This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bpnplR40zL_W8hL-imEO70Tn-f4.roa
File:                     bpnplR40zL_W8hL-imEO70Tn-f4.roa (raw, json)
Hash identifier:          PgniwSULRjipVrLRMDw5PjfgzjR9WQoTXrI7/wxClB0=
Subject key identifier:   6E:99:E9:95:1E:34:CC:BF:D6:F2:12:FE:8A:61:0E:EF:44:E7:F9:FE
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14AA8244155D0552D7535515779B52
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bpnplR40zL_W8hL-imEO70Tn-f4.roa
Signing time:             Fri 02 Jan 2026 14:20:19 +0000
ROA not before:           Fri 02 Jan 2026 14:20:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21646
IP address blocks:        212.222.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:aa:82:44:15:5d:05:52:d7:53:55:15:77:9b:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e99e9951e34ccbfd6f212fe8a610eef44e7f9fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ce:64:f1:86:78:0d:c9:e6:fb:f3:f6:a8:93:
                    29:01:63:26:5b:87:9a:be:b1:9e:98:76:1f:a6:77:
                    f2:b4:04:c5:4f:17:11:e8:a1:fa:aa:05:16:9d:14:
                    c1:fd:33:65:c8:ee:ef:46:4e:9e:3f:02:da:86:b1:
                    d1:f1:72:93:15:b1:89:36:aa:ff:cb:44:a5:db:88:
                    5d:37:49:3f:73:2d:cd:55:78:6e:35:5d:be:05:1e:
                    60:6c:54:69:7e:fd:e8:51:64:fd:63:48:a7:29:52:
                    34:d5:3d:a6:6a:49:6a:38:20:b8:d6:18:43:a3:ae:
                    28:f4:78:1d:cd:64:38:08:fa:7c:5c:3f:8a:34:15:
                    7e:e1:c2:bf:8c:dc:1b:c4:13:43:20:5b:87:05:90:
                    f6:54:fb:46:a1:c8:d2:2a:7c:7b:18:af:74:24:72:
                    4a:34:cd:18:24:7c:b1:6c:ef:00:81:ea:c2:5b:e8:
                    88:cd:cf:80:e2:b9:7f:2b:f4:65:9d:1c:ae:60:36:
                    b0:bf:ee:89:c1:3d:f3:a6:9a:c7:af:63:eb:fb:81:
                    af:9c:22:91:db:75:57:7d:6c:97:f9:ed:25:cf:40:
                    f4:96:04:0a:38:7c:85:ee:4b:e7:cf:95:47:3a:8e:
                    51:ca:06:94:08:16:39:76:db:07:0c:d8:8f:d0:dc:
                    c2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:99:E9:95:1E:34:CC:BF:D6:F2:12:FE:8A:61:0E:EF:44:E7:F9:FE
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bpnplR40zL_W8hL-imEO70Tn-f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.222.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:fa:d5:d0:94:9b:8b:4d:d3:b7:ab:3d:37:cf:a9:0f:0f:04:
         c2:6b:f2:c3:4e:ad:be:87:1a:c0:f5:0a:62:65:cd:42:fa:49:
         ae:80:02:da:86:18:c6:9a:78:d7:52:6d:61:35:18:79:c7:f3:
         d8:f6:66:c1:32:19:27:00:1b:4a:c2:f1:57:17:3b:5f:08:98:
         89:e8:a7:fc:5b:ca:39:87:f6:0f:8c:21:05:ce:c7:48:a4:4c:
         46:5d:ff:9e:ab:48:4d:dc:64:c9:a4:f4:fa:74:e2:25:e7:c3:
         61:b2:37:e4:68:be:8c:23:d8:32:fd:3c:00:6e:0e:a5:b6:be:
         38:0d:8c:4c:86:be:be:43:a7:c1:ec:26:5a:20:cb:ce:a6:5b:
         f2:f8:d2:b8:b7:f4:16:24:cf:3f:3b:f8:bb:25:99:2a:5b:55:
         6d:86:b8:17:6f:e1:af:eb:65:04:b1:82:c3:ca:0b:25:b7:f0:
         2d:dd:43:9c:90:d3:6d:27:d6:8a:46:cf:95:a2:3b:96:74:bf:
         ff:59:78:b1:d2:1e:15:1b:83:60:0d:7b:5d:4e:d3:f0:ce:e5:
         de:63:df:20:fa:b9:c7:7e:dd:53:f3:cb:ea:18:eb:13:f0:c5:
         5c:7c:e5:12:9e:bf:1c:34:af:ee:c3:1f:0b:4b:47:f0:a2:58:
         78:5c:0b:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FKqCRBVdBVLXU1UVd5tSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk5ZTk5NTFlMzRjY2JmZDZmMjEyZmU4YTYxMGVlZjQ0ZTdmOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts5k8YZ4Dcnm+/P2qJMpAWMmW4ea
vrGemHYfpnfytATFTxcR6KH6qgUWnRTB/TNlyO7vRk6ePwLahrHR8XKTFbGJNqr/
y0Sl24hdN0k/cy3NVXhuNV2+BR5gbFRpfv3oUWT9Y0inKVI01T2maklqOCC41hhD
o64o9HgdzWQ4CPp8XD+KNBV+4cK/jNwbxBNDIFuHBZD2VPtGocjSKnx7GK90JHJK
NM0YJHyxbO8AgerCW+iIzc+A4rl/K/RlnRyuYDawv+6JwT3zpprHr2Pr+4GvnCKR
23VXfWyX+e0lz0D0lgQKOHyF7kvnz5VHOo5RygaUCBY5dtsHDNiP0NzCSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6Z6ZUeNMy/1vIS/ophDu9E5/n+MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYnBucGxSNDB6TF9XOGhMLWltRU83MFRuLWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1N7AMA0G
CSqGSIb3DQEBCwUAA4IBAQDa+tXQlJuLTdO3qz03z6kPDwTCa/LDTq2+hxrA9Qpi
Zc1C+kmugALahhjGmnjXUm1hNRh5x/PY9mbBMhknABtKwvFXFztfCJiJ6Kf8W8o5
h/YPjCEFzsdIpExGXf+eq0hN3GTJpPT6dOIl58NhsjfkaL6MI9gy/TwAbg6ltr44
DYxMhr6+Q6fB7CZaIMvOplvy+NK4t/QWJM8/O/i7JZkqW1VthrgXb+Gv62UEsYLD
ygslt/At3UOckNNtJ9aKRs+VojuWdL//WXix0h4VG4NgDXtdTtPwzuXeY98g+rnH
ft1T88vqGOsT8MVcfOUSnr8cNK/uwx8LS0fwolh4XAsX
-----END CERTIFICATE-----