This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/3031cc-a705-42c8-8003-113810a9fcae/1/bzuHav72txau2Blj1JcbQR-3zHA.roa
File:                     bzuHav72txau2Blj1JcbQR-3zHA.roa (raw, json)
Hash identifier:          TCvNISq9G9+8+m7g0vleezt4nSYPh9D8kXCKj2MC7tQ=
Subject key identifier:   6F:3B:87:6A:FE:F6:B7:16:AE:D8:19:63:D4:97:1B:41:1F:B7:CC:70
Certificate issuer:       /CN=a844583953a02bc6a6699de927cf457007f05528
Certificate serial:       019B79EBB5F4A5E5BFE19377B31F83E7D673
Authority key identifier: A8:44:58:39:53:A0:2B:C6:A6:69:9D:E9:27:CF:45:70:07:F0:55:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qERYOVOgK8amaZ3pJ89FcAfwVSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/3031cc-a705-42c8-8003-113810a9fcae/1/bzuHav72txau2Blj1JcbQR-3zHA.roa
Signing time:             Thu 01 Jan 2026 14:17:29 +0000
ROA not before:           Thu 01 Jan 2026 14:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208972
IP address blocks:        217.70.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/3031cc-a705-42c8-8003-113810a9fcae/1/qERYOVOgK8amaZ3pJ89FcAfwVSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/3031cc-a705-42c8-8003-113810a9fcae/1/qERYOVOgK8amaZ3pJ89FcAfwVSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qERYOVOgK8amaZ3pJ89FcAfwVSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:b5:f4:a5:e5:bf:e1:93:77:b3:1f:83:e7:d6:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a844583953a02bc6a6699de927cf457007f05528
        Validity
            Not Before: Jan  1 14:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f3b876afef6b716aed81963d4971b411fb7cc70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d6:e8:ad:84:cb:f3:34:bb:35:2a:af:11:f3:
                    cb:25:62:87:47:5c:a8:13:95:9f:65:ce:c2:53:3c:
                    1b:cc:c7:b8:2c:03:a8:8e:24:3e:b8:97:ec:41:9c:
                    07:f6:4c:e6:6f:d8:cf:54:b4:7e:54:dd:ae:83:ed:
                    e3:f2:8d:c7:84:6a:21:c3:0c:25:8c:66:15:de:7c:
                    a9:2b:8a:89:44:08:34:37:90:ac:95:13:58:d2:27:
                    3a:0f:36:db:e9:68:8b:18:21:8b:f8:66:cc:1a:9a:
                    9e:44:ba:1e:52:19:c7:95:a6:22:2c:a6:89:98:63:
                    b5:2d:f9:a7:17:83:ad:28:de:5a:62:c1:3a:ab:2b:
                    3e:d7:b1:50:96:cc:97:21:cb:ea:fe:de:0a:2f:bf:
                    78:59:8d:fd:90:38:f7:3f:c9:6d:e4:76:13:9a:22:
                    3e:1e:99:77:96:20:ea:c9:d1:b2:89:44:00:8a:1e:
                    9a:db:a6:c2:0d:4b:b9:98:1b:4a:6d:91:05:61:13:
                    71:89:b9:f8:32:b9:8f:48:98:a2:da:a5:eb:a1:e2:
                    f0:00:33:e4:d1:e0:df:84:6d:ea:7b:19:1a:4a:42:
                    9b:22:aa:a1:69:70:b1:cf:8f:c0:d8:d9:3c:20:99:
                    10:30:e3:4d:1e:c1:fb:50:ba:7f:94:04:eb:1f:e4:
                    4b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:3B:87:6A:FE:F6:B7:16:AE:D8:19:63:D4:97:1B:41:1F:B7:CC:70
            X509v3 Authority Key Identifier:
                keyid:A8:44:58:39:53:A0:2B:C6:A6:69:9D:E9:27:CF:45:70:07:F0:55:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qERYOVOgK8amaZ3pJ89FcAfwVSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/3031cc-a705-42c8-8003-113810a9fcae/1/bzuHav72txau2Blj1JcbQR-3zHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/3031cc-a705-42c8-8003-113810a9fcae/1/qERYOVOgK8amaZ3pJ89FcAfwVSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.70.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:20:58:12:51:e9:7b:51:ad:e2:db:d4:4a:62:d0:f3:5e:d5:
         13:89:29:23:8a:31:8e:c9:40:42:9b:22:2f:ac:70:47:f9:b1:
         ca:68:8f:41:68:73:f0:0a:0c:97:68:8b:10:4a:64:b3:2d:17:
         b8:4d:43:82:7f:06:a4:90:94:fa:3e:4d:69:d0:98:66:f5:dc:
         85:6c:f1:0e:a3:04:5f:c2:ea:82:9e:36:d2:af:f8:5a:10:f9:
         b7:fd:9b:e2:79:28:28:f9:3f:be:2d:6e:2b:70:ad:d7:2f:47:
         13:b1:2f:f7:39:1e:d7:35:b8:63:f0:11:b9:84:6e:96:fe:66:
         ae:5d:05:26:e3:dc:de:6d:4e:21:48:3c:16:07:fb:55:79:c4:
         6f:38:5f:80:51:b6:83:21:ed:36:f8:ed:08:cf:9d:b0:b4:4c:
         24:aa:9b:96:aa:40:9a:66:fc:02:18:ca:a7:9c:a4:c2:73:d5:
         b1:d8:a4:d3:bf:5e:b3:45:00:55:85:de:52:b0:57:98:7e:34:
         bc:a0:b1:83:bf:0e:7b:95:27:70:ab:1b:ae:24:32:f8:d9:2c:
         ce:db:ec:0c:4e:97:69:cb:07:cd:28:5a:90:a3:7e:a7:1f:ec:
         72:09:2b:3f:96:72:46:06:4c:a4:f8:e5:d9:28:6b:42:ac:e2:
         2f:6c:c5:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt567X0peW/4ZN3sx+D59ZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDQ1ODM5NTNhMDJiYzZhNjY5OWRlOTI3Y2Y0NTcwMDdm
MDU1MjgwHhcNMjYwMTAxMTQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjNiODc2YWZlZjZiNzE2YWVkODE5NjNkNDk3MWI0MTFmYjdjYzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndborYTL8zS7NSqvEfPLJWKHR1yo
E5WfZc7CUzwbzMe4LAOojiQ+uJfsQZwH9kzmb9jPVLR+VN2ug+3j8o3HhGohwwwl
jGYV3nypK4qJRAg0N5CslRNY0ic6Dzbb6WiLGCGL+GbMGpqeRLoeUhnHlaYiLKaJ
mGO1LfmnF4OtKN5aYsE6qys+17FQlsyXIcvq/t4KL794WY39kDj3P8lt5HYTmiI+
Hpl3liDqydGyiUQAih6a26bCDUu5mBtKbZEFYRNxibn4MrmPSJii2qXroeLwADPk
0eDfhG3qexkaSkKbIqqhaXCxz4/A2Nk8IJkQMONNHsH7ULp/lATrH+RLrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG87h2r+9rcWrtgZY9SXG0Eft8xwMB8GA1UdIwQY
MBaAFKhEWDlToCvGpmmd6SfPRXAH8FUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVSWU9WT2dLOGFtYVozcEo4OUZjQWZ3VlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8zMDMxY2MtYTcwNS00MmM4LTgwMDMt
MTEzODEwYTlmY2FlLzEvYnp1SGF2NzJ0eGF1MkJsajFKY2JRUi0zekhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8zMDMxY2MtYTcwNS00MmM4LTgwMDMtMTEzODEwYTlmY2Fl
LzEvcUVSWU9WT2dLOGFtYVozcEo4OUZjQWZ3VlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UYMMA0G
CSqGSIb3DQEBCwUAA4IBAQAVIFgSUel7Ua3i29RKYtDzXtUTiSkjijGOyUBCmyIv
rHBH+bHKaI9BaHPwCgyXaIsQSmSzLRe4TUOCfwakkJT6Pk1p0Jhm9dyFbPEOowRf
wuqCnjbSr/haEPm3/ZvieSgo+T++LW4rcK3XL0cTsS/3OR7XNbhj8BG5hG6W/mau
XQUm49zebU4hSDwWB/tVecRvOF+AUbaDIe02+O0Iz52wtEwkqpuWqkCaZvwCGMqn
nKTCc9Wx2KTTv16zRQBVhd5SsFeYfjS8oLGDvw57lSdwqxuuJDL42SzO2+wMTpdp
ywfNKFqQo36nH+xyCSs/lnJGBkyk+OXZKGtCrOIvbMX8
-----END CERTIFICATE-----