This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/BwXbiOo4RjFVj5Dj5ubs0OzhTEg.roa
File:                     BwXbiOo4RjFVj5Dj5ubs0OzhTEg.roa (raw, json)
Hash identifier:          D/nZqGZDiargJ1WjN4WGCYH05fUuLBJs9tc1eSlRvy8=
Subject key identifier:   07:05:DB:88:EA:38:46:31:55:8F:90:E3:E6:E6:EC:D0:EC:E1:4C:48
Certificate issuer:       /CN=c80041619021e36328ad5898e899787046b8f0f9
Certificate serial:       019B79112443B63D1759AB7888B7B45DB2E5
Authority key identifier: C8:00:41:61:90:21:E3:63:28:AD:58:98:E8:99:78:70:46:B8:F0:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yABBYZAh42MorViY6Jl4cEa48Pk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/BwXbiOo4RjFVj5Dj5ubs0OzhTEg.roa
Signing time:             Thu 01 Jan 2026 10:18:45 +0000
ROA not before:           Thu 01 Jan 2026 10:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47411
IP address blocks:        195.43.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/yABBYZAh42MorViY6Jl4cEa48Pk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/yABBYZAh42MorViY6Jl4cEa48Pk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yABBYZAh42MorViY6Jl4cEa48Pk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:24:43:b6:3d:17:59:ab:78:88:b7:b4:5d:b2:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c80041619021e36328ad5898e899787046b8f0f9
        Validity
            Not Before: Jan  1 10:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0705db88ea384631558f90e3e6e6ecd0ece14c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:aa:6d:2e:46:95:a2:10:97:ab:20:a1:3a:60:
                    98:31:02:da:28:32:40:61:90:18:ea:9a:a8:20:e6:
                    fc:9d:2d:aa:76:5c:f7:43:9b:30:9a:79:b9:9b:b9:
                    1e:b4:f9:d7:97:88:da:72:4b:e0:5c:f2:11:d4:71:
                    35:bf:98:a1:17:31:54:b6:e9:6b:a6:a3:cd:68:fc:
                    74:53:5a:f4:01:77:f8:da:d3:27:76:04:62:1f:57:
                    7d:9e:b4:1c:cf:e5:40:17:58:86:7e:2a:a4:98:82:
                    5b:16:5e:a8:2b:52:dc:7e:ef:d7:32:fb:15:62:b1:
                    16:9e:b0:26:d3:5b:21:d5:f6:0e:f7:5f:ed:e6:79:
                    0b:82:10:9d:49:be:04:72:56:da:aa:39:3f:ba:92:
                    96:a1:61:c7:96:50:ee:86:ee:7d:00:1f:2b:5d:21:
                    9f:30:6a:1a:c5:63:1e:2d:c8:40:19:24:ff:61:bc:
                    c8:57:1a:41:bd:84:16:ed:ab:9b:31:9f:f1:0d:9d:
                    5e:1c:e9:5f:85:3f:81:d2:2d:6f:ba:7e:ef:4e:77:
                    8f:dc:29:bb:9a:5e:c2:54:eb:09:9e:cb:49:fa:48:
                    c1:c3:e7:f2:db:79:c5:1a:04:b8:2c:d8:21:0b:7e:
                    77:c4:39:37:94:68:06:58:81:5f:73:12:dc:6a:b4:
                    de:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:05:DB:88:EA:38:46:31:55:8F:90:E3:E6:E6:EC:D0:EC:E1:4C:48
            X509v3 Authority Key Identifier:
                keyid:C8:00:41:61:90:21:E3:63:28:AD:58:98:E8:99:78:70:46:B8:F0:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yABBYZAh42MorViY6Jl4cEa48Pk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/BwXbiOo4RjFVj5Dj5ubs0OzhTEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/685c99-cfdf-42a0-8436-d297db230a14/1/yABBYZAh42MorViY6Jl4cEa48Pk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:89:ae:7f:fa:02:a1:7e:6d:26:9d:92:3d:13:74:66:2b:a2:
         f5:18:c4:dc:e2:f3:c0:70:6e:45:04:9b:bc:7f:b6:8f:03:64:
         0e:58:b3:90:cd:7d:ba:c5:95:79:f9:e1:8c:1e:5a:aa:3d:b2:
         dc:70:e1:bf:b5:f0:a1:96:b4:36:ab:f4:a9:af:ca:02:fc:b6:
         48:13:4b:b1:38:01:19:2f:92:4b:a2:bb:cf:2e:12:8c:40:17:
         1d:55:6d:28:9f:ae:38:6f:7d:34:8e:2b:17:8c:87:05:17:1d:
         3d:82:80:13:e4:eb:cb:ca:fe:93:e2:9a:52:93:78:b0:52:3d:
         2f:84:d7:42:aa:f0:c6:74:83:15:33:0f:cf:33:b3:e6:e4:dd:
         08:c9:f6:79:4a:fd:8a:ec:6d:ee:ec:1c:2d:de:2e:1f:ec:ee:
         17:99:d9:27:2a:0d:cf:97:71:20:23:ce:b6:2e:a1:49:e8:f2:
         df:da:08:13:54:38:0e:ca:92:cb:5c:7c:48:70:69:04:47:79:
         f5:85:d5:e3:a2:5f:eb:18:ce:ae:db:2d:90:59:c6:e5:a6:9b:
         88:08:5d:e8:ae:77:0a:3f:cf:38:68:e1:ae:1e:70:7f:8f:a9:
         3a:67:88:10:66:7d:63:b3:ab:9a:e6:c0:6f:96:14:31:e1:7c:
         c9:08:ae:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ESRDtj0XWat4iLe0XbLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MDA0MTYxOTAyMWUzNjMyOGFkNTg5OGU4OTk3ODcwNDZi
OGYwZjkwHhcNMjYwMTAxMTAxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzA1ZGI4OGVhMzg0NjMxNTU4ZjkwZTNlNmU2ZWNkMGVjZTE0YzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6ptLkaVohCXqyChOmCYMQLaKDJA
YZAY6pqoIOb8nS2qdlz3Q5swmnm5m7ketPnXl4jackvgXPIR1HE1v5ihFzFUtulr
pqPNaPx0U1r0AXf42tMndgRiH1d9nrQcz+VAF1iGfiqkmIJbFl6oK1Lcfu/XMvsV
YrEWnrAm01sh1fYO91/t5nkLghCdSb4Eclbaqjk/upKWoWHHllDuhu59AB8rXSGf
MGoaxWMeLchAGST/YbzIVxpBvYQW7aubMZ/xDZ1eHOlfhT+B0i1vun7vTneP3Cm7
ml7CVOsJnstJ+kjBw+fy23nFGgS4LNghC353xDk3lGgGWIFfcxLcarTepwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcF24jqOEYxVY+Q4+bm7NDs4UxIMB8GA1UdIwQY
MBaAFMgAQWGQIeNjKK1YmOiZeHBGuPD5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUFCQllaQWg0Mk1vclZpWTZKbDRjRWE0OFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82ODVjOTktY2ZkZi00MmEwLTg0MzYt
ZDI5N2RiMjMwYTE0LzEvQndYYmlPbzRSakZWajVEajV1YnMwT3poVEVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82ODVjOTktY2ZkZi00MmEwLTg0MzYtZDI5N2RiMjMwYTE0
LzEveUFCQllaQWg0Mk1vclZpWTZKbDRjRWE0OFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuYMA0G
CSqGSIb3DQEBCwUAA4IBAQBeia5/+gKhfm0mnZI9E3RmK6L1GMTc4vPAcG5FBJu8
f7aPA2QOWLOQzX26xZV5+eGMHlqqPbLccOG/tfChlrQ2q/Spr8oC/LZIE0uxOAEZ
L5JLorvPLhKMQBcdVW0on644b300jisXjIcFFx09goAT5OvLyv6T4ppSk3iwUj0v
hNdCqvDGdIMVMw/PM7Pm5N0IyfZ5Sv2K7G3u7Bwt3i4f7O4XmdknKg3Pl3EgI862
LqFJ6PLf2ggTVDgOypLLXHxIcGkER3n1hdXjol/rGM6u2y2QWcblppuICF3orncK
P884aOGuHnB/j6k6Z4gQZn1js6ua5sBvlhQx4XzJCK4U
-----END CERTIFICATE-----