This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BAcZ2nyEf4p7rAw5qlQla-bsKa0.roa
File:                     BAcZ2nyEf4p7rAw5qlQla-bsKa0.roa (raw, json)
Hash identifier:          WPDJjqV3Z2W8WvGm9CTFTszHyp4KNGpPPz2fidcMIR4=
Subject key identifier:   04:07:19:DA:7C:84:7F:8A:7B:AC:0C:39:AA:54:25:6B:E6:EC:29:AD
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D3A14F22DFE8E7A70BE7C260DFFE8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BAcZ2nyEf4p7rAw5qlQla-bsKa0.roa
Signing time:             Fri 02 Jan 2026 06:20:20 +0000
ROA not before:           Fri 02 Jan 2026 06:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36113
IP address blocks:        188.240.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:3a:14:f2:2d:fe:8e:7a:70:be:7c:26:0d:ff:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=040719da7c847f8a7bac0c39aa54256be6ec29ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4a:7d:ff:fc:5e:f8:84:48:1d:90:16:b7:3d:
                    8c:68:36:96:5d:c8:66:c5:67:91:de:92:e3:30:d4:
                    01:94:42:20:f8:a3:11:07:48:d3:df:1d:40:3e:c3:
                    d9:a2:14:c4:dc:8f:cf:c2:c8:01:84:dc:21:a5:1b:
                    28:e5:36:d9:75:ad:cf:1c:02:cf:8e:0a:cd:eb:16:
                    59:43:9e:b3:85:29:b8:78:84:2c:41:19:04:83:e4:
                    27:35:f6:e1:f7:24:64:f7:34:99:69:9e:03:9f:45:
                    64:3e:e1:eb:16:28:2e:0e:f6:05:55:8b:7e:cf:d9:
                    dd:d8:2b:a6:8d:20:12:16:5b:89:f2:7c:5d:61:ae:
                    30:f3:0f:f6:ac:33:b3:01:bb:3f:be:a6:15:ee:80:
                    c3:fa:9a:62:a3:c1:b9:71:40:b6:e1:65:cb:04:be:
                    ec:d1:7d:19:a1:b5:48:ed:9a:2e:b0:e3:2d:ab:82:
                    bf:0d:59:c5:10:ad:f7:8b:1f:09:94:fe:b8:e2:f5:
                    23:3b:11:4e:89:71:d0:76:19:26:f3:02:d0:5a:b2:
                    99:27:30:d6:91:24:72:cc:6c:ea:bb:01:e6:fd:a4:
                    ea:56:cd:56:cf:86:c7:eb:2e:ed:8c:af:71:a1:b5:
                    a3:12:d1:d3:ca:e1:4c:f2:6b:32:14:8e:3b:c9:f9:
                    75:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:07:19:DA:7C:84:7F:8A:7B:AC:0C:39:AA:54:25:6B:E6:EC:29:AD
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BAcZ2nyEf4p7rAw5qlQla-bsKa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.240.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:6d:cc:25:62:30:b3:15:cc:ab:3b:1a:9d:e5:be:2d:68:93:
         b2:5d:d5:b0:97:74:d3:3e:af:22:98:fd:be:01:aa:04:f6:69:
         27:46:3c:f1:c7:d8:4b:ba:22:a3:9c:55:7d:74:e7:2e:cc:ea:
         91:d6:ee:ed:f6:fc:5e:57:6b:07:85:ef:1c:5c:99:17:cd:48:
         f7:9f:46:97:0c:f6:1a:f5:9f:7a:cc:4f:56:ad:be:20:80:70:
         42:6c:16:23:18:25:cf:14:ed:b1:98:17:8a:80:04:5b:eb:2f:
         8f:87:aa:61:28:99:50:45:7a:92:69:18:86:11:7b:26:e8:51:
         72:66:10:7a:6f:f7:c8:87:c1:52:57:43:10:c0:99:5d:6b:88:
         83:0e:3b:ae:ac:a1:6d:82:d6:8e:3e:d2:00:94:79:5e:d8:23:
         22:c7:c5:1a:28:71:ca:62:5e:64:5b:2d:6d:c8:30:c7:2f:df:
         60:ba:9a:c6:d3:12:df:a8:3c:4f:cc:f8:26:5d:fc:db:c7:0b:
         e6:4f:4b:79:2b:8e:82:9a:6c:da:97:7f:d1:1e:71:aa:e7:83:
         9f:97:90:a7:ca:bc:ef:08:e3:1f:dc:f4:f2:59:13:96:62:1d:
         e2:d0:b1:80:ff:19:2f:9c:f8:6c:a5:da:0e:ed:88:07:a3:94:
         97:b1:3f:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XToU8i3+jnpwvnwmDf/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA3MTlkYTdjODQ3ZjhhN2JhYzBjMzlhYTU0MjU2YmU2ZWMyOWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEp9//xe+IRIHZAWtz2MaDaWXchm
xWeR3pLjMNQBlEIg+KMRB0jT3x1APsPZohTE3I/PwsgBhNwhpRso5TbZda3PHALP
jgrN6xZZQ56zhSm4eIQsQRkEg+QnNfbh9yRk9zSZaZ4Dn0VkPuHrFiguDvYFVYt+
z9nd2CumjSASFluJ8nxdYa4w8w/2rDOzAbs/vqYV7oDD+ppio8G5cUC24WXLBL7s
0X0ZobVI7ZousOMtq4K/DVnFEK33ix8JlP644vUjOxFOiXHQdhkm8wLQWrKZJzDW
kSRyzGzquwHm/aTqVs1Wz4bH6y7tjK9xobWjEtHTyuFM8msyFI47yfl1nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQHGdp8hH+Ke6wMOapUJWvm7CmtMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQkFjWjJueUVmNHA3ckF3NXFsUWxhLWJzS2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPDpMA0G
CSqGSIb3DQEBCwUAA4IBAQAHbcwlYjCzFcyrOxqd5b4taJOyXdWwl3TTPq8imP2+
AaoE9mknRjzxx9hLuiKjnFV9dOcuzOqR1u7t9vxeV2sHhe8cXJkXzUj3n0aXDPYa
9Z96zE9Wrb4ggHBCbBYjGCXPFO2xmBeKgARb6y+Ph6phKJlQRXqSaRiGEXsm6FFy
ZhB6b/fIh8FSV0MQwJlda4iDDjuurKFtgtaOPtIAlHle2CMix8UaKHHKYl5kWy1t
yDDHL99guprG0xLfqDxPzPgmXfzbxwvmT0t5K46Cmmzal3/RHnGq54Ofl5Cnyrzv
COMf3PTyWROWYh3i0LGA/xkvnPhspdoO7YgHo5SXsT/f
-----END CERTIFICATE-----