This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/BNFOMhR6hv1XuGHNrVMQM_JLnfA.roa
File:                     BNFOMhR6hv1XuGHNrVMQM_JLnfA.roa (raw, json)
Hash identifier:          3OvYrZCCVuNvoUSnWJT9b9bxtgVNtSEoWfbO8tJ8ZDE=
Subject key identifier:   04:D1:4E:32:14:7A:86:FD:57:B8:61:CD:AD:53:10:33:F2:4B:9D:F0
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019B7BA53742C43175B1B5DCF4BA9CA10442
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/BNFOMhR6hv1XuGHNrVMQM_JLnfA.roa
Signing time:             Thu 01 Jan 2026 22:19:43 +0000
ROA not before:           Thu 01 Jan 2026 22:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55201
IP address blocks:        185.219.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 07:45:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:37:42:c4:31:75:b1:b5:dc:f4:ba:9c:a1:04:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jan  1 22:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04d14e32147a86fd57b861cdad531033f24b9df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:64:58:43:d2:02:18:f1:34:78:00:1b:1a:d3:
                    2a:50:dd:2d:6d:8e:d0:f1:2f:66:1a:cf:a4:9b:92:
                    56:c1:07:d9:60:3f:8d:57:e7:55:a9:f3:09:94:82:
                    cb:4e:ce:d1:60:97:60:67:a8:14:9c:15:0c:49:39:
                    a1:08:92:8c:6d:7b:59:fb:ce:4e:68:84:20:31:9f:
                    31:4c:b5:4a:a8:eb:50:ad:46:ef:6e:1b:58:1b:50:
                    53:41:04:de:67:6d:7b:66:bd:14:14:a1:f6:0d:88:
                    17:36:ee:02:a6:c2:6c:de:21:68:05:2e:f3:80:8c:
                    28:d1:f7:70:a3:d3:ae:6c:65:e8:ea:4e:18:a6:3b:
                    07:94:92:d2:7e:e1:ab:05:2a:94:5b:d8:ac:16:f2:
                    24:1a:a2:3e:80:2d:59:48:c7:9c:ee:35:63:8f:af:
                    e3:11:3b:66:fb:6a:8f:76:dd:31:ff:45:46:80:d7:
                    bc:eb:36:e5:81:8e:3b:41:43:bf:8a:62:93:cc:b4:
                    2d:82:54:5b:ea:02:a5:44:52:5e:24:4a:cb:c7:9b:
                    b7:4b:f3:0a:e1:a8:b8:c6:46:ca:84:bd:52:73:20:
                    10:4e:46:65:5e:f1:70:d5:96:2d:7e:29:c5:dc:a2:
                    b7:c0:08:de:8e:18:ee:ad:7e:df:b7:be:d1:33:57:
                    5a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D1:4E:32:14:7A:86:FD:57:B8:61:CD:AD:53:10:33:F2:4B:9D:F0
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/BNFOMhR6hv1XuGHNrVMQM_JLnfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:aa:8b:54:a0:a9:b8:95:f5:08:8f:c4:58:43:7c:d0:58:7c:
         c1:b9:75:1a:b4:a3:d7:d0:7c:b4:38:40:f9:a8:eb:4e:e6:77:
         2e:24:db:ea:0f:5c:54:80:f8:ca:3b:aa:54:32:1d:1e:bf:9e:
         32:18:3f:31:93:96:f2:dd:f4:3a:05:03:02:11:4a:f7:2f:aa:
         14:c9:96:3d:49:ba:be:63:67:74:8d:25:c7:fd:57:98:d4:97:
         1e:e0:d2:1c:40:39:82:7e:fa:42:eb:43:ae:70:be:8c:c9:b7:
         85:24:de:7a:7a:57:fd:e5:50:cb:42:23:8a:27:e5:ec:e2:94:
         18:39:df:e9:42:65:8c:40:7a:42:5c:9e:32:14:d8:9d:fb:83:
         f5:68:bd:be:72:7e:cd:cf:fd:01:bb:c1:3d:2c:21:1f:56:58:
         f2:e3:a4:64:94:76:df:f3:43:c3:f1:38:32:35:84:87:6a:80:
         8e:23:f1:29:69:f2:60:3f:11:9d:4a:de:03:d8:16:ca:d1:62:
         0f:e5:8d:65:b3:06:ee:f0:8b:d6:47:84:93:c3:f2:47:13:ad:
         30:b1:cd:a5:11:d8:07:8e:de:a6:e7:e9:f7:db:d5:4b:e0:5e:
         c7:e4:c4:af:c0:b8:e6:b2:66:da:f2:7a:86:04:3d:0e:3c:ff:
         9b:dd:dd:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTdCxDF1sbXc9LqcoQRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMTAxMjIxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQxNGUzMjE0N2E4NmZkNTdiODYxY2RhZDUzMTAzM2YyNGI5ZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWRYQ9ICGPE0eAAbGtMqUN0tbY7Q
8S9mGs+km5JWwQfZYD+NV+dVqfMJlILLTs7RYJdgZ6gUnBUMSTmhCJKMbXtZ+85O
aIQgMZ8xTLVKqOtQrUbvbhtYG1BTQQTeZ217Zr0UFKH2DYgXNu4CpsJs3iFoBS7z
gIwo0fdwo9OubGXo6k4YpjsHlJLSfuGrBSqUW9isFvIkGqI+gC1ZSMec7jVjj6/j
ETtm+2qPdt0x/0VGgNe86zblgY47QUO/imKTzLQtglRb6gKlRFJeJErLx5u3S/MK
4ai4xkbKhL1ScyAQTkZlXvFw1ZYtfinF3KK3wAjejhjurX7ft77RM1daywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATRTjIUeob9V7hhza1TEDPyS53wMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvQk5GT01oUjZodjFYdUdITnJWTVFNX0pMbmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudu8MA0G
CSqGSIb3DQEBCwUAA4IBAQAEqotUoKm4lfUIj8RYQ3zQWHzBuXUatKPX0Hy0OED5
qOtO5ncuJNvqD1xUgPjKO6pUMh0ev54yGD8xk5by3fQ6BQMCEUr3L6oUyZY9Sbq+
Y2d0jSXH/VeY1Jce4NIcQDmCfvpC60OucL6MybeFJN56elf95VDLQiOKJ+Xs4pQY
Od/pQmWMQHpCXJ4yFNid+4P1aL2+cn7Nz/0Bu8E9LCEfVljy46RklHbf80PD8Tgy
NYSHaoCOI/EpafJgPxGdSt4D2BbK0WIP5Y1lswbu8IvWR4STw/JHE60wsc2lEdgH
jt6m5+n329VL4F7H5MSvwLjmsmba8nqGBD0OPP+b3d0I
-----END CERTIFICATE-----