This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/BW5S5s1xvxdYeismlznCSfBL2yI.roa
File:                     BW5S5s1xvxdYeismlznCSfBL2yI.roa (raw, json)
Hash identifier:          EtWeWpCD+suUmysPule/ohTEye/jj6Q4dBOVaR6L3gA=
Subject key identifier:   05:6E:52:E6:CD:71:BF:17:58:7A:2B:26:97:39:C2:49:F0:4B:DB:22
Certificate issuer:       /CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
Certificate serial:       019B77C6BFA6A3EC236B5A1B96D3C75CA587
Authority key identifier: E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/BW5S5s1xvxdYeismlznCSfBL2yI.roa
Signing time:             Thu 01 Jan 2026 04:17:52 +0000
ROA not before:           Thu 01 Jan 2026 04:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197772
IP address blocks:        91.226.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:bf:a6:a3:ec:23:6b:5a:1b:96:d3:c7:5c:a5:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
        Validity
            Not Before: Jan  1 04:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=056e52e6cd71bf17587a2b269739c249f04bdb22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4d:e2:1b:93:b2:65:4e:24:a9:8a:c8:a3:72:
                    95:83:39:4e:19:54:30:3d:21:97:89:38:eb:ca:42:
                    93:64:ef:60:64:6c:fe:89:cb:96:a6:70:30:93:e1:
                    da:dd:13:e7:67:de:16:0c:46:4b:c0:15:be:c5:6d:
                    7a:ee:e3:0e:a3:05:9c:cc:c2:4f:e6:e9:0c:20:09:
                    94:04:d4:0d:c3:fd:bc:d0:61:9b:5a:9d:fd:d8:af:
                    50:3d:e3:bc:3d:05:87:27:ed:b9:3e:8e:14:77:86:
                    11:55:45:e0:cf:5f:55:f1:82:b5:aa:17:2b:da:d1:
                    cb:3b:58:ae:40:98:06:27:d8:4c:b0:c1:57:79:93:
                    28:93:c7:f9:da:98:fb:42:2e:58:9c:be:4e:24:6f:
                    9d:a5:db:2c:bf:90:8c:11:2a:c1:95:43:64:95:08:
                    c8:09:b9:f7:9c:c1:3c:ed:77:4a:90:af:f8:36:9b:
                    05:19:16:da:7b:37:c1:fa:07:0b:54:f5:98:69:7a:
                    1f:b1:51:da:eb:72:36:b2:52:88:31:8c:c8:aa:6c:
                    23:00:e6:9e:34:94:b3:2d:61:e2:7d:24:ce:2b:62:
                    b9:d6:3b:ec:c5:90:60:89:06:8b:03:1e:27:72:c7:
                    2d:50:3f:96:ca:79:1c:f5:1f:b5:3f:06:4c:69:32:
                    83:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:6E:52:E6:CD:71:BF:17:58:7A:2B:26:97:39:C2:49:F0:4B:DB:22
            X509v3 Authority Key Identifier:
                keyid:E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/BW5S5s1xvxdYeismlznCSfBL2yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:1b:f3:12:cf:71:ed:94:ea:06:0c:f7:54:87:ff:da:67:d6:
         86:3e:0c:0c:9d:0d:1d:b1:d7:13:78:e4:1e:00:63:cd:34:77:
         0b:92:bf:24:bf:b1:49:0d:26:ca:41:9a:8b:92:99:d2:ca:73:
         33:e9:bd:fc:99:a7:ae:dc:c0:c9:fb:37:20:51:ae:3b:d3:1f:
         af:90:c3:75:f1:e0:90:85:37:0d:e1:3c:fd:6e:2d:04:fa:c9:
         ee:b0:e1:59:7a:98:ce:91:3f:ff:ca:27:b7:89:ce:c1:e6:9f:
         f3:88:89:95:e9:59:d3:14:a2:6f:4d:fa:3c:1c:99:bf:29:7c:
         b1:75:17:f8:02:27:a1:27:93:7c:f1:e4:a1:ad:75:f2:b8:21:
         1f:0f:bb:13:80:14:d3:aa:da:ff:a3:70:a9:4a:b0:89:0f:9d:
         e3:09:47:69:61:17:81:6a:ab:1b:80:e6:07:bd:08:a7:d8:f7:
         4d:b3:a0:c5:ab:53:5d:e3:76:be:e0:aa:7c:ac:90:86:98:e9:
         d7:c0:d2:ab:c3:f5:bc:d0:9d:3d:b4:07:9e:94:88:c9:32:cd:
         5c:f4:b0:00:de:6e:4d:e5:8c:c9:84:65:bb:a3:ac:7d:d2:52:
         e8:bc:9a:7f:e3:42:ce:37:dc:31:da:c3:53:55:6d:a7:24:33:
         8e:1c:7d:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xr+mo+wja1obltPHXKWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzU4NjEyMTBkYzM4YmRiYWViNDc3ZDZkYTcxOTY2NGE4
NGE2YmMwHhcNMjYwMTAxMDQxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTZlNTJlNmNkNzFiZjE3NTg3YTJiMjY5NzM5YzI0OWYwNGJkYjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU3iG5OyZU4kqYrIo3KVgzlOGVQw
PSGXiTjrykKTZO9gZGz+icuWpnAwk+Ha3RPnZ94WDEZLwBW+xW167uMOowWczMJP
5ukMIAmUBNQNw/280GGbWp392K9QPeO8PQWHJ+25Po4Ud4YRVUXgz19V8YK1qhcr
2tHLO1iuQJgGJ9hMsMFXeZMok8f52pj7Qi5YnL5OJG+dpdssv5CMESrBlUNklQjI
Cbn3nME87XdKkK/4NpsFGRbaezfB+gcLVPWYaXofsVHa63I2slKIMYzIqmwjAOae
NJSzLWHifSTOK2K51jvsxZBgiQaLAx4ncsctUD+Wynkc9R+1PwZMaTKDFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVuUubNcb8XWHorJpc5wknwS9siMB8GA1UdIwQY
MBaAFOLFhhIQ3Di9uutHfW2nGWZKhKa8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEt
MzM3NTYxN2Q0ZWZkLzEvQlc1UzVzMXh2eGRZZWlzbWx6bkNTZkJMMnlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEtMzM3NTYxN2Q0ZWZk
LzEvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+KwMA0G
CSqGSIb3DQEBCwUAA4IBAQCCG/MSz3HtlOoGDPdUh//aZ9aGPgwMnQ0dsdcTeOQe
AGPNNHcLkr8kv7FJDSbKQZqLkpnSynMz6b38maeu3MDJ+zcgUa470x+vkMN18eCQ
hTcN4Tz9bi0E+snusOFZepjOkT//yie3ic7B5p/ziImV6VnTFKJvTfo8HJm/KXyx
dRf4AiehJ5N88eShrXXyuCEfD7sTgBTTqtr/o3CpSrCJD53jCUdpYReBaqsbgOYH
vQin2PdNs6DFq1Nd43a+4Kp8rJCGmOnXwNKrw/W80J09tAeelIjJMs1c9LAA3m5N
5YzJhGW7o6x90lLovJp/40LON9wx2sNTVW2nJDOOHH31
-----END CERTIFICATE-----