This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/BgsKeB31VXHMATBr99GvZxAD6LE.roa
File:                     BgsKeB31VXHMATBr99GvZxAD6LE.roa (raw, json)
Hash identifier:          JiKvS9bV+6H9nQ9YSMIo96/vZsQgIkUF+T9itNOZVio=
Subject key identifier:   06:0B:0A:78:1D:F5:55:71:CC:01:30:6B:F7:D1:AF:67:10:03:E8:B1
Certificate issuer:       /CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
Certificate serial:       019B77C6E505A567AFA04C5ED537C848B9A2
Authority key identifier: BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/BgsKeB31VXHMATBr99GvZxAD6LE.roa
Signing time:             Thu 01 Jan 2026 04:18:01 +0000
ROA not before:           Thu 01 Jan 2026 04:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5488
IP address blocks:        185.2.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:e5:05:a5:67:af:a0:4c:5e:d5:37:c8:48:b9:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
        Validity
            Not Before: Jan  1 04:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=060b0a781df55571cc01306bf7d1af671003e8b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:7e:48:64:3b:ce:00:7d:c0:08:83:ac:82:d8:
                    79:6d:6b:8b:fd:fb:40:fa:00:03:ab:6d:e3:f5:c4:
                    06:c2:ad:05:94:54:91:61:00:35:59:4f:a9:28:a4:
                    d8:3e:90:89:85:ff:72:3e:31:9e:c2:fb:b7:44:cc:
                    21:c0:cc:02:68:68:49:2a:a9:a3:85:56:38:1b:13:
                    fb:43:d0:57:a2:9c:2a:cd:da:72:3c:4e:f5:94:16:
                    27:8d:78:4b:bc:85:87:3a:0e:ba:b7:ed:40:55:17:
                    f4:b3:56:cb:f3:36:0e:b2:8d:fe:74:3c:45:fa:ac:
                    a7:c4:79:b9:af:71:a6:92:34:c8:dd:35:82:78:76:
                    a2:f7:41:6d:fd:84:f3:15:c3:00:d6:6c:29:4c:5b:
                    3d:55:e9:42:61:5b:33:7a:8b:ce:6b:e0:e1:48:67:
                    21:28:58:fc:32:41:1d:aa:b5:f4:1b:63:25:d9:71:
                    08:5d:b7:03:c7:dd:1a:32:05:ab:e5:7e:e0:47:c7:
                    14:86:a7:48:9b:7a:bd:a9:a8:45:9c:4d:74:ba:6f:
                    d7:6f:0c:78:46:e9:0b:37:9f:0e:54:f6:46:17:b0:
                    a5:2b:92:73:03:27:9d:c3:4a:80:3f:ac:63:91:1f:
                    bb:67:97:4d:59:0f:dd:dc:3d:d4:b7:e9:7e:e6:36:
                    f1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0B:0A:78:1D:F5:55:71:CC:01:30:6B:F7:D1:AF:67:10:03:E8:B1
            X509v3 Authority Key Identifier:
                keyid:BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/BgsKeB31VXHMATBr99GvZxAD6LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:52:7a:14:41:27:36:51:89:5b:47:93:18:14:18:aa:80:1a:
         bd:d2:bd:4d:73:5b:03:1a:48:0b:20:87:09:a8:93:36:cb:97:
         01:b3:69:00:01:47:72:67:74:39:e5:cf:d5:03:e0:e2:3b:ef:
         99:5d:ff:a9:91:b5:4e:f3:09:2c:5d:d5:e2:46:25:af:38:a2:
         01:da:4d:1d:74:7b:b8:90:df:f9:34:fb:20:56:65:84:2c:6d:
         86:24:de:6d:ad:1c:5a:c6:74:3a:52:30:5e:d8:c7:39:d4:90:
         00:b3:da:0b:1c:7f:6a:18:bd:71:3c:a3:52:b8:87:95:d3:40:
         25:b7:29:e6:ed:76:78:63:8b:9b:aa:82:9c:99:13:20:85:91:
         20:59:0b:e7:d5:91:16:0f:6c:e6:8b:a9:6c:84:aa:cb:30:c1:
         23:de:6a:7c:d3:de:4b:dc:b5:6e:eb:f0:12:e1:c9:61:ba:25:
         f3:65:45:c8:0c:14:bb:19:7d:29:5b:86:49:ba:23:fb:d2:cb:
         d4:02:4a:c1:0d:bc:ba:21:fd:82:a0:fc:b0:b1:8f:4e:d0:1b:
         2c:2a:8e:51:fa:88:23:69:a3:f4:62:54:97:65:06:31:6d:69:
         0d:96:7e:7d:08:96:42:18:dc:5f:6b:1e:21:15:72:cc:45:80:
         12:56:22:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xuUFpWevoExe1TfISLmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmEzYWY4MzlhYTFkY2U3NThmNDg5ZTJkMzFhZTIyMDky
ZmM5OWEwHhcNMjYwMTAxMDQxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjBiMGE3ODFkZjU1NTcxY2MwMTMwNmJmN2QxYWY2NzEwMDNlOGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjX5IZDvOAH3ACIOsgth5bWuL/ftA
+gADq23j9cQGwq0FlFSRYQA1WU+pKKTYPpCJhf9yPjGewvu3RMwhwMwCaGhJKqmj
hVY4GxP7Q9BXopwqzdpyPE71lBYnjXhLvIWHOg66t+1AVRf0s1bL8zYOso3+dDxF
+qynxHm5r3GmkjTI3TWCeHai90Ft/YTzFcMA1mwpTFs9VelCYVszeovOa+DhSGch
KFj8MkEdqrX0G2Ml2XEIXbcDx90aMgWr5X7gR8cUhqdIm3q9qahFnE10um/Xbwx4
RukLN58OVPZGF7ClK5JzAyedw0qAP6xjkR+7Z5dNWQ/d3D3Ut+l+5jbxQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYLCngd9VVxzAEwa/fRr2cQA+ixMB8GA1UdIwQY
MBaAFL36Ovg5qh3OdY9Ini0xriIJL8maMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMt
YWU3NzQ2ZjA5NjMwLzEvQmdzS2VCMzFWWEhNQVRCcjk5R3ZaeEFENkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMtYWU3NzQ2ZjA5NjMw
LzEvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQJcMA0G
CSqGSIb3DQEBCwUAA4IBAQCZUnoUQSc2UYlbR5MYFBiqgBq90r1Nc1sDGkgLIIcJ
qJM2y5cBs2kAAUdyZ3Q55c/VA+DiO++ZXf+pkbVO8wksXdXiRiWvOKIB2k0ddHu4
kN/5NPsgVmWELG2GJN5trRxaxnQ6UjBe2Mc51JAAs9oLHH9qGL1xPKNSuIeV00Al
tynm7XZ4Y4ubqoKcmRMghZEgWQvn1ZEWD2zmi6lshKrLMMEj3mp8095L3LVu6/AS
4clhuiXzZUXIDBS7GX0pW4ZJuiP70svUAkrBDby6If2CoPywsY9O0BssKo5R+ogj
aaP0YlSXZQYxbWkNln59CJZCGNxfax4hFXLMRYASViLR
-----END CERTIFICATE-----