This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/BcVQyrwrHYullQZhoBE1L5P8lQE.roa
File:                     BcVQyrwrHYullQZhoBE1L5P8lQE.roa (raw, json)
Hash identifier:          29V5LoBGnauLvwgtP04iC++YohVScFoggyXh/yIZelc=
Subject key identifier:   05:C5:50:CA:BC:2B:1D:8B:A5:95:06:61:A0:11:35:2F:93:FC:95:01
Certificate issuer:       /CN=a90df95202404db1f2e40ec3de7eec38dd6a9fee
Certificate serial:       019B79EC902D64781390285BE81D87DF4444
Authority key identifier: A9:0D:F9:52:02:40:4D:B1:F2:E4:0E:C3:DE:7E:EC:38:DD:6A:9F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qQ35UgJATbHy5A7D3n7sON1qn-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/BcVQyrwrHYullQZhoBE1L5P8lQE.roa
Signing time:             Thu 01 Jan 2026 14:18:24 +0000
ROA not before:           Thu 01 Jan 2026 14:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214015
IP address blocks:        185.131.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/qQ35UgJATbHy5A7D3n7sON1qn-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/qQ35UgJATbHy5A7D3n7sON1qn-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qQ35UgJATbHy5A7D3n7sON1qn-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:90:2d:64:78:13:90:28:5b:e8:1d:87:df:44:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a90df95202404db1f2e40ec3de7eec38dd6a9fee
        Validity
            Not Before: Jan  1 14:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05c550cabc2b1d8ba5950661a011352f93fc9501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:41:a9:25:54:20:95:a2:91:55:21:7b:5a:6f:
                    30:35:70:ac:b5:35:46:c5:b2:d2:d9:2b:75:1b:41:
                    d1:b3:2f:17:41:b8:e3:56:b9:a0:e2:1f:ee:82:03:
                    27:05:80:ae:d3:de:fc:12:ff:9e:be:0e:25:e5:fe:
                    0f:18:e0:d2:66:af:b8:8e:cd:3d:88:62:74:85:21:
                    7d:67:40:e7:f5:70:9c:48:6b:65:3d:ac:b7:eb:b7:
                    d4:b4:01:c6:d6:ed:fb:e0:47:e9:92:f9:4b:48:8d:
                    51:c7:f6:90:37:0a:c6:eb:84:29:26:44:b7:76:18:
                    0e:24:5e:af:58:f0:90:0b:f9:3d:44:a7:09:bd:9c:
                    b9:48:9b:0d:a7:04:21:0b:9d:34:44:a6:15:96:f6:
                    9c:53:06:9a:d9:22:75:b0:79:e2:66:b8:8e:9e:8a:
                    1b:09:c2:70:28:ea:4b:1e:88:fe:dc:a5:cc:6a:40:
                    19:ee:4c:41:e9:da:48:57:21:d2:82:66:2c:bc:ca:
                    d9:5e:29:e6:9a:74:c1:89:57:60:81:33:50:4e:2e:
                    06:bf:50:1b:02:62:5f:d1:7e:05:e3:fe:a5:88:95:
                    fb:12:23:fe:22:bb:39:b9:79:b0:3b:af:f7:2d:96:
                    1d:17:c9:83:ba:d4:1f:c7:7f:1a:d2:ca:d4:92:a2:
                    eb:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C5:50:CA:BC:2B:1D:8B:A5:95:06:61:A0:11:35:2F:93:FC:95:01
            X509v3 Authority Key Identifier:
                keyid:A9:0D:F9:52:02:40:4D:B1:F2:E4:0E:C3:DE:7E:EC:38:DD:6A:9F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQ35UgJATbHy5A7D3n7sON1qn-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/BcVQyrwrHYullQZhoBE1L5P8lQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d8e320-a555-401a-80ff-bf731fe99d3a/1/qQ35UgJATbHy5A7D3n7sON1qn-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:93:e6:5f:84:fe:1a:21:89:01:fd:b4:3b:ad:b3:4c:f0:c6:
         d6:21:03:0e:ea:55:fe:c8:d0:94:54:8f:d5:6d:99:2f:d5:11:
         19:59:58:d2:5f:36:4e:60:e1:a7:97:40:09:22:bf:be:a7:d1:
         9f:ea:aa:0c:84:86:81:bd:e2:90:ef:9b:9d:c2:c0:17:cb:f1:
         c5:bf:99:fd:ab:58:22:34:66:dd:80:7b:b5:a6:2d:6c:f6:bb:
         fe:cc:af:2d:04:ac:b4:45:75:6d:81:3c:38:39:5f:e1:3b:fa:
         c8:a9:81:75:0e:ba:e4:26:4c:36:44:60:fb:94:b4:89:f9:bb:
         85:b3:d4:a3:00:b5:0b:39:57:30:36:9b:00:7a:7a:ec:a3:29:
         04:f6:bb:19:55:30:ca:5f:c8:3b:f8:6d:8f:7e:55:df:5d:d8:
         09:6b:da:16:1b:bb:1a:d0:2a:a7:cd:c5:0a:ec:f7:e9:fc:0c:
         55:4f:a7:ff:8f:af:d8:42:bf:b0:e8:ef:45:74:30:66:ec:6c:
         72:01:ce:30:2b:dc:10:0a:46:95:f7:63:c7:1c:96:c7:98:b4:
         25:9d:25:c6:ce:d6:c5:92:8b:34:97:bf:3d:f5:8b:51:12:b3:
         83:21:73:64:3b:84:26:be:41:df:3d:c3:43:50:10:1e:0e:ec:
         9c:9e:99:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57JAtZHgTkChb6B2H30REMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MGRmOTUyMDI0MDRkYjFmMmU0MGVjM2RlN2VlYzM4ZGQ2
YTlmZWUwHhcNMjYwMTAxMTQxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWM1NTBjYWJjMmIxZDhiYTU5NTA2NjFhMDExMzUyZjkzZmM5NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0GpJVQglaKRVSF7Wm8wNXCstTVG
xbLS2St1G0HRsy8XQbjjVrmg4h/uggMnBYCu0978Ev+evg4l5f4PGODSZq+4js09
iGJ0hSF9Z0Dn9XCcSGtlPay367fUtAHG1u374EfpkvlLSI1Rx/aQNwrG64QpJkS3
dhgOJF6vWPCQC/k9RKcJvZy5SJsNpwQhC500RKYVlvacUwaa2SJ1sHniZriOnoob
CcJwKOpLHoj+3KXMakAZ7kxB6dpIVyHSgmYsvMrZXinmmnTBiVdggTNQTi4Gv1Ab
AmJf0X4F4/6liJX7EiP+Irs5uXmwO6/3LZYdF8mDutQfx38a0srUkqLrdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXFUMq8Kx2LpZUGYaARNS+T/JUBMB8GA1UdIwQY
MBaAFKkN+VICQE2x8uQOw95+7Djdap/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVEzNVVnSkFUYkh5NUE3RDNuN3NPTjFxbi00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kOGUzMjAtYTU1NS00MDFhLTgwZmYt
YmY3MzFmZTk5ZDNhLzEvQmNWUXlyd3JIWXVsbFFaaG9CRTFMNVA4bFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kOGUzMjAtYTU1NS00MDFhLTgwZmYtYmY3MzFmZTk5ZDNh
LzEvcVEzNVVnSkFUYkh5NUE3RDNuN3NPTjFxbi00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYPLMA0G
CSqGSIb3DQEBCwUAA4IBAQBak+ZfhP4aIYkB/bQ7rbNM8MbWIQMO6lX+yNCUVI/V
bZkv1REZWVjSXzZOYOGnl0AJIr++p9Gf6qoMhIaBveKQ75udwsAXy/HFv5n9q1gi
NGbdgHu1pi1s9rv+zK8tBKy0RXVtgTw4OV/hO/rIqYF1DrrkJkw2RGD7lLSJ+buF
s9SjALULOVcwNpsAenrsoykE9rsZVTDKX8g7+G2PflXfXdgJa9oWG7sa0CqnzcUK
7Pfp/AxVT6f/j6/YQr+w6O9FdDBm7GxyAc4wK9wQCkaV92PHHJbHmLQlnSXGztbF
kos0l7899YtRErODIXNkO4QmvkHfPcNDUBAeDuycnpk1
-----END CERTIFICATE-----