This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/bfxZ3U8LPQDqD4igv8w1c53B7_g.roa
File:                     bfxZ3U8LPQDqD4igv8w1c53B7_g.roa (raw, json)
Hash identifier:          wODIH/0xkpwmueRo+Rlw/VFlBWpKNaGnZK/vy02MrTM=
Subject key identifier:   6D:FC:59:DD:4F:0B:3D:00:EA:0F:88:A0:BF:CC:35:73:9D:C1:EF:F8
Certificate issuer:       /CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
Certificate serial:       019BFF0EFA67EF1D7B64E9B1B2F3FCE011D3
Authority key identifier: D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/bfxZ3U8LPQDqD4igv8w1c53B7_g.roa
Signing time:             Tue 27 Jan 2026 10:45:30 +0000
ROA not before:           Tue 27 Jan 2026 10:45:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8551
IP address blocks:        89.38.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Feb 2026 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ff:0e:fa:67:ef:1d:7b:64:e9:b1:b2:f3:fc:e0:11:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
        Validity
            Not Before: Jan 27 10:45:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6dfc59dd4f0b3d00ea0f88a0bfcc35739dc1eff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b3:cc:77:6d:f8:c3:1a:62:26:4f:5a:ce:5e:
                    c7:f7:9d:1c:c6:b1:1b:d9:f3:68:0c:94:83:19:67:
                    bf:80:15:0a:57:f2:c8:be:37:6b:7e:81:49:8e:61:
                    c7:89:16:ac:2d:81:07:d5:8b:97:93:4a:2b:d4:27:
                    71:96:5f:9a:00:7e:d2:9c:19:d7:d7:cd:83:f5:14:
                    92:93:d1:a5:41:48:95:c7:b5:30:b3:ce:a7:36:d5:
                    3b:46:64:18:a8:98:f3:78:27:ea:5d:fe:a6:dc:79:
                    05:3e:29:d3:f1:79:37:3c:74:2f:bc:46:8e:34:72:
                    3e:62:2c:84:3c:88:6b:74:18:9d:3f:4c:7c:23:7b:
                    80:75:25:1a:3c:9b:72:3b:2b:2d:0f:66:e2:41:5c:
                    c2:40:0a:ef:bd:6c:5e:6a:6b:68:17:e7:1d:66:8e:
                    d3:f6:eb:df:1d:45:de:57:77:38:89:28:1a:24:8c:
                    74:3a:6d:1f:60:a0:a6:5d:de:64:aa:d3:fa:3e:a6:
                    f0:6f:d0:4e:35:60:0e:d4:e3:a0:63:3b:e5:80:01:
                    2d:23:26:8d:1c:8a:61:7e:45:55:a5:a2:fc:d7:27:
                    30:15:4c:29:05:eb:4f:37:79:3f:e8:c8:fd:a7:37:
                    ee:fe:d9:af:e3:fe:86:d1:84:3f:f3:f9:3d:ff:d0:
                    87:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:FC:59:DD:4F:0B:3D:00:EA:0F:88:A0:BF:CC:35:73:9D:C1:EF:F8
            X509v3 Authority Key Identifier:
                keyid:D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/bfxZ3U8LPQDqD4igv8w1c53B7_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:b8:9a:b6:0f:0b:09:73:0c:88:07:f9:0d:51:0b:45:b7:99:
         88:04:4c:95:c3:c0:3e:08:0a:c7:56:31:c7:9e:f0:5d:44:a4:
         df:98:97:f4:89:3a:1d:f7:8d:00:73:a6:7b:1e:bb:92:79:18:
         f8:c5:ce:69:77:e0:60:47:8f:ae:31:cd:3b:7c:a0:43:02:20:
         26:13:91:9f:18:e9:19:1a:d3:21:13:da:c0:2e:9f:fe:e5:b0:
         ca:68:94:7e:78:bd:eb:23:e8:f8:55:6d:e1:45:a9:c4:69:43:
         22:eb:47:db:7e:22:0f:7d:00:20:1b:ee:a2:5b:63:17:12:19:
         43:69:ed:fc:b2:a2:ff:e6:99:3c:b1:bd:97:34:8a:ce:94:80:
         72:02:1c:cb:17:d1:47:82:1f:29:09:99:01:4a:53:64:91:6f:
         d3:09:e3:f8:71:40:39:ca:d7:86:55:65:e2:2f:97:fc:e5:a8:
         81:c1:37:23:95:82:d4:98:cd:51:d1:e1:60:5a:8c:7b:31:55:
         b7:b7:9e:e2:9d:f3:67:6a:d0:24:d5:9f:49:98:56:b2:a5:f2:
         ca:85:c4:7c:fc:56:d1:f5:53:32:f9:1f:43:b3:0e:a9:37:ca:
         95:fb:dd:40:be:e6:10:ec:6d:63:3c:9d:03:ac:14:ab:a0:3e:
         fe:3a:84:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv/Dvpn7x17ZOmxsvP84BHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZWZlOWQzNmY1Zjg4ZmRmMDQ3NDJjNDE0MGM3NTMyMDkw
YWI3NzAwHhcNMjYwMTI3MTA0NTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGZjNTlkZDRmMGIzZDAwZWEwZjg4YTBiZmNjMzU3MzlkYzFlZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLPMd234wxpiJk9azl7H950cxrEb
2fNoDJSDGWe/gBUKV/LIvjdrfoFJjmHHiRasLYEH1YuXk0or1Cdxll+aAH7SnBnX
182D9RSSk9GlQUiVx7Uws86nNtU7RmQYqJjzeCfqXf6m3HkFPinT8Xk3PHQvvEaO
NHI+YiyEPIhrdBidP0x8I3uAdSUaPJtyOystD2biQVzCQArvvWxeamtoF+cdZo7T
9uvfHUXeV3c4iSgaJIx0Om0fYKCmXd5kqtP6Pqbwb9BONWAO1OOgYzvlgAEtIyaN
HIphfkVVpaL81ycwFUwpBetPN3k/6Mj9pzfu/tmv4/6G0YQ/8/k9/9CHjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG38Wd1PCz0A6g+IoL/MNXOdwe/4MB8GA1UdIwQY
MBaAFNnv6dNvX4j98EdCxBQMdTIJCrdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1Yzkt
MzlmNmQ2NDI1MzM4LzEvYmZ4WjNVOExQUURxRDRpZ3Y4dzFjNTNCN19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1YzktMzlmNmQ2NDI1MzM4
LzEvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWSYcMA0G
CSqGSIb3DQEBCwUAA4IBAQCauJq2DwsJcwyIB/kNUQtFt5mIBEyVw8A+CArHVjHH
nvBdRKTfmJf0iTod940Ac6Z7HruSeRj4xc5pd+BgR4+uMc07fKBDAiAmE5GfGOkZ
GtMhE9rALp/+5bDKaJR+eL3rI+j4VW3hRanEaUMi60fbfiIPfQAgG+6iW2MXEhlD
ae38sqL/5pk8sb2XNIrOlIByAhzLF9FHgh8pCZkBSlNkkW/TCeP4cUA5yteGVWXi
L5f85aiBwTcjlYLUmM1R0eFgWox7MVW3t57infNnatAk1Z9JmFaypfLKhcR8/FbR
9VMy+R9Dsw6pN8qV+91AvuYQ7G1jPJ0DrBSroD7+OoSK
-----END CERTIFICATE-----