This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/BLXHNzBNP3Ceet9uKHyUlqgnahI.roa
File:                     BLXHNzBNP3Ceet9uKHyUlqgnahI.roa (raw, json)
Hash identifier:          ZpEPGuE+ariRNJbj5HFfYxgKn5NI2itUvKloMA1gMz8=
Subject key identifier:   04:B5:C7:37:30:4D:3F:70:9E:7A:DF:6E:28:7C:94:96:A8:27:6A:12
Certificate issuer:       /CN=fe0c14a0bdc119f1ed496202d89be4fd2659ff01
Certificate serial:       019B7B3690E6DE4DB4FD9D92DB0DE90825B9
Authority key identifier: FE:0C:14:A0:BD:C1:19:F1:ED:49:62:02:D8:9B:E4:FD:26:59:FF:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/BLXHNzBNP3Ceet9uKHyUlqgnahI.roa
Signing time:             Thu 01 Jan 2026 20:18:52 +0000
ROA not before:           Thu 01 Jan 2026 20:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200715
IP address blocks:        37.143.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:90:e6:de:4d:b4:fd:9d:92:db:0d:e9:08:25:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe0c14a0bdc119f1ed496202d89be4fd2659ff01
        Validity
            Not Before: Jan  1 20:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04b5c737304d3f709e7adf6e287c9496a8276a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:10:2e:d4:1a:a7:7e:45:de:3f:b4:b3:95:cf:
                    da:74:5b:df:f8:91:2a:3b:af:ac:c7:da:fc:20:dc:
                    f8:a2:44:a9:54:7c:6d:db:30:bc:74:37:53:10:c5:
                    57:79:99:68:92:3a:df:87:e6:ac:93:67:e1:01:9c:
                    16:a7:ff:f4:c6:5d:b7:b1:73:cd:a9:ee:82:49:b3:
                    d5:9c:88:14:e4:64:27:14:a9:65:09:68:c9:7e:7f:
                    8e:88:34:ef:a1:69:5b:06:ff:6b:9e:92:b7:42:22:
                    e3:e0:d5:1c:7f:36:f2:5a:e5:b9:b8:27:ac:a0:ec:
                    54:fa:0c:5d:a5:87:f3:ce:2b:bc:8c:c3:62:a2:f5:
                    cb:8b:9c:15:bc:95:18:54:c9:3d:0e:e5:a0:28:0a:
                    2e:1f:87:8f:2e:7c:00:56:44:99:60:eb:b5:3e:52:
                    a8:6a:a4:12:47:a7:cc:0c:7d:0e:09:d6:6a:25:5f:
                    6d:cc:93:e9:79:40:c8:d6:40:66:92:ff:34:46:d5:
                    f6:a8:d2:a2:36:89:21:0e:a1:6a:2c:60:f6:23:73:
                    a1:0a:c3:07:45:0b:05:15:21:fc:99:0b:df:7a:cd:
                    e8:8a:fe:7f:a8:b1:fe:4f:e0:05:35:c4:9c:2d:de:
                    d8:26:fb:55:9f:9d:7c:38:30:94:f8:8b:b1:56:31:
                    e1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B5:C7:37:30:4D:3F:70:9E:7A:DF:6E:28:7C:94:96:A8:27:6A:12
            X509v3 Authority Key Identifier:
                keyid:FE:0C:14:A0:BD:C1:19:F1:ED:49:62:02:D8:9B:E4:FD:26:59:FF:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/BLXHNzBNP3Ceet9uKHyUlqgnahI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:51:cf:aa:24:26:1b:f1:80:3d:a0:48:6c:64:0e:9c:c8:c7:
         9f:2f:70:80:8f:aa:36:be:e0:78:cf:99:27:32:d4:64:fd:cf:
         d7:ca:a8:1a:29:c0:58:21:b4:75:90:a6:d3:4e:47:93:fe:b0:
         ff:f5:be:02:7d:c0:5a:a4:d7:68:a7:1a:54:92:94:84:d6:c4:
         84:46:85:37:ca:96:97:c0:30:65:3d:e1:81:c6:7a:43:63:6b:
         b9:0c:8b:82:65:9e:63:5b:d2:5a:3a:e3:5a:04:34:0f:4e:0a:
         bf:da:54:4e:8f:c2:6a:bd:54:16:81:cf:b7:8d:7f:18:3e:bc:
         66:af:57:a5:c4:b4:81:27:25:b6:fe:fd:35:94:8e:4d:0a:31:
         d8:00:22:de:7b:83:1d:d7:b5:6d:f6:1d:55:dc:f3:ab:f2:76:
         a1:f7:ea:07:a8:90:09:6e:92:66:95:56:9e:a3:60:a4:4c:0d:
         ad:0e:68:f3:d5:1a:a6:e0:65:eb:d7:60:fb:9d:5b:16:96:70:
         83:91:6e:62:d5:22:2e:44:ef:85:92:26:4b:80:db:29:e9:0e:
         f6:36:ac:01:16:d8:68:1c:e7:04:9a:00:c4:8b:6e:75:aa:91:
         8a:22:77:18:fb:02:c8:01:78:82:f4:8d:02:ff:86:b7:d7:44:
         27:0a:a3:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NpDm3k20/Z2S2w3pCCW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMGMxNGEwYmRjMTE5ZjFlZDQ5NjIwMmQ4OWJlNGZkMjY1
OWZmMDEwHhcNMjYwMTAxMjAxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGI1YzczNzMwNGQzZjcwOWU3YWRmNmUyODdjOTQ5NmE4Mjc2YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxAu1BqnfkXeP7Szlc/adFvf+JEq
O6+sx9r8INz4okSpVHxt2zC8dDdTEMVXeZlokjrfh+ask2fhAZwWp//0xl23sXPN
qe6CSbPVnIgU5GQnFKllCWjJfn+OiDTvoWlbBv9rnpK3QiLj4NUcfzbyWuW5uCes
oOxU+gxdpYfzziu8jMNiovXLi5wVvJUYVMk9DuWgKAouH4ePLnwAVkSZYOu1PlKo
aqQSR6fMDH0OCdZqJV9tzJPpeUDI1kBmkv80RtX2qNKiNokhDqFqLGD2I3OhCsMH
RQsFFSH8mQvfes3oiv5/qLH+T+AFNcScLd7YJvtVn518ODCU+IuxVjHhCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAS1xzcwTT9wnnrfbih8lJaoJ2oSMB8GA1UdIwQY
MBaAFP4MFKC9wRnx7UliAtib5P0mWf8BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2d3VW9MM0JHZkh0U1dJQzJKdmtfU1paX3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83MTFkMGItYzYzMS00YjZiLTg3MDAt
Y2VhNjViY2U3MzI0LzEvQkxYSE56Qk5QM0NlZXQ5dUtIeVVscWduYWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83MTFkMGItYzYzMS00YjZiLTg3MDAtY2VhNjViY2U3MzI0
LzEvX2d3VW9MM0JHZkh0U1dJQzJKdmtfU1paX3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY84MA0G
CSqGSIb3DQEBCwUAA4IBAQBTUc+qJCYb8YA9oEhsZA6cyMefL3CAj6o2vuB4z5kn
MtRk/c/XyqgaKcBYIbR1kKbTTkeT/rD/9b4CfcBapNdopxpUkpSE1sSERoU3ypaX
wDBlPeGBxnpDY2u5DIuCZZ5jW9JaOuNaBDQPTgq/2lROj8JqvVQWgc+3jX8YPrxm
r1elxLSBJyW2/v01lI5NCjHYACLee4Md17Vt9h1V3POr8nah9+oHqJAJbpJmlVae
o2CkTA2tDmjz1Rqm4GXr12D7nVsWlnCDkW5i1SIuRO+FkiZLgNsp6Q72NqwBFtho
HOcEmgDEi251qpGKIncY+wLIAXiC9I0C/4a310QnCqMT
-----END CERTIFICATE-----