This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Bf2SGYBtModtbfBu1FZFXS9_3k8.roa
File:                     Bf2SGYBtModtbfBu1FZFXS9_3k8.roa (raw, json)
Hash identifier:          ItQAdujE8bWOSse4zyi5G2tlodlRyFzdr1jfpAJzn2k=
Subject key identifier:   05:FD:92:19:80:6D:32:87:6D:6D:F0:6E:D4:56:45:5D:2F:7F:DE:4F
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019B7F8597D0C725BB5D797475CC699D043F
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Bf2SGYBtModtbfBu1FZFXS9_3k8.roa
Signing time:             Fri 02 Jan 2026 16:23:40 +0000
ROA not before:           Fri 02 Jan 2026 16:23:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206042
IP address blocks:        2a0f:b240:7200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 06:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:97:d0:c7:25:bb:5d:79:74:75:cc:69:9d:04:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jan  2 16:23:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05fd9219806d32876d6df06ed456455d2f7fde4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ed:76:42:9e:77:35:08:a6:06:9a:40:24:13:
                    91:ab:17:cf:82:7c:84:35:34:6b:95:57:ff:23:01:
                    75:ff:dc:bf:57:28:b6:92:6d:17:01:15:21:2e:f5:
                    dd:8a:f1:bf:46:2c:d1:ac:96:08:4d:09:4a:98:6c:
                    e2:a5:e8:58:72:de:39:af:06:6c:cb:31:b2:bf:aa:
                    7c:6e:4e:06:86:5f:a4:72:fa:ee:5b:96:ad:00:bb:
                    0e:36:29:87:64:3b:9f:02:c5:f1:17:84:f0:09:dc:
                    5d:56:c3:2c:68:3f:40:bc:0a:bc:2d:b6:c2:9c:c4:
                    07:2b:24:54:e3:21:66:28:87:a2:d7:c5:1b:cc:a4:
                    0a:1e:c6:56:83:2b:75:74:c6:b9:05:04:e1:57:b8:
                    27:6f:ee:63:f9:59:94:5b:bf:cc:02:59:49:14:5f:
                    03:6e:c6:77:5c:c4:c2:86:1d:5e:bb:9b:eb:86:2d:
                    3f:c7:11:72:c8:90:61:02:f5:c1:61:6a:7c:96:4e:
                    0e:51:00:3d:4d:3f:b7:0b:c5:83:72:4f:e8:86:ee:
                    fd:c0:29:e4:ab:1a:f3:ce:d0:f5:be:2f:63:53:a0:
                    51:4c:1a:1c:cc:6a:f7:b3:d0:9c:d1:81:7e:bf:37:
                    71:ce:1c:62:53:2e:fb:2f:ba:45:62:12:60:10:44:
                    f5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:FD:92:19:80:6D:32:87:6D:6D:F0:6E:D4:56:45:5D:2F:7F:DE:4F
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Bf2SGYBtModtbfBu1FZFXS9_3k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:7200::/40

    Signature Algorithm: sha256WithRSAEncryption
         48:10:89:72:d9:0b:79:d2:a4:fa:48:f5:bc:a2:d8:02:da:06:
         b9:85:80:2f:34:f9:41:ee:36:26:db:98:b3:87:ff:01:0e:09:
         eb:20:08:31:81:0d:60:61:84:26:8e:c0:33:5f:25:dd:f7:b0:
         b3:11:48:2a:e7:6f:43:12:cd:87:69:73:ca:90:69:1d:3c:b3:
         f5:2e:24:e2:c5:3c:ca:e2:9a:bc:0f:5b:1c:e8:ff:70:42:61:
         4d:1b:b7:67:01:08:c5:ef:81:f7:ae:55:33:4e:0f:5a:a1:bf:
         65:47:4b:92:ef:2a:86:b4:9d:80:8a:f2:ff:17:db:18:9b:9a:
         d0:a3:f4:b7:a2:99:3e:c3:51:fb:10:f5:a8:f2:4f:68:54:c2:
         aa:40:c5:72:0b:8a:01:85:28:6b:ac:50:3d:91:79:44:8a:a2:
         a2:82:c9:62:2c:48:da:be:b0:11:16:24:38:f1:dd:4b:40:95:
         b5:ae:5c:4a:23:6a:c7:6e:a7:fd:cc:21:5c:20:73:96:de:c4:
         ee:84:2c:24:c7:39:4e:78:39:c0:78:84:59:fd:d1:36:b4:e5:
         cb:0e:87:b5:7b:43:f1:6b:6d:2d:ac:c4:7f:70:28:a7:e3:d3:
         14:4f:f5:7c:f5:0f:dc:6f:84:2d:30:3b:6a:5a:f1:ea:85:c0:
         31:e7:72:cc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/hZfQxyW7XXl0dcxpnQQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwMTAyMTYyMzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWZkOTIxOTgwNmQzMjg3NmQ2ZGYwNmVkNDU2NDU1ZDJmN2ZkZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+12Qp53NQimBppAJBORqxfPgnyE
NTRrlVf/IwF1/9y/Vyi2km0XARUhLvXdivG/RizRrJYITQlKmGzipehYct45rwZs
yzGyv6p8bk4Ghl+kcvruW5atALsONimHZDufAsXxF4TwCdxdVsMsaD9AvAq8LbbC
nMQHKyRU4yFmKIei18UbzKQKHsZWgyt1dMa5BQThV7gnb+5j+VmUW7/MAllJFF8D
bsZ3XMTChh1eu5vrhi0/xxFyyJBhAvXBYWp8lk4OUQA9TT+3C8WDck/ohu79wCnk
qxrzztD1vi9jU6BRTBoczGr3s9Cc0YF+vzdxzhxiUy77L7pFYhJgEET13wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAX9khmAbTKHbW3wbtRWRV0vf95PMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvQmYyU0dZQnRNb2R0YmZCdTFGWkZYUzlfM2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQHIw
DQYJKoZIhvcNAQELBQADggEBAEgQiXLZC3nSpPpI9byi2ALaBrmFgC80+UHuNibb
mLOH/wEOCesgCDGBDWBhhCaOwDNfJd33sLMRSCrnb0MSzYdpc8qQaR08s/UuJOLF
PMrimrwPWxzo/3BCYU0bt2cBCMXvgfeuVTNOD1qhv2VHS5LvKoa0nYCK8v8X2xib
mtCj9LeimT7DUfsQ9ajyT2hUwqpAxXILigGFKGusUD2ReUSKoqKCyWIsSNq+sBEW
JDjx3UtAlbWuXEojasdup/3MIVwgc5bexO6ELCTHOU54OcB4hFn90Ta05csOh7V7
Q/FrbS2sxH9wKKfj0xRP9Xz1D9xvhC0wO2pa8eqFwDHncsw=
-----END CERTIFICATE-----