This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/BNRF3iFBib6uH8-zEGx9zfO4cH8.roa
File:                     BNRF3iFBib6uH8-zEGx9zfO4cH8.roa (raw, json)
Hash identifier:          4yacbd98T/BVCl2ct+o0CMmFJRidAbOdWI6U10zor0Y=
Subject key identifier:   04:D4:45:DE:21:41:89:BE:AE:1F:CF:B3:10:6C:7D:CD:F3:B8:70:7F
Certificate issuer:       /CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
Certificate serial:       019B7FF07C1953B69F8070AC494848E9D046
Authority key identifier: 67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/BNRF3iFBib6uH8-zEGx9zfO4cH8.roa
Signing time:             Fri 02 Jan 2026 18:20:25 +0000
ROA not before:           Fri 02 Jan 2026 18:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21221
IP address blocks:        45.14.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Feb 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f0:7c:19:53:b6:9f:80:70:ac:49:48:48:e9:d0:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
        Validity
            Not Before: Jan  2 18:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04d445de214189beae1fcfb3106c7dcdf3b8707f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:53:b2:f1:18:6f:b0:bc:26:82:1f:a9:c9:84:
                    ff:9e:85:ea:92:1e:4e:f8:4d:fb:47:ce:98:0e:c7:
                    a5:01:95:45:ca:cd:2c:65:92:a7:df:4e:cb:f7:7e:
                    66:fb:41:d4:e1:dc:d3:21:30:77:63:91:1e:6a:e3:
                    09:c5:e7:94:0f:b8:1e:f8:45:82:77:78:b9:e1:c2:
                    54:29:da:b5:8d:31:88:9a:ca:65:65:56:fa:94:7e:
                    72:56:a2:1e:26:58:54:53:49:f9:b9:63:42:21:1e:
                    2e:b8:65:bc:67:94:95:8b:3c:fd:a1:e6:dc:7a:c1:
                    3d:a7:2f:4d:f0:0b:ba:bd:da:b4:bb:66:80:9c:b9:
                    cd:a1:d6:00:91:3a:55:4e:3c:25:f2:28:55:8a:af:
                    ef:99:f9:6c:fa:24:a6:7e:ae:06:7d:21:6b:5a:4e:
                    fb:4d:61:da:11:73:50:31:4e:d5:08:4b:98:c7:ab:
                    21:1d:7d:1e:ac:72:a1:dd:f9:69:55:76:ec:28:fe:
                    c1:6d:13:fb:65:30:e7:3b:08:2d:80:92:7b:98:fb:
                    26:79:bc:8b:d5:12:c8:e6:44:01:19:d9:f0:ea:08:
                    45:e3:fe:9c:79:08:df:35:72:93:bb:82:01:63:16:
                    bf:a0:4c:e9:6d:47:9b:c4:2e:57:f6:3a:31:a8:7d:
                    a2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D4:45:DE:21:41:89:BE:AE:1F:CF:B3:10:6C:7D:CD:F3:B8:70:7F
            X509v3 Authority Key Identifier:
                keyid:67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/BNRF3iFBib6uH8-zEGx9zfO4cH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:bb:cf:63:24:e2:de:ca:cb:58:13:12:63:21:ec:20:00:1b:
         3e:56:28:ae:06:79:7b:0f:b9:88:00:f2:a9:7d:cd:53:c7:57:
         63:64:da:de:a9:36:94:fd:62:52:fc:10:e6:0e:39:2f:e0:bb:
         05:19:ee:cc:f6:ea:2d:d2:4e:63:f1:8f:c8:e2:38:57:17:75:
         da:90:d5:dc:e1:ef:59:db:76:04:d7:05:e4:8b:0b:ac:3d:c0:
         5e:db:a0:52:7b:42:41:f7:68:31:f4:d9:b7:b1:42:85:47:19:
         a8:f4:f9:f7:59:f2:64:2b:78:ab:26:d3:cd:66:a4:09:c8:70:
         0a:8f:a4:4c:24:40:88:84:4b:e1:78:22:a1:e8:3a:37:ca:0b:
         79:c1:3d:a0:57:83:31:a7:26:e3:d9:05:d2:37:05:ae:09:0d:
         0b:19:81:35:bf:4e:d8:69:37:c8:81:7d:ed:36:bb:72:0e:35:
         b4:3b:2c:42:c7:e3:1b:a2:8a:cb:95:52:4f:06:51:35:19:9b:
         62:e1:35:b5:ae:85:be:dc:10:fa:96:a9:85:dd:bb:4d:e3:8a:
         fb:33:c1:26:c2:64:55:32:7f:87:9e:d6:77:7c:e8:87:21:11:
         ee:68:33:c2:e8:26:81:c3:d3:7d:01:ca:ef:d6:9d:63:cc:08:
         a0:42:e1:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8HwZU7afgHCsSUhI6dBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZWE2OThhYmNkZWUxMGRjYTlkNjcwM2E1NmU4N2E2YjM1
OWJmY2MwHhcNMjYwMTAyMTgyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQ0NDVkZTIxNDE4OWJlYWUxZmNmYjMxMDZjN2RjZGYzYjg3MDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVOy8RhvsLwmgh+pyYT/noXqkh5O
+E37R86YDselAZVFys0sZZKn307L935m+0HU4dzTITB3Y5EeauMJxeeUD7ge+EWC
d3i54cJUKdq1jTGImsplZVb6lH5yVqIeJlhUU0n5uWNCIR4uuGW8Z5SVizz9oebc
esE9py9N8Au6vdq0u2aAnLnNodYAkTpVTjwl8ihViq/vmfls+iSmfq4GfSFrWk77
TWHaEXNQMU7VCEuYx6shHX0erHKh3flpVXbsKP7BbRP7ZTDnOwgtgJJ7mPsmebyL
1RLI5kQBGdnw6ghF4/6ceQjfNXKTu4IBYxa/oEzpbUebxC5X9joxqH2ihQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATURd4hQYm+rh/PsxBsfc3zuHB/MB8GA1UdIwQY
MBaAFGfqaYq83uENyp1nA6Vuh6azWb/MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODkt
YjMyZDk3NGMyMTBlLzEvQk5SRjNpRkJpYjZ1SDgtekVHeDl6Zk80Y0g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODktYjMyZDk3NGMyMTBl
LzEvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ4DMA0G
CSqGSIb3DQEBCwUAA4IBAQAmu89jJOLeystYExJjIewgABs+ViiuBnl7D7mIAPKp
fc1Tx1djZNreqTaU/WJS/BDmDjkv4LsFGe7M9uot0k5j8Y/I4jhXF3XakNXc4e9Z
23YE1wXkiwusPcBe26BSe0JB92gx9Nm3sUKFRxmo9Pn3WfJkK3irJtPNZqQJyHAK
j6RMJECIhEvheCKh6Do3ygt5wT2gV4Mxpybj2QXSNwWuCQ0LGYE1v07YaTfIgX3t
NrtyDjW0OyxCx+MboorLlVJPBlE1GZti4TW1roW+3BD6lqmF3btN44r7M8EmwmRV
Mn+HntZ3fOiHIRHuaDPC6CaBw9N9Acrv1p1jzAigQuFl
-----END CERTIFICATE-----