This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8f8e84-ff35-49be-8fa2-b6b7481bec9e/1/BBnqz5PLnc70z9FSlT2QAxBx39w.roa
File:                     BBnqz5PLnc70z9FSlT2QAxBx39w.roa (raw, json)
Hash identifier:          JhXejmhrfNsZN3gNHBNgoJlEzQDItwOGR9bEap0U8kY=
Subject key identifier:   04:19:EA:CF:93:CB:9D:CE:F4:CF:D1:52:95:3D:90:03:10:71:DF:DC
Certificate issuer:       /CN=e23f8f5c52425df62b4445433aacfd8ca5bf2e9d
Certificate serial:       019B77591D9A922A5C55F8A982131C4D9420
Authority key identifier: E2:3F:8F:5C:52:42:5D:F6:2B:44:45:43:3A:AC:FD:8C:A5:BF:2E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4j-PXFJCXfYrREVDOqz9jKW_Lp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8f8e84-ff35-49be-8fa2-b6b7481bec9e/1/BBnqz5PLnc70z9FSlT2QAxBx39w.roa
Signing time:             Thu 01 Jan 2026 02:18:07 +0000
ROA not before:           Thu 01 Jan 2026 02:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215514
IP address blocks:        2001:67c:de4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/8f8e84-ff35-49be-8fa2-b6b7481bec9e/1/4j-PXFJCXfYrREVDOqz9jKW_Lp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/8f8e84-ff35-49be-8fa2-b6b7481bec9e/1/4j-PXFJCXfYrREVDOqz9jKW_Lp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4j-PXFJCXfYrREVDOqz9jKW_Lp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:1d:9a:92:2a:5c:55:f8:a9:82:13:1c:4d:94:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e23f8f5c52425df62b4445433aacfd8ca5bf2e9d
        Validity
            Not Before: Jan  1 02:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0419eacf93cb9dcef4cfd152953d90031071dfdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fa:92:2a:dc:b0:7d:ab:82:57:6d:29:9c:8d:
                    4f:d6:20:69:b6:45:3d:3d:1f:9a:fb:d4:1d:5f:6c:
                    d3:65:e9:b3:ce:19:b6:a2:1f:72:ab:66:e7:91:2a:
                    2a:15:d4:41:d1:c6:c6:a8:45:f9:8e:dd:6e:51:52:
                    f4:38:48:eb:cd:c6:75:9f:4e:df:d3:ef:82:d5:45:
                    1a:63:3f:cd:f6:22:13:b6:06:17:24:1a:f5:4e:c8:
                    aa:e4:9b:90:ed:96:85:66:1c:8e:49:b3:a2:72:10:
                    99:0f:9d:8b:5e:c1:67:58:f9:41:51:63:b3:04:75:
                    15:50:54:83:8a:76:85:d2:a2:a4:8e:62:78:9b:51:
                    93:55:69:9d:26:f6:87:6b:8a:a2:e9:66:1b:91:76:
                    2b:2b:94:05:08:3f:4e:6b:e2:70:d7:1f:77:da:b7:
                    8e:26:27:05:fa:d0:7b:a0:a2:93:80:5c:b5:d1:55:
                    e2:52:10:9f:d1:89:f8:a3:ad:8e:83:35:00:b8:35:
                    0f:70:db:7a:3d:3c:5e:90:71:04:53:44:2a:d5:a9:
                    d8:d9:05:1e:a4:50:99:63:2b:7b:61:41:18:e3:e8:
                    a1:55:66:30:33:52:e1:88:06:a8:19:6e:70:e4:58:
                    9b:92:c1:61:64:0b:82:21:9e:92:b3:52:6d:14:78:
                    31:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:19:EA:CF:93:CB:9D:CE:F4:CF:D1:52:95:3D:90:03:10:71:DF:DC
            X509v3 Authority Key Identifier:
                keyid:E2:3F:8F:5C:52:42:5D:F6:2B:44:45:43:3A:AC:FD:8C:A5:BF:2E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4j-PXFJCXfYrREVDOqz9jKW_Lp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8f8e84-ff35-49be-8fa2-b6b7481bec9e/1/BBnqz5PLnc70z9FSlT2QAxBx39w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8f8e84-ff35-49be-8fa2-b6b7481bec9e/1/4j-PXFJCXfYrREVDOqz9jKW_Lp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:de4::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:f3:f5:fe:03:c3:91:e4:93:d9:06:a4:ac:5e:92:3b:13:37:
         81:4e:21:74:47:d3:73:62:06:2d:85:3c:12:21:81:29:90:35:
         7f:dd:2d:85:bd:98:05:4a:b7:1b:ff:db:4f:e3:39:95:07:4c:
         19:a4:b6:a9:8a:de:7e:81:db:c4:76:d1:ec:16:f7:4b:ef:7b:
         d8:3e:15:4c:88:36:02:22:9c:eb:ab:2d:05:b6:0b:18:9d:ce:
         16:5f:00:ac:eb:bb:4b:7e:23:72:2d:d9:a7:30:6d:28:60:a1:
         8b:c7:9a:2c:6a:d2:f8:ce:b4:fc:9e:5e:c7:69:0d:25:bf:bc:
         06:e2:61:ea:f9:c7:22:0a:41:0b:b6:f0:ba:76:26:e5:d8:e3:
         81:e2:d1:e8:dd:64:f4:f2:18:3a:9e:2d:73:85:b7:43:3f:d0:
         df:a4:3b:0b:c8:bc:98:0c:aa:c0:20:58:a5:fc:83:10:7a:36:
         b7:85:9d:ee:6f:b8:2f:15:ab:90:c5:6a:1a:31:4b:3c:1e:13:
         af:9b:c1:ea:34:d6:81:c7:99:0e:bc:7d:fc:e1:89:7b:68:d9:
         ed:7a:e9:84:ec:26:3e:cd:80:d5:f5:a8:15:9d:a5:b2:c8:d3:
         c0:98:9f:24:02:ba:bb:9d:b9:5d:40:cc:ca:a3:48:9c:64:1e:
         db:19:ab:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WR2akipcVfipghMcTZQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyM2Y4ZjVjNTI0MjVkZjYyYjQ0NDU0MzNhYWNmZDhjYTVi
ZjJlOWQwHhcNMjYwMTAxMDIxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDE5ZWFjZjkzY2I5ZGNlZjRjZmQxNTI5NTNkOTAwMzEwNzFkZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfqSKtywfauCV20pnI1P1iBptkU9
PR+a+9QdX2zTZemzzhm2oh9yq2bnkSoqFdRB0cbGqEX5jt1uUVL0OEjrzcZ1n07f
0++C1UUaYz/N9iITtgYXJBr1Tsiq5JuQ7ZaFZhyOSbOichCZD52LXsFnWPlBUWOz
BHUVUFSDinaF0qKkjmJ4m1GTVWmdJvaHa4qi6WYbkXYrK5QFCD9Oa+Jw1x932reO
JicF+tB7oKKTgFy10VXiUhCf0Yn4o62OgzUAuDUPcNt6PTxekHEEU0Qq1anY2QUe
pFCZYyt7YUEY4+ihVWYwM1LhiAaoGW5w5FibksFhZAuCIZ6Ss1JtFHgxhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAQZ6s+Ty53O9M/RUpU9kAMQcd/cMB8GA1UdIwQY
MBaAFOI/j1xSQl32K0RFQzqs/Yylvy6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGotUFhGSkNYZllyUkVWRE9xejlqS1dfTHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84ZjhlODQtZmYzNS00OWJlLThmYTIt
YjZiNzQ4MWJlYzllLzEvQkJucXo1UExuYzcwejlGU2xUMlFBeEJ4Mzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84ZjhlODQtZmYzNS00OWJlLThmYTItYjZiNzQ4MWJlYzll
LzEvNGotUFhGSkNYZllyUkVWRE9xejlqS1dfTHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3k
MA0GCSqGSIb3DQEBCwUAA4IBAQAo8/X+A8OR5JPZBqSsXpI7EzeBTiF0R9NzYgYt
hTwSIYEpkDV/3S2FvZgFSrcb/9tP4zmVB0wZpLapit5+gdvEdtHsFvdL73vYPhVM
iDYCIpzrqy0FtgsYnc4WXwCs67tLfiNyLdmnMG0oYKGLx5osatL4zrT8nl7HaQ0l
v7wG4mHq+cciCkELtvC6dibl2OOB4tHo3WT08hg6ni1zhbdDP9DfpDsLyLyYDKrA
IFil/IMQeja3hZ3ub7gvFauQxWoaMUs8HhOvm8HqNNaBx5kOvH384Yl7aNnteumE
7CY+zYDV9agVnaWyyNPAmJ8kArq7nbldQMzKo0icZB7bGau0
-----END CERTIFICATE-----