This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/BP6hDr2uQ2nYgOlG8tY0NOwSNg8.roa
File:                     BP6hDr2uQ2nYgOlG8tY0NOwSNg8.roa (raw, json)
Hash identifier:          YmBSe4wnLWaAt8Ujjj5LQW3vZDohUUE8Kn3s005g3yE=
Subject key identifier:   04:FE:A1:0E:BD:AE:43:69:D8:80:E9:46:F2:D6:34:34:EC:12:36:0F
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019B7BA5346F367978D5C93C100CC644E0CB
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/BP6hDr2uQ2nYgOlG8tY0NOwSNg8.roa
Signing time:             Thu 01 Jan 2026 22:19:43 +0000
ROA not before:           Thu 01 Jan 2026 22:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42960
IP address blocks:        185.244.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:34:6f:36:79:78:d5:c9:3c:10:0c:c6:44:e0:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jan  1 22:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04fea10ebdae4369d880e946f2d63434ec12360f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:49:20:11:9f:d5:9c:86:06:0e:b1:10:53:aa:
                    58:34:80:96:d9:fc:e1:f0:61:e2:3e:f5:0b:2a:41:
                    c4:9b:01:fc:39:a9:99:b3:e4:01:7e:1e:6e:4b:cf:
                    37:c8:8b:04:f5:e6:0e:00:b2:c3:db:52:6f:58:09:
                    b7:45:f0:84:b3:c3:2d:7e:93:26:f9:13:2c:a4:72:
                    30:ee:d5:7a:81:1a:67:0a:79:0d:31:b0:e7:87:ce:
                    d2:5b:f7:de:46:1e:6f:52:26:d8:b0:ed:01:01:8c:
                    7d:b3:2d:18:1b:2b:31:65:3c:ea:65:41:3e:5e:5d:
                    78:0f:a9:42:33:31:8d:0b:92:67:c5:70:a0:b6:99:
                    dc:dd:5c:01:3b:7a:1a:57:75:7e:fc:fd:34:53:f1:
                    81:7d:4e:d7:bf:e6:25:ca:13:de:59:7f:88:b3:b0:
                    39:b5:7d:07:27:1b:07:0b:95:1e:67:dc:26:ab:18:
                    1d:8f:46:d0:47:0a:d3:9c:5a:61:7a:23:41:6d:3f:
                    56:54:d6:7d:ee:9d:38:5f:4f:96:0f:14:9f:a0:61:
                    3f:72:a2:c9:cb:5d:29:15:b4:4b:bd:1f:24:e4:00:
                    4c:a0:a5:ed:b5:57:cb:e6:de:02:72:a9:98:5e:55:
                    b3:28:aa:bf:6a:0e:78:1d:47:80:d8:85:ab:db:d3:
                    a2:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FE:A1:0E:BD:AE:43:69:D8:80:E9:46:F2:D6:34:34:EC:12:36:0F
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/BP6hDr2uQ2nYgOlG8tY0NOwSNg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:e6:a7:6e:16:2b:a3:b2:f9:34:5b:a2:a0:89:44:f6:37:0a:
         32:8e:d2:ac:62:c7:14:e1:f0:6c:97:dc:1e:c9:69:e7:1a:21:
         e7:77:2e:90:6c:0d:65:f6:81:81:79:e9:d4:d8:40:42:af:9e:
         1f:14:36:f2:b4:88:39:b2:dd:af:51:ac:17:57:a2:87:dd:47:
         df:57:2d:81:0b:e0:ce:20:9a:5e:aa:a7:4f:4b:17:0c:1e:76:
         ee:61:57:61:46:1a:1d:13:fc:da:f9:82:bb:b4:0c:41:02:8e:
         ec:f1:97:e4:9a:b0:d7:27:6d:33:2c:1f:65:2d:5d:5d:d5:1a:
         05:e2:fb:2f:44:19:4c:26:21:bc:c7:c0:f7:5d:3d:bd:66:fa:
         2f:15:5a:75:9f:f2:e4:a2:b6:46:93:4b:44:d3:8e:24:c9:af:
         6f:88:0f:3a:cd:bf:3d:4d:5b:bc:30:34:0a:c3:d9:e6:f4:96:
         2c:0b:8f:a0:10:8b:d1:8d:3c:cb:1c:b9:39:af:fd:98:66:e2:
         87:23:b1:4b:01:c3:a6:8a:87:d9:7f:04:57:23:f3:af:46:92:
         e4:25:68:84:17:e9:e8:56:52:38:cb:39:6f:56:ed:e7:d3:c7:
         bd:e1:4d:f7:4c:06:2a:64:bc:31:e4:28:90:fb:b9:25:b8:60:
         30:81:0e:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTRvNnl41ck8EAzGRODLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMTAxMjIxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGZlYTEwZWJkYWU0MzY5ZDg4MGU5NDZmMmQ2MzQzNGVjMTIzNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EkgEZ/VnIYGDrEQU6pYNICW2fzh
8GHiPvULKkHEmwH8OamZs+QBfh5uS883yIsE9eYOALLD21JvWAm3RfCEs8MtfpMm
+RMspHIw7tV6gRpnCnkNMbDnh87SW/feRh5vUibYsO0BAYx9sy0YGysxZTzqZUE+
Xl14D6lCMzGNC5JnxXCgtpnc3VwBO3oaV3V+/P00U/GBfU7Xv+YlyhPeWX+Is7A5
tX0HJxsHC5UeZ9wmqxgdj0bQRwrTnFpheiNBbT9WVNZ97p04X0+WDxSfoGE/cqLJ
y10pFbRLvR8k5ABMoKXttVfL5t4CcqmYXlWzKKq/ag54HUeA2IWr29OifwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAT+oQ69rkNp2IDpRvLWNDTsEjYPMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvQlA2aERyMnVRMm5ZZ09sRzh0WTBOT3dTTmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQAMA0G
CSqGSIb3DQEBCwUAA4IBAQCo5qduFiujsvk0W6KgiUT2NwoyjtKsYscU4fBsl9we
yWnnGiHndy6QbA1l9oGBeenU2EBCr54fFDbytIg5st2vUawXV6KH3UffVy2BC+DO
IJpeqqdPSxcMHnbuYVdhRhodE/za+YK7tAxBAo7s8ZfkmrDXJ20zLB9lLV1d1RoF
4vsvRBlMJiG8x8D3XT29ZvovFVp1n/LkorZGk0tE044kya9viA86zb89TVu8MDQK
w9nm9JYsC4+gEIvRjTzLHLk5r/2YZuKHI7FLAcOmiofZfwRXI/OvRpLkJWiEF+no
VlI4yzlvVu3n08e94U33TAYqZLwx5CiQ+7kluGAwgQ4b
-----END CERTIFICATE-----