This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/BbSoHPZ6_5cJFXmdCfnvim5a3TI.roa
File:                     BbSoHPZ6_5cJFXmdCfnvim5a3TI.roa (raw, json)
Hash identifier:          McuildlUAIggMuk9JmdtRzn1hMk29EnAK+dUtR/t2JI=
Subject key identifier:   05:B4:A8:1C:F6:7A:FF:97:09:15:79:9D:09:F9:EF:8A:6E:5A:DD:32
Certificate issuer:       /CN=9fd9886e2db2709db22364e334d39e2ee488d36e
Certificate serial:       019B7F157B5E2AF6BA42C9C46142DDAB49AC
Authority key identifier: 9F:D9:88:6E:2D:B2:70:9D:B2:23:64:E3:34:D3:9E:2E:E4:88:D3:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n9mIbi2ycJ2yI2TjNNOeLuSI024.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/BbSoHPZ6_5cJFXmdCfnvim5a3TI.roa
Signing time:             Fri 02 Jan 2026 14:21:12 +0000
ROA not before:           Fri 02 Jan 2026 14:21:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20847
IP address blocks:        185.158.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/n9mIbi2ycJ2yI2TjNNOeLuSI024.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/n9mIbi2ycJ2yI2TjNNOeLuSI024.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n9mIbi2ycJ2yI2TjNNOeLuSI024.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:7b:5e:2a:f6:ba:42:c9:c4:61:42:dd:ab:49:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fd9886e2db2709db22364e334d39e2ee488d36e
        Validity
            Not Before: Jan  2 14:21:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05b4a81cf67aff970915799d09f9ef8a6e5add32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:86:d2:67:61:0d:04:43:6d:e4:27:23:6a:73:
                    fa:72:20:05:7b:f3:da:8f:78:ad:54:a4:d4:08:ed:
                    0e:bb:35:b9:4c:e2:3a:9b:28:e7:29:1c:5f:c8:68:
                    61:e1:27:c9:97:dc:45:7e:8d:a5:5d:5e:87:0a:77:
                    56:53:0e:22:ca:11:0c:a6:10:02:c5:1d:e7:68:9f:
                    ff:37:a6:6e:40:e3:b4:fc:52:34:9b:f1:69:96:b7:
                    c2:08:c6:b6:b5:52:22:09:55:dc:d7:83:48:4a:b3:
                    2f:2c:f8:c1:d5:72:70:28:13:ad:de:0c:37:bd:02:
                    aa:ea:15:bd:30:40:d2:6d:7f:78:d9:ef:05:60:c0:
                    09:7d:11:c0:49:f8:40:58:7a:77:7f:1d:bb:0a:d4:
                    8f:29:4b:3b:42:5a:d8:12:39:18:9b:f6:37:b9:6d:
                    24:14:54:ea:9b:69:89:c4:ca:5a:4a:93:32:44:ad:
                    65:aa:94:bf:3d:86:78:f0:15:3d:d9:95:95:d4:d9:
                    fe:4a:69:94:da:39:08:7f:9c:17:b4:26:ad:b6:bd:
                    e1:76:c7:e0:2f:df:20:36:a2:d6:9e:8e:f6:89:34:
                    a4:24:0a:ce:cd:1e:c1:6c:2f:3a:e2:9b:27:1b:22:
                    70:fe:ec:97:fd:e0:d2:ce:84:6b:74:af:1e:88:dd:
                    63:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B4:A8:1C:F6:7A:FF:97:09:15:79:9D:09:F9:EF:8A:6E:5A:DD:32
            X509v3 Authority Key Identifier:
                keyid:9F:D9:88:6E:2D:B2:70:9D:B2:23:64:E3:34:D3:9E:2E:E4:88:D3:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n9mIbi2ycJ2yI2TjNNOeLuSI024.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/BbSoHPZ6_5cJFXmdCfnvim5a3TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/n9mIbi2ycJ2yI2TjNNOeLuSI024.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:49:7c:b2:4f:69:fd:68:38:0e:4b:5c:b7:2a:9a:01:b1:50:
         0b:74:85:33:23:e1:a7:34:98:e1:1f:6a:12:e1:8d:c2:65:14:
         e8:0f:67:12:a2:01:ce:6a:4c:68:4c:d1:f2:86:00:5e:d9:11:
         6b:9d:5a:f0:a4:30:b7:25:8f:f2:7d:fd:2f:80:e4:5a:27:1b:
         bb:8c:a6:38:5c:84:0a:91:40:0a:17:d1:f1:03:ed:f9:71:c1:
         ff:77:64:08:85:ec:c1:d2:3e:ea:9d:d6:74:6d:bd:27:cc:30:
         0a:dd:d9:fa:00:81:26:b3:1a:07:ff:7c:a0:80:05:8d:dc:6f:
         98:13:75:10:9b:e0:38:49:40:c8:4b:19:98:b8:df:74:19:39:
         ff:ff:6e:68:95:b8:ed:ab:05:67:10:1b:eb:2e:c8:15:fb:40:
         b3:9d:b1:44:df:4b:8f:8d:a9:66:a2:64:21:54:09:0b:9a:c8:
         fe:71:4e:fb:00:6f:69:ee:47:ab:b4:dd:ea:db:ed:16:27:03:
         aa:f2:fc:74:62:12:7a:f4:73:97:42:82:d9:ba:7a:3b:cf:46:
         8e:3a:8a:94:9d:58:bb:11:8f:d1:e0:51:39:dd:34:74:69:03:
         e2:2a:6b:8e:ee:61:0d:0b:a0:50:2d:b4:15:e7:43:32:40:29:
         de:21:b1:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXteKva6QsnEYULdq0msMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZDk4ODZlMmRiMjcwOWRiMjIzNjRlMzM0ZDM5ZTJlZTQ4
OGQzNmUwHhcNMjYwMTAyMTQyMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWI0YTgxY2Y2N2FmZjk3MDkxNTc5OWQwOWY5ZWY4YTZlNWFkZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIbSZ2ENBENt5CcjanP6ciAFe/Pa
j3itVKTUCO0OuzW5TOI6myjnKRxfyGhh4SfJl9xFfo2lXV6HCndWUw4iyhEMphAC
xR3naJ//N6ZuQOO0/FI0m/FplrfCCMa2tVIiCVXc14NISrMvLPjB1XJwKBOt3gw3
vQKq6hW9MEDSbX942e8FYMAJfRHASfhAWHp3fx27CtSPKUs7QlrYEjkYm/Y3uW0k
FFTqm2mJxMpaSpMyRK1lqpS/PYZ48BU92ZWV1Nn+SmmU2jkIf5wXtCattr3hdsfg
L98gNqLWno72iTSkJArOzR7BbC864psnGyJw/uyX/eDSzoRrdK8eiN1jowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAW0qBz2ev+XCRV5nQn574puWt0yMB8GA1UdIwQY
MBaAFJ/ZiG4tsnCdsiNk4zTTni7kiNNuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjltSWJpMnljSjJ5STJUak5OT2VMdVNJMDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS85ZjY4NzItNTgxYi00ZDQ3LWJjNmEt
ZWJhMGNkNTdjMDIwLzEvQmJTb0hQWjZfNWNKRlhtZENmbnZpbTVhM1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS85ZjY4NzItNTgxYi00ZDQ3LWJjNmEtZWJhMGNkNTdjMDIw
LzEvbjltSWJpMnljSjJ5STJUak5OT2VMdVNJMDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ7IMA0G
CSqGSIb3DQEBCwUAA4IBAQBOSXyyT2n9aDgOS1y3KpoBsVALdIUzI+GnNJjhH2oS
4Y3CZRToD2cSogHOakxoTNHyhgBe2RFrnVrwpDC3JY/yff0vgORaJxu7jKY4XIQK
kUAKF9HxA+35ccH/d2QIhezB0j7qndZ0bb0nzDAK3dn6AIEmsxoH/3yggAWN3G+Y
E3UQm+A4SUDISxmYuN90GTn//25olbjtqwVnEBvrLsgV+0CznbFE30uPjalmomQh
VAkLmsj+cU77AG9p7kertN3q2+0WJwOq8vx0YhJ69HOXQoLZuno7z0aOOoqUnVi7
EY/R4FE53TR0aQPiKmuO7mENC6BQLbQV50MyQCneIbGe
-----END CERTIFICATE-----