This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/baFyB991hO6zmvEFA-bUR-SSeO0.roa
File:                     baFyB991hO6zmvEFA-bUR-SSeO0.roa (raw, json)
Hash identifier:          HCQWZRB071vWE048uQIisBvoukGqn9JR/elQALPMrxE=
Subject key identifier:   6D:A1:72:07:DF:75:84:EE:B3:9A:F1:05:03:E6:D4:47:E4:92:78:ED
Certificate issuer:       /CN=353e3f28e647e92ac8a710c305c2e21b623edc1c
Certificate serial:       019B79ECD33154512C0B2653110DB67C2E0D
Authority key identifier: 35:3E:3F:28:E6:47:E9:2A:C8:A7:10:C3:05:C2:E2:1B:62:3E:DC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/baFyB991hO6zmvEFA-bUR-SSeO0.roa
Signing time:             Thu 01 Jan 2026 14:18:42 +0000
ROA not before:           Thu 01 Jan 2026 14:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60397
IP address blocks:        37.152.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:d3:31:54:51:2c:0b:26:53:11:0d:b6:7c:2e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=353e3f28e647e92ac8a710c305c2e21b623edc1c
        Validity
            Not Before: Jan  1 14:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6da17207df7584eeb39af10503e6d447e49278ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2e:23:92:a3:d2:db:53:a7:1e:7e:27:c2:ad:
                    52:19:82:fc:35:0e:1b:76:77:ee:c3:8b:67:ac:21:
                    ee:65:ec:83:d2:36:4a:ac:f9:62:04:df:72:2d:4d:
                    b0:6e:a0:68:91:7f:04:20:1a:b9:1a:6b:57:80:08:
                    44:3c:03:9b:51:af:24:2c:84:e4:ac:be:bd:47:9a:
                    9d:cc:b6:ad:6e:46:b4:f0:f9:b1:7d:3a:c1:09:29:
                    1a:46:1a:59:53:37:bc:93:0f:af:ad:be:7e:37:c7:
                    86:be:a4:c7:ef:c1:5a:48:a3:2b:f2:a8:3d:4a:b9:
                    f6:06:33:93:85:ac:86:a9:79:13:e0:d3:0c:f4:63:
                    07:64:f6:b1:4a:22:33:01:60:b8:29:fe:6a:85:53:
                    99:0b:93:e3:83:59:c5:ed:ae:89:5c:d1:3b:95:aa:
                    79:a5:10:39:18:22:04:b4:b8:dd:da:5d:35:c0:04:
                    7d:84:fc:0d:cd:34:ac:68:80:80:df:8d:9a:6b:ee:
                    63:b7:ab:db:e1:be:93:61:f0:ec:32:20:e5:fb:84:
                    0e:95:f3:30:4a:1e:b2:8b:ec:e1:ad:7d:f2:a1:33:
                    f3:7b:ea:8a:b3:04:4e:23:fd:53:a1:89:25:a3:65:
                    68:41:11:84:15:7a:a2:8a:03:83:4e:77:45:51:3b:
                    c0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A1:72:07:DF:75:84:EE:B3:9A:F1:05:03:E6:D4:47:E4:92:78:ED
            X509v3 Authority Key Identifier:
                keyid:35:3E:3F:28:E6:47:E9:2A:C8:A7:10:C3:05:C2:E2:1B:62:3E:DC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/baFyB991hO6zmvEFA-bUR-SSeO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:d1:3d:c3:7e:d8:0c:fb:d8:7c:0e:f0:b2:77:18:1b:43:1d:
         93:f6:68:42:92:1b:d5:32:99:e6:1e:4a:dc:ab:29:e2:e3:cc:
         43:fb:9d:67:21:83:95:57:c8:9b:4e:f6:ea:81:d9:06:44:30:
         d3:90:80:ad:a0:ae:e6:9f:ab:92:36:ce:9e:92:0f:02:52:11:
         dd:7b:03:30:7d:4d:cb:33:fc:80:0f:ae:ed:b0:b7:b4:2b:6b:
         e7:85:14:d3:8e:c9:51:39:7e:01:c1:b0:3a:c9:71:0d:d4:27:
         25:f0:ea:4a:59:bf:30:02:12:17:c0:8a:f0:0f:cb:37:15:60:
         9d:2a:98:20:4b:a2:70:a6:a1:8b:ea:d0:38:67:e9:87:f4:ef:
         7c:11:00:2a:30:4c:23:32:4c:05:88:57:79:2e:a7:5c:cf:14:
         50:dc:9b:6e:39:52:76:0e:10:8d:e1:e0:c6:b7:f6:d1:32:1e:
         c1:40:32:46:cd:1d:0a:64:2e:e0:b5:0d:44:b1:dd:a3:59:42:
         da:67:24:da:99:91:ea:1b:1d:60:1d:1f:2b:79:22:65:76:fe:
         00:7d:c7:86:49:05:e1:29:16:bc:d6:4f:2b:66:b7:a3:b7:9f:
         6d:c3:0d:45:29:33:34:cf:8a:fa:f8:93:88:c5:52:97:7d:1f:
         a5:f8:c6:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57NMxVFEsCyZTEQ22fC4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1M2UzZjI4ZTY0N2U5MmFjOGE3MTBjMzA1YzJlMjFiNjIz
ZWRjMWMwHhcNMjYwMTAxMTQxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGExNzIwN2RmNzU4NGVlYjM5YWYxMDUwM2U2ZDQ0N2U0OTI3OGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC4jkqPS21OnHn4nwq1SGYL8NQ4b
dnfuw4tnrCHuZeyD0jZKrPliBN9yLU2wbqBokX8EIBq5GmtXgAhEPAObUa8kLITk
rL69R5qdzLatbka08PmxfTrBCSkaRhpZUze8kw+vrb5+N8eGvqTH78FaSKMr8qg9
Srn2BjOThayGqXkT4NMM9GMHZPaxSiIzAWC4Kf5qhVOZC5Pjg1nF7a6JXNE7lap5
pRA5GCIEtLjd2l01wAR9hPwNzTSsaICA342aa+5jt6vb4b6TYfDsMiDl+4QOlfMw
Sh6yi+zhrX3yoTPze+qKswROI/1ToYklo2VoQRGEFXqiigODTndFUTvAnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2hcgffdYTus5rxBQPm1EfkknjtMB8GA1UdIwQY
MBaAFDU+PyjmR+kqyKcQwwXC4htiPtwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlQ0X0tPWkg2U3JJcHhEREJjTGlHMkktM0J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi83Njc5MzMtNGE3My00YjJmLWFjODQt
ZGFjYTI2ZGU2ZjdiLzEvYmFGeUI5OTFoTzZ6bXZFRkEtYlVSLVNTZU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi83Njc5MzMtNGE3My00YjJmLWFjODQtZGFjYTI2ZGU2Zjdi
LzEvTlQ0X0tPWkg2U3JJcHhEREJjTGlHMkktM0J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZiGMA0G
CSqGSIb3DQEBCwUAA4IBAQAu0T3DftgM+9h8DvCydxgbQx2T9mhCkhvVMpnmHkrc
qyni48xD+51nIYOVV8ibTvbqgdkGRDDTkICtoK7mn6uSNs6ekg8CUhHdewMwfU3L
M/yAD67tsLe0K2vnhRTTjslROX4BwbA6yXEN1Ccl8OpKWb8wAhIXwIrwD8s3FWCd
KpggS6JwpqGL6tA4Z+mH9O98EQAqMEwjMkwFiFd5LqdczxRQ3JtuOVJ2DhCN4eDG
t/bRMh7BQDJGzR0KZC7gtQ1Esd2jWULaZyTamZHqGx1gHR8reSJldv4AfceGSQXh
KRa81k8rZrejt59tww1FKTM0z4r6+JOIxVKXfR+l+MYw
-----END CERTIFICATE-----