This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/Bq58wAV24LxCZfTqHikKpc1Pf90.roa
File:                     Bq58wAV24LxCZfTqHikKpc1Pf90.roa (raw, json)
Hash identifier:          Z38fRBPUaqDEJWZAtaIhWDjBuRq5J5FcYiFjJcjIdC4=
Subject key identifier:   06:AE:7C:C0:05:76:E0:BC:42:65:F4:EA:1E:29:0A:A5:CD:4F:7F:DD
Certificate issuer:       /CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
Certificate serial:       019B7E383920121C076BAE032438335FCFE2
Authority key identifier: AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/Bq58wAV24LxCZfTqHikKpc1Pf90.roa
Signing time:             Fri 02 Jan 2026 10:19:32 +0000
ROA not before:           Fri 02 Jan 2026 10:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50022
IP address blocks:        2a05:7400:c000::/34 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:39:20:12:1c:07:6b:ae:03:24:38:33:5f:cf:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
        Validity
            Not Before: Jan  2 10:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06ae7cc00576e0bc4265f4ea1e290aa5cd4f7fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:45:ba:72:e2:1a:d9:a9:ca:3b:3c:18:4d:b4:
                    05:20:d0:60:d5:60:7d:cf:e1:95:75:17:f3:5e:d6:
                    24:51:66:07:a3:60:a2:64:f7:27:b2:d3:24:32:92:
                    c7:d4:ff:42:0b:ec:59:33:41:d3:78:d7:f5:93:36:
                    12:64:0a:e8:63:78:a0:57:36:5c:73:1d:2f:db:58:
                    83:09:de:4f:cf:1f:09:ed:97:36:dc:00:53:d7:fc:
                    de:9e:d2:2d:e2:e3:05:53:40:2f:87:2f:27:b6:98:
                    73:90:3a:20:c9:71:02:e8:1c:8d:d9:58:de:e0:ac:
                    20:cf:c5:97:9d:e0:e7:d6:01:65:7c:17:4e:af:a4:
                    45:4f:db:a6:81:18:6e:82:e2:43:96:8d:07:7c:74:
                    a4:e0:b7:07:0b:e6:ea:d4:a5:74:df:85:54:ef:18:
                    8e:b4:8b:05:ce:d4:22:08:53:ea:b8:67:90:4b:f0:
                    01:b2:8c:85:04:8d:5c:42:1f:35:0e:d4:59:be:a8:
                    97:ab:60:58:4f:bd:b7:fa:9b:37:c0:3f:b5:4a:06:
                    14:c0:0d:e6:45:28:9b:59:cc:65:3f:b5:02:50:75:
                    73:b6:cd:01:e9:3e:7f:46:9e:66:15:8a:1e:b7:78:
                    74:33:f3:1a:04:80:d9:9c:a4:67:ee:cc:50:3d:54:
                    dc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:AE:7C:C0:05:76:E0:BC:42:65:F4:EA:1E:29:0A:A5:CD:4F:7F:DD
            X509v3 Authority Key Identifier:
                keyid:AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/Bq58wAV24LxCZfTqHikKpc1Pf90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:7400:c000::/34

    Signature Algorithm: sha256WithRSAEncryption
         a2:1b:cc:0f:86:a4:6d:47:45:7a:08:27:bf:b2:fa:63:a0:7e:
         5d:fe:a5:8c:3e:38:3d:a8:3d:8b:b6:65:4f:05:2d:13:14:ed:
         e8:5c:b3:31:b2:88:79:47:a0:19:20:fe:44:3d:35:d1:b3:02:
         86:2a:c8:12:2a:ae:26:b3:cf:62:3f:90:e8:af:bd:7b:9d:12:
         9e:d7:c1:a8:5d:b0:fc:1a:0e:8f:28:5b:93:6c:89:23:b3:dc:
         7e:0f:45:3d:2b:fa:a6:6b:6a:b8:b0:5a:30:91:0b:fd:9d:5e:
         e3:ab:68:0e:b6:7d:e2:6d:9c:ea:2f:47:ed:f4:18:5e:cf:a9:
         fa:b0:ef:cd:4c:21:92:25:b3:c8:a5:2c:1d:f3:e7:4d:d9:3d:
         44:9e:5a:9a:68:2f:7c:ad:90:74:da:74:06:f4:d5:bf:58:a4:
         c4:86:62:61:7b:59:e7:80:90:29:1d:64:e4:3c:5b:cc:31:9d:
         4f:56:35:2a:88:18:49:8f:68:ad:8d:f2:87:a7:53:68:84:84:
         bb:64:37:ba:76:e2:6d:0a:3c:d3:f9:a0:59:7e:39:af:58:bc:
         db:27:6b:10:ec:66:3c:43:72:48:24:e7:02:87:b6:08:2e:fa:
         60:04:5b:1a:af:97:67:40:be:90:2b:4b:40:22:ee:dc:1a:f1:
         5b:59:89:43
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt+ODkgEhwHa64DJDgzX8/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2Y3NDdkZjVmMjQzNTMxNTRkYzRkNGJmNzBkMmRkY2I1
M2U5MDAwHhcNMjYwMTAyMTAxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmFlN2NjMDA1NzZlMGJjNDI2NWY0ZWExZTI5MGFhNWNkNGY3ZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0W6cuIa2anKOzwYTbQFINBg1WB9
z+GVdRfzXtYkUWYHo2CiZPcnstMkMpLH1P9CC+xZM0HTeNf1kzYSZAroY3igVzZc
cx0v21iDCd5Pzx8J7Zc23ABT1/zentIt4uMFU0Avhy8ntphzkDogyXEC6ByN2Vje
4Kwgz8WXneDn1gFlfBdOr6RFT9umgRhuguJDlo0HfHSk4LcHC+bq1KV034VU7xiO
tIsFztQiCFPquGeQS/ABsoyFBI1cQh81DtRZvqiXq2BYT723+ps3wD+1SgYUwA3m
RSibWcxlP7UCUHVzts0B6T5/Rp5mFYoet3h0M/MaBIDZnKRn7sxQPVTcWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAaufMAFduC8QmX06h4pCqXNT3/dMB8GA1UdIwQY
MBaAFK5/dH318kNTFU3E1L9w0t3LU+kAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2Et
YzZmMWU2YWM5YmE5LzEvQnE1OHdBVjI0THhDWmZUcUhpa0twYzFQZjkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2EtYzZmMWU2YWM5YmE5
LzEvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgV0AMAw
DQYJKoZIhvcNAQELBQADggEBAKIbzA+GpG1HRXoIJ7+y+mOgfl3+pYw+OD2oPYu2
ZU8FLRMU7ehcszGyiHlHoBkg/kQ9NdGzAoYqyBIqriazz2I/kOivvXudEp7Xwahd
sPwaDo8oW5NsiSOz3H4PRT0r+qZrariwWjCRC/2dXuOraA62feJtnOovR+30GF7P
qfqw781MIZIls8ilLB3z503ZPUSeWppoL3ytkHTadAb01b9YpMSGYmF7WeeAkCkd
ZOQ8W8wxnU9WNSqIGEmPaK2N8oenU2iEhLtkN7p24m0KPNP5oFl+Oa9YvNsnaxDs
ZjxDckgk5wKHtggu+mAEWxqvl2dAvpArS0Ai7twa8VtZiUM=
-----END CERTIFICATE-----