This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/BSSjKlHFChUEI7UNPGcgVGQIMGQ.roa
File:                     BSSjKlHFChUEI7UNPGcgVGQIMGQ.roa (raw, json)
Hash identifier:          gAyHnonUZ3YhlZs8Bw/b4nOc3ZBRTxJbg4YBiYurlLc=
Subject key identifier:   05:24:A3:2A:51:C5:0A:15:04:23:B5:0D:3C:67:20:54:64:08:30:64
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       019AC02586E03F9B9A2BFE57966B833F15BE
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/BSSjKlHFChUEI7UNPGcgVGQIMGQ.roa
Signing time:             Wed 26 Nov 2025 12:31:15 +0000
ROA not before:           Wed 26 Nov 2025 12:31:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.95.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c0:25:86:e0:3f:9b:9a:2b:fe:57:96:6b:83:3f:15:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Nov 26 12:31:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0524a32a51c50a150423b50d3c67205464083064
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:da:22:3f:a0:2f:b8:2c:33:cc:11:45:a2:6e:
                    89:7e:dc:b9:2d:f0:c5:a4:03:3e:b1:39:2b:9d:6b:
                    ca:30:68:c6:94:37:8b:76:4e:fb:74:4b:7f:aa:ae:
                    d3:7d:ad:38:ef:1e:93:4b:39:7b:7e:67:b6:ad:1e:
                    fa:30:05:9e:6b:92:ab:b5:cd:d9:fc:01:19:59:de:
                    46:33:57:20:75:18:7b:38:90:97:56:20:57:d6:61:
                    aa:d5:3a:f8:e3:bd:67:c2:95:9c:f6:87:ca:be:f2:
                    c5:ae:5f:e1:74:ac:03:ed:42:cb:72:a2:bc:d4:d4:
                    9d:ef:37:e3:cd:27:8e:55:47:76:20:70:f5:25:ff:
                    b4:65:00:6b:51:08:cf:f9:aa:0f:40:fd:29:e6:73:
                    4a:20:f2:82:bf:0f:59:75:34:17:e8:5d:45:dd:c4:
                    2b:39:d9:58:60:c4:ae:43:8b:63:d8:45:5c:0a:93:
                    0d:25:6d:6d:e5:7d:b5:16:29:9f:48:4d:4a:5e:57:
                    8b:0b:5f:92:36:50:41:fa:e2:5d:ce:5a:9b:a4:b9:
                    90:cc:40:c9:62:3f:a2:f3:05:ca:1c:f9:56:e2:8b:
                    3c:0f:cc:67:63:f6:8c:11:31:31:21:ec:f2:85:d0:
                    fe:49:84:a6:00:45:0b:5a:ff:80:5c:43:fa:3f:ae:
                    23:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:24:A3:2A:51:C5:0A:15:04:23:B5:0D:3C:67:20:54:64:08:30:64
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/BSSjKlHFChUEI7UNPGcgVGQIMGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ce:b9:ef:bb:68:10:c9:e5:ac:3b:69:93:4c:59:63:99:45:
         1e:7e:13:13:05:a6:ba:00:00:bc:0f:a7:dc:c3:39:16:d3:86:
         31:75:41:40:da:2a:cf:1e:c4:f7:30:44:f4:6c:77:95:ec:9b:
         9c:9a:dc:88:0e:dd:f1:e6:55:c7:79:c4:cb:b2:f5:22:29:a1:
         61:8b:6b:ac:0b:46:e1:a5:93:b8:7c:bd:cb:34:a2:2e:f5:06:
         6d:97:c0:ea:28:73:cf:52:4c:a5:24:2f:cf:a7:3b:1c:7b:60:
         6a:31:54:50:0e:27:d7:d3:6c:3e:63:f6:88:aa:90:38:44:8d:
         3b:52:92:f1:d4:33:de:ff:0f:88:9f:41:65:62:e1:fe:58:65:
         14:fa:85:a5:e9:e3:da:6e:00:d0:5f:5c:2a:00:f3:da:fc:1a:
         cb:01:8b:0b:da:9c:ec:29:fd:80:95:4a:b5:6c:a1:09:05:b5:
         35:16:6a:c9:c3:f0:d3:b0:a4:13:28:c3:7b:0d:87:16:e1:f7:
         5a:4f:15:d0:90:66:3a:36:34:6c:9b:43:72:05:17:f4:da:65:
         c5:d8:86:fe:5c:8b:93:c7:41:68:cf:e9:c2:54:6b:cb:7e:2e:
         8e:72:49:4e:92:8c:b5:8b:f7:be:d1:33:d2:65:1e:83:32:c9:
         32:5d:fa:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrAJYbgP5uaK/5XlmuDPxW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjUxMTI2MTIzMTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTI0YTMyYTUxYzUwYTE1MDQyM2I1MGQzYzY3MjA1NDY0MDgzMDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9oiP6AvuCwzzBFFom6Jfty5LfDF
pAM+sTkrnWvKMGjGlDeLdk77dEt/qq7Tfa047x6TSzl7fme2rR76MAWea5Krtc3Z
/AEZWd5GM1cgdRh7OJCXViBX1mGq1Tr4471nwpWc9ofKvvLFrl/hdKwD7ULLcqK8
1NSd7zfjzSeOVUd2IHD1Jf+0ZQBrUQjP+aoPQP0p5nNKIPKCvw9ZdTQX6F1F3cQr
OdlYYMSuQ4tj2EVcCpMNJW1t5X21FimfSE1KXleLC1+SNlBB+uJdzlqbpLmQzEDJ
Yj+i8wXKHPlW4os8D8xnY/aMETExIezyhdD+SYSmAEULWv+AXEP6P64jKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUkoypRxQoVBCO1DTxnIFRkCDBkMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvQlNTaktsSEZDaFVFSTdVTlBHY2dWR1FJTUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/PMA0G
CSqGSIb3DQEBCwUAA4IBAQBWzrnvu2gQyeWsO2mTTFljmUUefhMTBaa6AAC8D6fc
wzkW04YxdUFA2irPHsT3MET0bHeV7JucmtyIDt3x5lXHecTLsvUiKaFhi2usC0bh
pZO4fL3LNKIu9QZtl8DqKHPPUkylJC/Ppzsce2BqMVRQDifX02w+Y/aIqpA4RI07
UpLx1DPe/w+In0FlYuH+WGUU+oWl6ePabgDQX1wqAPPa/BrLAYsL2pzsKf2AlUq1
bKEJBbU1FmrJw/DTsKQTKMN7DYcW4fdaTxXQkGY6NjRsm0NyBRf02mXF2Ib+XIuT
x0Foz+nCVGvLfi6OcklOkoy1i/e+0TPSZR6DMskyXfq3
-----END CERTIFICATE-----