This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/BAVDDiRWoMAqu98Drh7YZtZf_N4.roa
File:                     BAVDDiRWoMAqu98Drh7YZtZf_N4.roa (raw, json)
Hash identifier:          Z2K4a+IOp7mIUwJjr+WoEaxKhLVjEg1O3nqMaAntHRg=
Subject key identifier:   04:05:43:0E:24:56:A0:C0:2A:BB:DF:03:AE:1E:D8:66:D6:5F:FC:DE
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       019B7C80884CC8AF93CAA8C5FE5EC66A0355
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/BAVDDiRWoMAqu98Drh7YZtZf_N4.roa
Signing time:             Fri 02 Jan 2026 02:19:16 +0000
ROA not before:           Fri 02 Jan 2026 02:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209183
IP address blocks:        2a0c:f642::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:88:4c:c8:af:93:ca:a8:c5:fe:5e:c6:6a:03:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  2 02:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0405430e2456a0c02abbdf03ae1ed866d65ffcde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a5:ee:e4:91:2f:d4:88:90:36:a9:75:ce:b7:
                    b5:df:0c:fc:2c:19:c9:91:d0:23:c8:3b:38:71:3e:
                    a8:a8:f4:e9:15:88:ea:19:5c:9b:be:de:bc:d8:96:
                    42:c8:68:13:16:16:2f:56:17:f5:75:14:24:de:90:
                    99:5d:33:29:7d:9b:c3:7d:56:53:bc:2d:46:3d:db:
                    de:db:ec:ab:ea:95:25:f7:98:80:f9:19:55:82:5d:
                    5f:e6:fe:6e:87:d6:b6:6f:75:b9:1c:9c:51:3e:b5:
                    c4:92:9f:36:44:bd:2b:3d:d4:48:c2:a1:41:2b:1c:
                    32:d0:d7:07:cf:43:08:90:1c:9e:95:c1:18:b0:52:
                    a7:7d:cb:9d:0f:0a:f8:7d:c1:d6:e4:63:85:c4:c7:
                    c2:e2:20:ef:67:35:f3:fb:85:d5:91:6d:ea:f1:82:
                    2a:b3:2f:eb:54:28:1b:aa:70:64:ac:b7:ef:0d:a8:
                    9b:b9:67:ea:1d:ad:28:35:a4:12:08:73:ea:70:54:
                    dc:0c:f6:ff:8f:0a:8b:e4:38:e8:0f:f8:fc:d0:ee:
                    23:61:72:d9:70:9e:50:a9:ca:4e:4f:12:75:ae:02:
                    b8:4b:a4:fb:10:42:90:4c:a6:3f:71:1a:3f:18:1b:
                    b4:d7:c4:9d:7b:7a:be:a0:0f:08:ae:30:40:c4:9c:
                    f2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:05:43:0E:24:56:A0:C0:2A:BB:DF:03:AE:1E:D8:66:D6:5F:FC:DE
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/BAVDDiRWoMAqu98Drh7YZtZf_N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f642::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:8c:de:5f:3b:b5:56:cc:97:6b:75:68:61:70:22:ad:ed:f1:
         0a:05:57:54:8e:64:b9:99:ed:9b:5e:c4:a8:86:5c:fd:5f:f6:
         ca:3e:1f:e9:ec:49:0b:c0:b1:60:87:73:40:49:b3:67:9a:84:
         d7:19:be:db:15:9e:fb:fc:11:f1:30:8e:83:82:2b:f5:ca:f6:
         fe:ca:ba:bb:e6:0d:ad:eb:c2:2f:a6:bd:55:fd:27:17:7a:cc:
         63:cb:65:4a:d8:7f:00:3d:98:1d:66:64:dc:8c:dd:9d:c9:ab:
         7c:39:83:f6:ad:2e:be:08:6f:8a:87:57:4c:d3:82:db:67:24:
         c1:51:a8:f9:de:1d:36:a6:f6:26:15:e4:12:fb:d5:e8:63:32:
         31:8c:52:3f:e2:c7:7a:28:3e:97:0b:94:cf:b9:14:05:da:af:
         0a:d9:d9:88:c1:47:8e:14:7c:d2:da:c1:09:4e:fd:ee:80:c7:
         c1:cf:43:dd:3c:d9:a7:65:28:f4:d5:7a:a1:b8:9a:8c:c8:84:
         00:c8:4c:e8:01:8d:15:c8:71:88:55:92:5f:a3:21:f1:7c:a0:
         88:e8:53:b7:ea:83:55:16:85:d6:28:e3:de:50:49:83:dd:b9:
         38:e9:40:44:17:3b:40:49:1e:af:e7:c3:bb:33:49:ac:39:99:
         b1:82:45:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt8gIhMyK+TyqjF/l7GagNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwMTAyMDIxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA1NDMwZTI0NTZhMGMwMmFiYmRmMDNhZTFlZDg2NmQ2NWZmY2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKXu5JEv1IiQNql1zre13wz8LBnJ
kdAjyDs4cT6oqPTpFYjqGVybvt682JZCyGgTFhYvVhf1dRQk3pCZXTMpfZvDfVZT
vC1GPdve2+yr6pUl95iA+RlVgl1f5v5uh9a2b3W5HJxRPrXEkp82RL0rPdRIwqFB
Kxwy0NcHz0MIkByelcEYsFKnfcudDwr4fcHW5GOFxMfC4iDvZzXz+4XVkW3q8YIq
sy/rVCgbqnBkrLfvDaibuWfqHa0oNaQSCHPqcFTcDPb/jwqL5DjoD/j80O4jYXLZ
cJ5QqcpOTxJ1rgK4S6T7EEKQTKY/cRo/GBu018Sde3q+oA8IrjBAxJzytwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAQFQw4kVqDAKrvfA64e2GbWX/zeMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvQkFWRERpUldvTUFxdTk4RHJoN1ladFpmX040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgz2QjAN
BgkqhkiG9w0BAQsFAAOCAQEAf4zeXzu1VsyXa3VoYXAire3xCgVXVI5kuZntm17E
qIZc/V/2yj4f6exJC8CxYIdzQEmzZ5qE1xm+2xWe+/wR8TCOg4Ir9cr2/sq6u+YN
revCL6a9Vf0nF3rMY8tlSth/AD2YHWZk3IzdncmrfDmD9q0uvghviodXTNOC22ck
wVGo+d4dNqb2JhXkEvvV6GMyMYxSP+LHeig+lwuUz7kUBdqvCtnZiMFHjhR80trB
CU797oDHwc9D3TzZp2Uo9NV6obiajMiEAMhM6AGNFchxiFWSX6Mh8XygiOhTt+qD
VRaF1ijj3lBJg925OOlARBc7QEker+fDuzNJrDmZsYJF3Q==
-----END CERTIFICATE-----