This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/bu5zIhc9syS0fhKBovFQXcGQRxQ.roa
File:                     bu5zIhc9syS0fhKBovFQXcGQRxQ.roa (raw, json)
Hash identifier:          /Bq2k4bmIQ5EUPK41v03YcsLqkRVvDHXfxrIn2yzw5A=
Subject key identifier:   6E:EE:73:22:17:3D:B3:24:B4:7E:12:81:A2:F1:50:5D:C1:90:47:14
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       019B7C12B685511AF52EA19D454167565B70
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/bu5zIhc9syS0fhKBovFQXcGQRxQ.roa
Signing time:             Fri 02 Jan 2026 00:19:19 +0000
ROA not before:           Fri 02 Jan 2026 00:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        84.17.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:b6:85:51:1a:f5:2e:a1:9d:45:41:67:56:5b:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  2 00:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6eee7322173db324b47e1281a2f1505dc1904714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6b:7f:77:32:4b:b5:bf:6f:32:ce:8f:94:b0:
                    73:d2:5d:91:82:31:4c:5f:cf:4d:f9:41:0a:5b:e0:
                    c1:1c:ba:17:ad:51:0d:5b:9d:be:91:54:e4:2c:73:
                    6a:ca:9a:c8:d0:9d:70:fb:0e:1b:97:5e:cb:63:f2:
                    c2:50:d2:d2:f3:bc:87:3b:5c:7b:2c:8a:81:4b:ab:
                    80:aa:be:8a:62:c0:6a:0b:36:ee:52:ef:5a:ee:a9:
                    5b:4f:62:4b:50:78:fd:6f:a3:1b:46:fc:84:9e:39:
                    64:ed:4e:c4:58:5c:76:60:a7:4d:ff:70:9a:b8:26:
                    46:e7:e0:a7:b4:8e:88:99:b8:b9:49:20:48:62:8e:
                    31:12:2e:ff:7d:87:3a:6c:ce:e2:d2:75:a5:d9:fc:
                    cd:5e:63:f3:6d:ab:67:df:0c:af:11:7b:3f:bf:6f:
                    8e:60:7a:4d:45:7b:47:4b:d6:e1:f9:9e:8c:4a:c3:
                    53:59:9f:af:1e:60:83:21:02:fa:f7:6e:6c:20:b4:
                    2f:06:01:f6:9d:83:4a:a0:09:44:8b:22:ae:a6:5c:
                    ce:09:54:bd:6c:2e:14:c7:1a:5e:e2:44:48:f5:b4:
                    4c:24:0d:75:eb:64:7a:2d:a3:59:76:90:f5:8f:cc:
                    aa:d9:56:12:41:53:27:5b:f8:8e:04:d0:9a:63:a9:
                    c8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:EE:73:22:17:3D:B3:24:B4:7E:12:81:A2:F1:50:5D:C1:90:47:14
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/bu5zIhc9syS0fhKBovFQXcGQRxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c5:2b:2d:9f:54:b8:c7:83:d1:b5:75:24:45:1e:60:22:c6:
         3b:fe:8c:e2:ae:32:fb:4f:d6:f1:49:26:eb:f6:49:38:c9:65:
         6e:56:d7:a7:1d:36:1c:07:65:83:c7:80:0d:de:8f:12:b5:74:
         69:ac:01:77:f4:4a:a1:d5:6d:12:48:0c:6d:ec:af:f5:8b:6c:
         b3:a7:10:26:c5:98:3b:e9:13:a7:38:75:44:a6:bf:cc:c5:5f:
         5b:a7:98:57:9b:61:03:da:de:1a:08:fd:c5:84:aa:d8:3b:a3:
         b9:04:65:c4:6d:7f:16:56:88:dd:09:7d:57:9a:54:b4:cb:91:
         b7:f1:17:85:55:38:0d:04:30:fd:be:74:f9:ef:2a:32:86:2b:
         cb:eb:54:78:6c:49:24:f4:24:26:48:e5:5b:19:96:56:83:45:
         d4:b4:0a:5f:16:cb:cf:fd:64:e6:d7:18:f0:94:f8:ca:c8:fe:
         5d:f6:ab:69:42:c4:54:18:34:ae:69:0f:b3:0a:e5:62:55:58:
         bf:6a:81:8a:3e:14:ba:ed:c7:89:ae:48:b0:a1:26:1e:c7:7d:
         fd:88:7b:d5:5d:17:cc:5d:1b:e3:35:9d:a2:e5:fd:bd:73:6d:
         01:f7:df:fa:96:aa:15:82:30:f3:6e:c3:54:e1:a4:17:00:38:
         df:7f:d2:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EraFURr1LqGdRUFnVltwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjYwMTAyMDAxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWVlNzMyMjE3M2RiMzI0YjQ3ZTEyODFhMmYxNTA1ZGMxOTA0NzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42t/dzJLtb9vMs6PlLBz0l2RgjFM
X89N+UEKW+DBHLoXrVENW52+kVTkLHNqyprI0J1w+w4bl17LY/LCUNLS87yHO1x7
LIqBS6uAqr6KYsBqCzbuUu9a7qlbT2JLUHj9b6MbRvyEnjlk7U7EWFx2YKdN/3Ca
uCZG5+CntI6Imbi5SSBIYo4xEi7/fYc6bM7i0nWl2fzNXmPzbatn3wyvEXs/v2+O
YHpNRXtHS9bh+Z6MSsNTWZ+vHmCDIQL6925sILQvBgH2nYNKoAlEiyKuplzOCVS9
bC4Uxxpe4kRI9bRMJA1162R6LaNZdpD1j8yq2VYSQVMnW/iOBNCaY6nIwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7ucyIXPbMktH4SgaLxUF3BkEcUMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvYnU1ekloYzlzeVMwZmhLQm92RlFYY0dRUnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFCMA0G
CSqGSIb3DQEBCwUAA4IBAQBSxSstn1S4x4PRtXUkRR5gIsY7/ozirjL7T9bxSSbr
9kk4yWVuVtenHTYcB2WDx4AN3o8StXRprAF39Eqh1W0SSAxt7K/1i2yzpxAmxZg7
6ROnOHVEpr/MxV9bp5hXm2ED2t4aCP3FhKrYO6O5BGXEbX8WVojdCX1XmlS0y5G3
8ReFVTgNBDD9vnT57yoyhivL61R4bEkk9CQmSOVbGZZWg0XUtApfFsvP/WTm1xjw
lPjKyP5d9qtpQsRUGDSuaQ+zCuViVVi/aoGKPhS67ceJrkiwoSYex339iHvVXRfM
XRvjNZ2i5f29c20B99/6lqoVgjDzbsNU4aQXADjff9LO
-----END CERTIFICATE-----