This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/BmKkxsvsllYGRv2VQUx8x8IPybM.roa
File:                     BmKkxsvsllYGRv2VQUx8x8IPybM.roa (raw, json)
Hash identifier:          iJVvCwQgSkbFGgNZWYbEzkgvbnxvQYXvysN7fV/Jo/I=
Subject key identifier:   06:62:A4:C6:CB:EC:96:56:06:46:FD:95:41:4C:7C:C7:C2:0F:C9:B3
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       019B7BA3EC1B6FDA3F94F9683D7CF762F73D
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/BmKkxsvsllYGRv2VQUx8x8IPybM.roa
Signing time:             Thu 01 Jan 2026 22:18:18 +0000
ROA not before:           Thu 01 Jan 2026 22:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213439
IP address blocks:        91.82.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:ec:1b:6f:da:3f:94:f9:68:3d:7c:f7:62:f7:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 22:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0662a4c6cbec96560646fd95414c7cc7c20fc9b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:09:67:9d:13:bf:69:74:27:82:03:1d:85:6b:
                    bf:f1:65:25:9e:87:43:3a:fd:16:fe:7d:f2:00:00:
                    db:f3:26:e4:f8:6d:15:df:c5:28:85:64:d7:e3:28:
                    cc:07:0e:6a:37:ba:ae:68:fc:18:b4:11:a6:8b:5e:
                    1b:fb:a4:4c:c4:2a:c0:10:e4:ee:09:0e:9d:10:93:
                    60:2a:5b:03:99:ab:4f:98:80:77:f5:e5:38:29:b9:
                    30:ee:ed:fa:e3:23:83:e9:d9:c5:85:0b:ac:0e:cd:
                    06:44:a5:83:8f:c3:66:b7:b7:7a:bf:78:67:fc:e3:
                    d1:d5:18:5c:63:6f:5c:ea:76:39:0f:31:07:ab:61:
                    8f:50:3d:c9:38:ae:02:f5:76:05:40:bc:08:ab:c2:
                    1c:3f:17:82:8e:36:14:2f:92:e1:21:d5:a9:e8:62:
                    9a:dd:06:7e:49:c4:4c:c0:b1:8b:16:23:e8:f6:4a:
                    9e:42:7a:40:d1:58:26:bc:d6:1f:23:fc:05:d0:cc:
                    23:90:ae:72:62:93:75:da:82:21:0e:20:59:fa:ea:
                    cd:27:6a:8f:8e:e3:88:c6:f9:b9:d8:1f:08:90:2a:
                    da:13:3c:d5:84:b5:87:ca:e1:81:e9:7d:ec:06:5f:
                    ce:34:4b:cf:d4:98:95:3b:c7:dc:a7:5a:23:85:bd:
                    6b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:62:A4:C6:CB:EC:96:56:06:46:FD:95:41:4C:7C:C7:C2:0F:C9:B3
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/BmKkxsvsllYGRv2VQUx8x8IPybM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.82.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:d7:37:a1:ea:1e:5e:5e:31:aa:5d:b1:ff:51:34:44:b4:34:
         27:f7:43:40:40:2d:15:54:09:70:b1:70:e7:11:01:e4:44:dc:
         cc:22:d9:0f:37:c5:cd:3f:24:b2:20:71:0a:0e:cc:98:3c:e1:
         3a:50:a6:ef:f3:69:33:8d:95:41:da:56:fc:c9:59:76:ce:87:
         75:28:58:83:8b:17:90:2d:27:8a:aa:a5:41:fb:93:14:4f:8e:
         b1:58:39:d6:7e:87:85:3a:ee:a9:05:bc:13:25:b0:ac:09:55:
         bc:98:e8:50:8a:a6:3e:dd:dd:ff:f9:33:62:56:ba:81:b3:67:
         5b:f6:d3:b5:11:ae:98:65:f6:c9:4c:e6:e9:5a:d3:33:32:59:
         a1:7f:ef:79:97:a0:de:5a:f4:d9:f8:28:b0:a3:d9:52:cb:08:
         ef:f9:0c:30:d6:07:65:90:6c:80:00:ea:c7:ee:ea:e4:6d:0e:
         c7:ab:26:32:06:77:d5:0e:e9:53:50:8a:dc:7b:22:ce:84:d0:
         74:30:fe:b7:28:b5:f7:f2:c6:b0:13:8f:2e:bb:e5:c9:08:67:
         c2:c2:a9:dc:d6:c8:70:3b:73:0a:a8:f8:d3:e9:18:f7:e3:00:
         4b:b4:02:9a:f1:cf:c5:01:34:5d:4c:1b:2d:5e:da:b4:63:d6:
         ba:bd:a8:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o+wbb9o/lPloPXz3Yvc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjYwMTAxMjIxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjYyYTRjNmNiZWM5NjU2MDY0NmZkOTU0MTRjN2NjN2MyMGZjOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9AlnnRO/aXQnggMdhWu/8WUlnodD
Ov0W/n3yAADb8ybk+G0V38UohWTX4yjMBw5qN7quaPwYtBGmi14b+6RMxCrAEOTu
CQ6dEJNgKlsDmatPmIB39eU4Kbkw7u364yOD6dnFhQusDs0GRKWDj8Nmt7d6v3hn
/OPR1RhcY29c6nY5DzEHq2GPUD3JOK4C9XYFQLwIq8IcPxeCjjYUL5LhIdWp6GKa
3QZ+ScRMwLGLFiPo9kqeQnpA0VgmvNYfI/wF0MwjkK5yYpN12oIhDiBZ+urNJ2qP
juOIxvm52B8IkCraEzzVhLWHyuGB6X3sBl/ONEvP1JiVO8fcp1ojhb1rTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZipMbL7JZWBkb9lUFMfMfCD8mzMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvQm1La3hzdnNsbFlHUnYyVlFVeDh4OElQeWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1LdMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ1zeh6h5eXjGqXbH/UTREtDQn90NAQC0VVAlwsXDn
EQHkRNzMItkPN8XNPySyIHEKDsyYPOE6UKbv82kzjZVB2lb8yVl2zod1KFiDixeQ
LSeKqqVB+5MUT46xWDnWfoeFOu6pBbwTJbCsCVW8mOhQiqY+3d3/+TNiVrqBs2db
9tO1Ea6YZfbJTObpWtMzMlmhf+95l6DeWvTZ+Ciwo9lSywjv+Qww1gdlkGyAAOrH
7urkbQ7HqyYyBnfVDulTUIrceyLOhNB0MP63KLX38sawE48uu+XJCGfCwqnc1shw
O3MKqPjT6Rj34wBLtAKa8c/FATRdTBstXtq0Y9a6vag3
-----END CERTIFICATE-----