7:d0:08:4e:8e:f5:24:fa:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 00:19:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05f267acb1272fdf1736c2734e068b30b78f6013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e4:ec:12:6d:4e:69:fb:41:95:3b:55:f9:9a:
                    9a:4f:78:a1:fd:af:8d:ca:8e:0a:7f:18:be:5d:6e:
                    ac:5e:bc:d8:49:22:4f:6b:bb:d2:92:d9:0a:a3:28:
                    6c:16:42:36:eb:c3:73:aa:84:bb:53:c7:ae:a8:d4:
                    09:85:b6:1e:f6:8e:9d:b5:e2:04:1d:d0:83:f3:0b:
                    f6:32:bf:e0:60:c6:17:07:5f:6c:99:33:0f:68:32:
                    82:a4:1c:3c:57:9f:7e:b6:53:63:3f:b0:02:e2:d4:
                    df:fb:e3:12:01:58:9d:43:d4:50:cf:b7:41:02:55:
                    9a:bc:64:98:eb:5e:89:1f:9d:2a:f8:22:7a:77:02:
                    13:4c:70:32:d9:1f:9f:53:fc:e7:78:d9:d8:8b:cd:
                    7d:c4:59:eb:3b:65:42:23:74:35:04:7a:af:7d:0f:
                    d8:37:25:d8:d8:f0:1d:78:20:84:63:11:f2:98:bc:
                    b7:8d:bc:19:8c:8a:33:c8:cb:7d:e2:e7:35:34:00:
                    f1:85:1b:c9:79:31:b4:c2:9b:65:29:e8:a1:1c:0b:
                    22:38:75:b6:da:b3:22:9d:4c:b2:90:ca:09:eb:82:
                    b9:f6:e9:3c:b6:bc:6b:89:50:87:08:72:70:ab:62:
                    a4:66:26:ef:cf:84:73:c1:5e:10:e2:d4:46:ea:00:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F2:67:AC:B1:27:2F:DF:17:36:C2:73:4E:06:8B:30:B7:8F:60:13
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/BfJnrLEnL98XNsJzTgaLMLePYBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:cb:d4:59:0e:35:9a:84:f4:7a:53:14:59:dc:25:2e:91:80:
         54:35:38:64:b9:be:27:1c:2f:b6:3a:59:21:07:d2:84:04:27:
         e9:1f:93:69:7a:90:1e:c2:f1:71:4b:d3:bc:f6:d7:3b:a7:c7:
         83:45:33:75:c9:5d:3b:2c:29:ca:b5:d1:23:18:16:ac:70:7f:
         bf:d4:f4:09:37:e2:b2:f6:b7:e6:ed:66:b0:95:e0:2e:29:fe:
         f4:39:33:4b:51:ee:76:38:5b:48:71:ec:81:93:3e:4d:9e:b7:
         0f:d3:0a:0c:11:c1:60:cd:68:7b:17:8d:b1:45:a8:3a:74:3d:
         43:dc:b0:ea:50:7a:cd:ae:75:97:ca:80:23:5a:ab:30:9c:3f:
         4a:47:ec:bb:8c:56:7d:62:41:23:df:19:44:48:63:3e:ae:09:
         c0:04:ac:cf:c9:29:4d:5b:0d:42:0f:cf:1f:cb:35:94:23:1e:
         dc:4a:de:67:9d:0e:dd:ae:97:ad:c1:4e:7e:7c:7b:ec:e9:ec:
         0f:da:33:f9:25:fc:86:8e:2d:eb:ae:2f:7f:5c:77:6b:5e:5e:
         96:44:f9:48:64:07:68:7c:9a:04:08:be:6d:d7:c4:c1:6d:c4:
         36:49:14:de:b7:09:ac:27:5e:70:cd:04:91:c7:0b:65:f1:1d:
         59:1c:0c:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ezti6actt9AITo71JPowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjYwMTAyMDAxOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWYyNjdhY2IxMjcyZmRmMTczNmMyNzM0ZTA2OGIzMGI3OGY2MDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuTsEm1OaftBlTtV+ZqaT3ih/a+N
yo4Kfxi+XW6sXrzYSSJPa7vSktkKoyhsFkI268NzqoS7U8euqNQJhbYe9o6dteIE
HdCD8wv2Mr/gYMYXB19smTMPaDKCpBw8V59+tlNjP7AC4tTf++MSAVidQ9RQz7dB
AlWavGSY616JH50q+CJ6dwITTHAy2R+fU/zneNnYi819xFnrO2VCI3Q1BHqvfQ/Y
NyXY2PAdeCCEYxHymLy3jbwZjIozyMt94uc1NADxhRvJeTG0wptlKeihHAsiOHW2
2rMinUyykMoJ64K59uk8trxriVCHCHJwq2KkZibvz4RzwV4Q4tRG6gDoLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXyZ6yxJy/fFzbCc04GizC3j2ATMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvQmZKbnJMRW5MOThYTnNKelRnYUxNTGVQWUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU5MMA0G
CSqGSIb3DQEBCwUAA4IBAQCpy9RZDjWahPR6UxRZ3CUukYBUNThkub4nHC+2Olkh
B9KEBCfpH5NpepAewvFxS9O89tc7p8eDRTN1yV07LCnKtdEjGBascH+/1PQJN+Ky
9rfm7WawleAuKf70OTNLUe52OFtIceyBkz5NnrcP0woMEcFgzWh7F42xRag6dD1D
3LDqUHrNrnWXyoAjWqswnD9KR+y7jFZ9YkEj3xlESGM+rgnABKzPySlNWw1CD88f
yzWUIx7cSt5nnQ7drpetwU5+fHvs6ewP2jP5JfyGji3rri9/XHdrXl6WRPlIZAdo
fJoECL5t18TBbcQ2SRTetwmsJ15wzQSRxwtl8R1ZHAxM
-----END CERTIFICATE-----