This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/BCswXhh13-96UzaS6jsy6o1xQtA.roa
File:                     BCswXhh13-96UzaS6jsy6o1xQtA.roa (raw, json)
Hash identifier:          ZcV3c026LJ5PD6nm+askgP2WeXj6YnsPaEau8hz76oA=
Subject key identifier:   04:2B:30:5E:18:75:DF:EF:7A:53:36:92:EA:3B:32:EA:8D:71:42:D0
Certificate issuer:       /CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
Certificate serial:       019B77C70028206E3C24D0B360905CCC6CC4
Authority key identifier: 1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/BCswXhh13-96UzaS6jsy6o1xQtA.roa
Signing time:             Thu 01 Jan 2026 04:18:08 +0000
ROA not before:           Thu 01 Jan 2026 04:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48737
IP address blocks:        195.49.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:00:28:20:6e:3c:24:d0:b3:60:90:5c:cc:6c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
        Validity
            Not Before: Jan  1 04:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=042b305e1875dfef7a533692ea3b32ea8d7142d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3e:b4:da:d7:7c:27:6b:b4:62:58:8e:46:01:
                    7b:d2:13:57:17:ec:9e:33:95:af:b9:31:f2:c9:1e:
                    2e:09:ce:a8:a8:55:82:47:3d:cd:90:ee:01:47:c1:
                    b2:c6:28:93:13:9f:1c:ac:be:50:9c:5f:48:b3:9d:
                    8a:25:9b:31:2b:ca:cf:2b:e2:1f:12:5c:d8:be:6a:
                    5b:c2:f1:3b:6f:cc:5c:cb:3a:f2:68:96:c0:b3:55:
                    47:5d:c1:3c:d7:97:e7:9e:ee:8b:8f:72:a4:26:44:
                    63:f1:11:94:ad:0a:60:be:43:01:0d:0c:33:06:57:
                    c3:74:e9:64:94:7d:58:88:dd:e0:0e:6a:45:7c:12:
                    a1:2d:be:4c:bb:ec:58:8f:9a:cf:06:7a:24:6c:27:
                    f8:46:5e:2a:fa:54:fd:55:2c:a9:33:bc:a2:ec:f3:
                    aa:82:b8:0a:95:4c:11:3d:eb:c2:75:64:73:71:fc:
                    7e:d8:80:22:a3:6d:37:b1:82:40:61:b4:98:01:c6:
                    a1:e8:f2:4e:0d:21:a7:f4:3c:f1:0d:c7:84:0f:67:
                    31:e3:83:39:12:87:e5:22:59:2f:20:91:f4:8f:c2:
                    d4:cd:a4:b9:b0:88:e0:b8:74:25:e5:eb:d8:73:65:
                    4c:55:6d:4f:0a:40:5b:b9:a1:5d:4d:3a:f1:bd:db:
                    ac:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:2B:30:5E:18:75:DF:EF:7A:53:36:92:EA:3B:32:EA:8D:71:42:D0
            X509v3 Authority Key Identifier:
                keyid:1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/BCswXhh13-96UzaS6jsy6o1xQtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:8c:63:38:11:f0:63:97:28:24:94:95:12:6f:d6:f1:53:10:
         29:96:31:21:be:9c:dd:bd:48:a1:f9:8f:8c:d1:29:1b:a1:c4:
         03:7a:f6:d9:f9:17:2b:f0:c8:bd:a8:7d:d4:c9:8b:0e:78:be:
         d3:6e:d9:5b:c1:68:b8:32:32:2c:5b:86:97:0f:84:a4:37:a9:
         2e:39:b1:1e:4f:dd:ae:81:02:0d:1a:6e:86:6e:c6:87:e3:7b:
         ab:01:99:da:c0:4b:3c:14:98:55:90:36:2a:d2:a5:73:44:31:
         35:68:99:ba:b0:de:cf:ff:2d:53:90:66:ef:bf:5e:4a:34:ea:
         2a:b6:20:50:61:e8:03:23:af:08:2a:8d:7b:e1:7f:32:01:e7:
         21:21:62:01:9f:57:2f:9e:bb:ab:b2:d2:9a:64:8b:26:45:e6:
         a3:86:18:8d:0d:9f:96:4f:5e:8d:c2:ac:b7:ad:89:93:b0:1f:
         8b:08:34:6b:28:33:4f:20:ea:e3:26:43:d1:4e:9a:37:28:1a:
         3a:1c:b3:af:d1:fc:cd:45:14:97:98:50:b6:19:04:82:f3:f6:
         de:74:6f:aa:cb:de:64:d3:e4:24:04:f5:f4:33:05:5b:11:fb:
         15:68:6a:9b:b2:9b:c6:c5:c3:ab:4d:6a:ab:40:da:43:44:c6:
         29:aa:9d:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xwAoIG48JNCzYJBczGzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGY4MDAxYzMwY2FjNTQ2ZTNmOTIxMDNiNGIxMjczMmRm
Y2JmNTIwHhcNMjYwMTAxMDQxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDJiMzA1ZTE4NzVkZmVmN2E1MzM2OTJlYTNiMzJlYThkNzE0MmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT602td8J2u0YliORgF70hNXF+ye
M5WvuTHyyR4uCc6oqFWCRz3NkO4BR8GyxiiTE58crL5QnF9Is52KJZsxK8rPK+If
ElzYvmpbwvE7b8xcyzryaJbAs1VHXcE815fnnu6Lj3KkJkRj8RGUrQpgvkMBDQwz
BlfDdOlklH1YiN3gDmpFfBKhLb5Mu+xYj5rPBnokbCf4Rl4q+lT9VSypM7yi7POq
grgKlUwRPevCdWRzcfx+2IAio203sYJAYbSYAcah6PJODSGn9DzxDceED2cx44M5
EoflIlkvIJH0j8LUzaS5sIjguHQl5evYc2VMVW1PCkBbuaFdTTrxvdushwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQrMF4Ydd/velM2kuo7MuqNcULQMB8GA1UdIwQY
MBaAFBpPgAHDDKxUbj+SEDtLEnMt/L9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEt
MzhkNGYzMjExODk2LzEvQkNzd1hoaDEzLTk2VXphUzZqc3k2bzF4UXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEtMzhkNGYzMjExODk2
LzEvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzHuMA0G
CSqGSIb3DQEBCwUAA4IBAQA+jGM4EfBjlygklJUSb9bxUxApljEhvpzdvUih+Y+M
0SkbocQDevbZ+Rcr8Mi9qH3UyYsOeL7TbtlbwWi4MjIsW4aXD4SkN6kuObEeT92u
gQINGm6GbsaH43urAZnawEs8FJhVkDYq0qVzRDE1aJm6sN7P/y1TkGbvv15KNOoq
tiBQYegDI68IKo174X8yAechIWIBn1cvnrurstKaZIsmReajhhiNDZ+WT16Nwqy3
rYmTsB+LCDRrKDNPIOrjJkPRTpo3KBo6HLOv0fzNRRSXmFC2GQSC8/bedG+qy95k
0+QkBPX0MwVbEfsVaGqbspvGxcOrTWqrQNpDRMYpqp30
-----END CERTIFICATE-----