This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/2bczpro_19qb7b0LFPy3YBJe5yc.roa
File:                     2bczpro_19qb7b0LFPy3YBJe5yc.roa (raw, json)
Hash identifier:          BYIjYdDkpZtpiQvhTGAs27NqfGWGj7dlFNZCTuDKM1Y=
Subject key identifier:   D9:B7:33:A6:BA:3F:D7:DA:9B:ED:BD:0B:14:FC:B7:60:12:5E:E7:27
Certificate issuer:       /CN=5a232ae38a9233ab7fc1b429a5029220afa7b288
Certificate serial:       019B7DCAFC0BC235DD8F7843BAA72EC368CB
Authority key identifier: 5A:23:2A:E3:8A:92:33:AB:7F:C1:B4:29:A5:02:92:20:AF:A7:B2:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/2bczpro_19qb7b0LFPy3YBJe5yc.roa
Signing time:             Fri 02 Jan 2026 08:20:13 +0000
ROA not before:           Fri 02 Jan 2026 08:20:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200000
IP address blocks:        80.89.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:fc:0b:c2:35:dd:8f:78:43:ba:a7:2e:c3:68:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a232ae38a9233ab7fc1b429a5029220afa7b288
        Validity
            Not Before: Jan  2 08:20:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9b733a6ba3fd7da9bedbd0b14fcb760125ee727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:43:2c:6e:17:54:61:86:1f:8a:9f:01:83:0d:
                    9f:89:77:09:1c:bf:6a:5e:88:b6:82:8d:80:ed:2d:
                    90:67:5f:79:05:7d:0f:22:fc:d4:87:44:f9:03:fa:
                    c9:a1:60:5c:09:22:b5:94:f9:29:4b:d7:35:cd:d5:
                    4f:db:de:8e:13:99:d2:53:b1:d0:98:20:ba:47:c6:
                    6a:68:c3:96:79:9b:bd:9e:73:b9:92:9a:ee:89:c3:
                    2f:3e:3c:7c:47:93:3e:98:2a:2d:b8:b7:7f:1c:9b:
                    3a:d4:82:c2:f7:95:7f:0c:64:2b:74:d0:a8:4f:de:
                    f1:97:fb:f2:06:a8:81:d7:9b:f2:aa:04:8d:5c:d3:
                    d9:fc:15:0e:ca:6a:7c:24:07:03:6f:8e:fc:3e:f7:
                    22:10:54:04:15:ae:e6:f7:e1:10:f3:ab:ae:60:24:
                    23:43:9f:22:cc:77:32:d1:bc:96:60:e0:b1:b7:26:
                    74:93:a7:76:2e:4b:3c:e4:cd:46:ce:4b:b0:07:f8:
                    03:b8:fc:a0:a4:3a:eb:9d:de:f8:31:9f:02:71:1d:
                    29:d7:85:24:c5:03:02:99:da:1b:29:90:29:12:cb:
                    b5:ae:07:16:f8:86:4a:1a:34:88:e9:d8:cc:1a:e6:
                    23:8e:7a:6a:28:9a:b6:00:e4:f6:c2:a5:79:1c:1a:
                    30:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:B7:33:A6:BA:3F:D7:DA:9B:ED:BD:0B:14:FC:B7:60:12:5E:E7:27
            X509v3 Authority Key Identifier:
                keyid:5A:23:2A:E3:8A:92:33:AB:7F:C1:B4:29:A5:02:92:20:AF:A7:B2:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/2bczpro_19qb7b0LFPy3YBJe5yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4b:1c:e5:25:b0:0f:71:7c:e0:a6:1d:9b:7d:13:08:eb:f8:cb:
         df:3b:56:1f:46:91:d2:81:3e:c9:c2:37:77:ce:e6:43:3b:f4:
         95:9f:24:29:14:33:65:33:2c:f9:ea:b2:a9:ab:27:2a:27:55:
         b1:c0:88:4b:34:c0:ef:32:f4:b5:3e:dd:31:3f:08:8d:72:e2:
         42:a6:58:57:8b:11:8e:29:b5:c2:07:21:bc:df:62:0e:85:16:
         03:c9:fb:13:d8:1e:f2:f3:cd:f1:b4:dd:f2:aa:18:6d:42:61:
         d7:63:51:ab:63:87:70:33:17:70:9c:3c:98:cb:88:7f:66:da:
         ce:70:d0:c7:d3:70:7a:8f:6e:2b:b9:a6:a8:5c:3a:6e:56:5a:
         18:bf:1d:17:41:31:2c:47:f8:d9:98:40:bf:89:8c:5d:17:6b:
         10:12:a5:96:7d:74:8a:8f:89:06:05:62:10:b9:60:6b:e3:ff:
         06:29:11:de:1d:3f:3a:96:17:92:da:0d:d5:2a:bd:10:07:d9:
         a6:e4:4a:a0:1c:23:5b:d4:fc:46:8d:ab:24:9f:9f:48:5c:c3:
         34:7a:5b:9b:9e:d6:5c:a7:dd:ea:aa:9d:60:76:6e:4e:1e:6c:
         6e:66:e2:7f:be:bb:b8:97:1e:83:52:c5:27:d2:58:4b:f6:52:
         6d:64:ec:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yvwLwjXdj3hDuqcuw2jLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMjMyYWUzOGE5MjMzYWI3ZmMxYjQyOWE1MDI5MjIwYWZh
N2IyODgwHhcNMjYwMTAyMDgyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWI3MzNhNmJhM2ZkN2RhOWJlZGJkMGIxNGZjYjc2MDEyNWVlNzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0MsbhdUYYYfip8Bgw2fiXcJHL9q
Xoi2go2A7S2QZ195BX0PIvzUh0T5A/rJoWBcCSK1lPkpS9c1zdVP296OE5nSU7HQ
mCC6R8ZqaMOWeZu9nnO5kpruicMvPjx8R5M+mCotuLd/HJs61ILC95V/DGQrdNCo
T97xl/vyBqiB15vyqgSNXNPZ/BUOymp8JAcDb478PvciEFQEFa7m9+EQ86uuYCQj
Q58izHcy0byWYOCxtyZ0k6d2Lks85M1GzkuwB/gDuPygpDrrnd74MZ8CcR0p14Uk
xQMCmdobKZApEsu1rgcW+IZKGjSI6djMGuYjjnpqKJq2AOT2wqV5HBowawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNm3M6a6P9fam+29CxT8t2ASXucnMB8GA1UdIwQY
MBaAFFojKuOKkjOrf8G0KaUCkiCvp7KIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2lNcTQ0cVNNNnRfd2JRcHBRS1NJSy1uc29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82YWVmOWUtZmU0ZC00M2U3LWExY2It
MTBhNDg1YzBiMGYyLzEvMmJjenByb18xOXFiN2IwTEZQeTNZQkplNXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82YWVmOWUtZmU0ZC00M2U3LWExY2ItMTBhNDg1YzBiMGYy
LzEvV2lNcTQ0cVNNNnRfd2JRcHBRS1NJSy1uc29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUFnwMA0G
CSqGSIb3DQEBCwUAA4IBAQBLHOUlsA9xfOCmHZt9Ewjr+MvfO1YfRpHSgT7Jwjd3
zuZDO/SVnyQpFDNlMyz56rKpqycqJ1WxwIhLNMDvMvS1Pt0xPwiNcuJCplhXixGO
KbXCByG832IOhRYDyfsT2B7y883xtN3yqhhtQmHXY1GrY4dwMxdwnDyYy4h/ZtrO
cNDH03B6j24ruaaoXDpuVloYvx0XQTEsR/jZmEC/iYxdF2sQEqWWfXSKj4kGBWIQ
uWBr4/8GKRHeHT86lheS2g3VKr0QB9mm5EqgHCNb1PxGjaskn59IXMM0elubntZc
p93qqp1gdm5OHmxuZuJ/vru4lx6DUsUn0lhL9lJtZOze
-----END CERTIFICATE-----