This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/bGv-g5_Nq1lLtgwZjdzPyrknk9w.roa
File:                     bGv-g5_Nq1lLtgwZjdzPyrknk9w.roa (raw, json)
Hash identifier:          tFnnk/Nq81EttMG2a3kvMmGtdurbGz3xRmf1Xa0yg94=
Subject key identifier:   6C:6B:FE:83:9F:CD:AB:59:4B:B6:0C:19:8D:DC:CF:CA:B9:27:93:DC
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       019B76EB7FE999CA9243DC39E496453831FC
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/bGv-g5_Nq1lLtgwZjdzPyrknk9w.roa
Signing time:             Thu 01 Jan 2026 00:18:23 +0000
ROA not before:           Thu 01 Jan 2026 00:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34679
IP address blocks:        45.14.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:7f:e9:99:ca:92:43:dc:39:e4:96:45:38:31:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 00:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c6bfe839fcdab594bb60c198ddccfcab92793dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d8:0d:78:83:39:bc:7c:f3:a3:f0:53:3c:27:
                    6e:ff:3b:8c:94:b7:b2:75:18:ae:5e:f7:52:dd:e9:
                    1a:d5:9f:d9:84:06:79:18:12:ae:c4:68:07:77:df:
                    58:a5:34:50:c7:19:0e:cf:d9:0e:ed:0f:1c:2f:68:
                    aa:3a:58:e5:3a:55:26:9a:26:04:96:b5:9c:53:4d:
                    38:18:67:12:e4:23:c6:a5:5b:da:f5:b7:62:92:68:
                    27:f4:88:71:db:03:e1:68:5c:d9:49:6c:57:fc:4a:
                    b2:d5:17:b9:72:38:7a:02:18:f7:53:fc:b1:cc:a7:
                    e9:d5:fe:ad:8b:86:f1:a5:13:a2:7c:6b:1f:81:dd:
                    17:56:e8:83:14:aa:1c:a6:1a:ea:de:46:a8:48:54:
                    ee:0f:c9:55:e9:30:88:5a:76:31:10:11:c5:49:e9:
                    3f:47:89:24:df:4e:87:b6:d7:50:fe:10:b9:a1:b0:
                    86:51:e3:b8:ac:45:b2:0a:6a:4c:fb:1c:f1:e4:40:
                    b1:72:1a:81:46:fd:de:29:ee:7d:f6:9f:f3:d2:c2:
                    3b:7a:92:23:d8:82:13:d6:d9:a5:d0:ca:79:31:32:
                    6b:4a:7e:98:d4:59:87:d1:6f:a8:26:33:01:7c:17:
                    c8:93:32:c0:54:a9:af:77:d0:3c:f3:48:0c:bc:55:
                    3b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:6B:FE:83:9F:CD:AB:59:4B:B6:0C:19:8D:DC:CF:CA:B9:27:93:DC
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/bGv-g5_Nq1lLtgwZjdzPyrknk9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:d7:1e:72:b2:96:26:a2:99:34:47:db:7a:fe:02:98:2a:31:
         98:98:1e:dd:0a:ec:2a:91:f4:ce:6b:59:b8:be:d9:37:84:73:
         59:00:bd:12:23:be:c1:46:0b:56:69:13:10:c3:4f:3d:a0:f9:
         5d:fa:12:a3:1b:2c:3c:b4:a3:68:a6:0e:46:97:39:2c:47:b2:
         df:a1:40:bc:e8:90:9d:d7:51:de:d5:91:64:7d:84:30:94:21:
         1c:60:5d:84:95:60:a6:30:c1:74:44:58:f6:22:eb:b4:a4:a5:
         d8:94:5b:88:27:79:94:a4:c0:35:db:b8:7b:7f:18:97:dc:b4:
         65:5b:36:a2:75:fa:a6:67:fa:db:4c:84:17:e4:bb:ed:23:5f:
         35:1d:7a:a4:c1:49:34:c9:76:7e:ba:6a:4e:f7:c3:20:65:1a:
         45:2c:76:04:5b:0b:d2:1b:3b:38:0d:3d:72:95:ec:60:78:07:
         29:7c:fd:c9:f2:ae:50:21:ae:5f:de:58:b8:ce:15:34:4d:51:
         27:49:b3:fd:63:9e:0d:c2:fd:a2:b7:6b:83:a5:56:55:0c:1e:
         26:49:6a:77:42:da:5d:b6:21:d0:d8:1a:b2:e1:64:a6:7a:7a:
         99:0b:b4:6e:23:90:cf:3c:6f:de:cf:fd:a3:9f:46:4d:76:58:
         fb:89:c7:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt263/pmcqSQ9w55JZFODH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjYwMTAxMDAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzZiZmU4MzlmY2RhYjU5NGJiNjBjMTk4ZGRjY2ZjYWI5Mjc5M2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdgNeIM5vHzzo/BTPCdu/zuMlLey
dRiuXvdS3eka1Z/ZhAZ5GBKuxGgHd99YpTRQxxkOz9kO7Q8cL2iqOljlOlUmmiYE
lrWcU004GGcS5CPGpVva9bdikmgn9Ihx2wPhaFzZSWxX/Eqy1Re5cjh6Ahj3U/yx
zKfp1f6ti4bxpROifGsfgd0XVuiDFKocphrq3kaoSFTuD8lV6TCIWnYxEBHFSek/
R4kk306HttdQ/hC5obCGUeO4rEWyCmpM+xzx5ECxchqBRv3eKe599p/z0sI7epIj
2IIT1tml0Mp5MTJrSn6Y1FmH0W+oJjMBfBfIkzLAVKmvd9A880gMvFU7pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxr/oOfzatZS7YMGY3cz8q5J5PcMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvYkd2LWc1X05xMWxMdGd3WmpkelB5cmtuazl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ7tMA0G
CSqGSIb3DQEBCwUAA4IBAQBv1x5yspYmopk0R9t6/gKYKjGYmB7dCuwqkfTOa1m4
vtk3hHNZAL0SI77BRgtWaRMQw089oPld+hKjGyw8tKNopg5GlzksR7LfoUC86JCd
11He1ZFkfYQwlCEcYF2ElWCmMMF0RFj2Iuu0pKXYlFuIJ3mUpMA127h7fxiX3LRl
WzaidfqmZ/rbTIQX5LvtI181HXqkwUk0yXZ+umpO98MgZRpFLHYEWwvSGzs4DT1y
lexgeAcpfP3J8q5QIa5f3li4zhU0TVEnSbP9Y54Nwv2it2uDpVZVDB4mSWp3Qtpd
tiHQ2Bqy4WSmenqZC7RuI5DPPG/ez/2jn0ZNdlj7icfJ
-----END CERTIFICATE-----