This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/f36b9c-7e37-4f18-8865-13e73f66397b/1/BZBAahTREA8Q_3coOvyfGf9sdjY.roa
File:                     BZBAahTREA8Q_3coOvyfGf9sdjY.roa (raw, json)
Hash identifier:          jde/2VQaoII8kUESbj5JRDjPMDFmOdYKULZBf+Xi1JA=
Subject key identifier:   05:90:40:6A:14:D1:10:0F:10:FF:77:28:3A:FC:9F:19:FF:6C:76:36
Certificate issuer:       /CN=194e32a82e98f22d939ff9984455813be2ba6a91
Certificate serial:       019B7F12D97C9929805192FE113ACB6C866F
Authority key identifier: 19:4E:32:A8:2E:98:F2:2D:93:9F:F9:98:44:55:81:3B:E2:BA:6A:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GU4yqC6Y8i2Tn_mYRFWBO-K6apE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/f36b9c-7e37-4f18-8865-13e73f66397b/1/BZBAahTREA8Q_3coOvyfGf9sdjY.roa
Signing time:             Fri 02 Jan 2026 14:18:20 +0000
ROA not before:           Fri 02 Jan 2026 14:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15547
IP address blocks:        185.180.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/f36b9c-7e37-4f18-8865-13e73f66397b/1/GU4yqC6Y8i2Tn_mYRFWBO-K6apE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/f36b9c-7e37-4f18-8865-13e73f66397b/1/GU4yqC6Y8i2Tn_mYRFWBO-K6apE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GU4yqC6Y8i2Tn_mYRFWBO-K6apE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:12:d9:7c:99:29:80:51:92:fe:11:3a:cb:6c:86:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=194e32a82e98f22d939ff9984455813be2ba6a91
        Validity
            Not Before: Jan  2 14:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0590406a14d1100f10ff77283afc9f19ff6c7636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:58:b0:5f:f7:6f:e1:e0:5b:f9:cd:f8:21:18:
                    5c:43:73:6c:ca:46:95:33:0f:1f:df:a1:68:ef:af:
                    1c:89:39:32:06:3c:ed:94:e3:50:f6:b8:66:52:94:
                    38:41:e1:eb:1b:2d:af:0e:df:0b:e9:e9:5f:fa:55:
                    30:f8:5a:9f:61:59:28:62:72:a0:d8:dc:d2:72:65:
                    a0:0a:10:75:f9:b0:27:d1:b7:fc:25:b9:98:79:a7:
                    24:53:03:a7:af:e4:72:dc:8b:57:62:62:38:71:8c:
                    9d:ac:54:a0:6d:08:2a:35:37:38:4f:d8:71:8e:b4:
                    fe:67:fe:0c:db:02:29:c8:ba:92:8f:7a:7c:f7:00:
                    1d:0e:3b:d2:83:9e:5e:a0:dd:23:b5:12:81:45:0d:
                    b8:0e:f3:00:e6:d7:f4:cb:f7:98:93:05:13:01:86:
                    d0:0a:a0:6d:89:76:e3:ea:bf:7b:18:8c:80:92:22:
                    c2:f1:1e:c0:74:3c:c7:9a:62:f2:fc:e0:d1:49:e0:
                    d6:8e:16:47:87:6a:08:0e:42:83:39:c7:90:fc:f1:
                    5d:b7:15:3d:38:ed:28:1d:0e:96:d4:eb:f0:27:4f:
                    f6:b5:83:f5:98:ae:6d:8d:b8:46:61:03:72:1a:e1:
                    f7:f3:2d:58:e1:ec:14:84:30:36:fb:17:5c:d7:d6:
                    40:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:90:40:6A:14:D1:10:0F:10:FF:77:28:3A:FC:9F:19:FF:6C:76:36
            X509v3 Authority Key Identifier:
                keyid:19:4E:32:A8:2E:98:F2:2D:93:9F:F9:98:44:55:81:3B:E2:BA:6A:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GU4yqC6Y8i2Tn_mYRFWBO-K6apE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f36b9c-7e37-4f18-8865-13e73f66397b/1/BZBAahTREA8Q_3coOvyfGf9sdjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f36b9c-7e37-4f18-8865-13e73f66397b/1/GU4yqC6Y8i2Tn_mYRFWBO-K6apE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:35:61:67:3f:f6:66:0a:94:6a:b5:24:0e:77:92:0a:f5:83:
         e1:aa:c7:8b:9f:0b:eb:45:e8:38:93:0b:12:ca:58:8e:7b:a8:
         8f:75:cc:7e:8b:0a:bd:f3:07:22:5e:95:16:e8:49:18:7b:ff:
         6a:eb:75:31:dd:9a:62:42:25:64:58:d2:c3:9b:c3:d7:2a:02:
         99:7f:62:26:8b:2c:05:d6:cc:92:80:60:cd:04:1c:be:78:8f:
         4b:b4:fa:82:de:2b:47:06:5c:19:a4:b9:bf:3e:39:0b:42:69:
         ee:a1:a2:63:25:3a:f0:e1:f4:e9:03:65:ed:db:ad:86:5e:14:
         b9:38:b5:0c:82:94:0c:f9:97:5a:74:b1:bd:cc:e1:b8:53:c8:
         ea:5e:f5:00:1b:37:58:8a:72:8b:20:1b:7b:16:3c:82:b6:8e:
         9c:08:3f:2a:a5:68:a6:72:00:5b:3a:c7:98:ef:bf:7b:d1:58:
         8d:e8:d8:91:29:04:47:79:2a:53:ed:0f:7d:9a:fa:86:1a:9b:
         23:0a:13:81:5b:be:19:94:95:a4:1b:cb:07:74:9f:b7:13:11:
         45:1d:4f:58:2f:c0:30:6f:fd:27:1a:a0:ec:73:5d:02:db:98:
         5f:66:ce:57:9f:f3:3a:56:fa:5a:76:70:6a:0b:a7:b2:91:4a:
         1b:c8:f6:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Etl8mSmAUZL+ETrLbIZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NGUzMmE4MmU5OGYyMmQ5MzlmZjk5ODQ0NTU4MTNiZTJi
YTZhOTEwHhcNMjYwMTAyMTQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTkwNDA2YTE0ZDExMDBmMTBmZjc3MjgzYWZjOWYxOWZmNmM3NjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtliwX/dv4eBb+c34IRhcQ3NsykaV
Mw8f36Fo768ciTkyBjztlONQ9rhmUpQ4QeHrGy2vDt8L6elf+lUw+FqfYVkoYnKg
2NzScmWgChB1+bAn0bf8JbmYeackUwOnr+Ry3ItXYmI4cYydrFSgbQgqNTc4T9hx
jrT+Z/4M2wIpyLqSj3p89wAdDjvSg55eoN0jtRKBRQ24DvMA5tf0y/eYkwUTAYbQ
CqBtiXbj6r97GIyAkiLC8R7AdDzHmmLy/ODRSeDWjhZHh2oIDkKDOceQ/PFdtxU9
OO0oHQ6W1OvwJ0/2tYP1mK5tjbhGYQNyGuH38y1Y4ewUhDA2+xdc19ZAHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWQQGoU0RAPEP93KDr8nxn/bHY2MB8GA1UdIwQY
MBaAFBlOMqgumPItk5/5mERVgTviumqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1U0eXFDNlk4aTJUbl9tWVJGV0JPLUs2YXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mMzZiOWMtN2UzNy00ZjE4LTg4NjUt
MTNlNzNmNjYzOTdiLzEvQlpCQWFoVFJFQThRXzNjb092eWZHZjlzZGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mMzZiOWMtN2UzNy00ZjE4LTg4NjUtMTNlNzNmNjYzOTdi
LzEvR1U0eXFDNlk4aTJUbl9tWVJGV0JPLUs2YXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubQUMA0G
CSqGSIb3DQEBCwUAA4IBAQBHNWFnP/ZmCpRqtSQOd5IK9YPhqseLnwvrReg4kwsS
yliOe6iPdcx+iwq98wciXpUW6EkYe/9q63Ux3ZpiQiVkWNLDm8PXKgKZf2ImiywF
1sySgGDNBBy+eI9LtPqC3itHBlwZpLm/PjkLQmnuoaJjJTrw4fTpA2Xt262GXhS5
OLUMgpQM+ZdadLG9zOG4U8jqXvUAGzdYinKLIBt7FjyCto6cCD8qpWimcgBbOseY
77970ViN6NiRKQRHeSpT7Q99mvqGGpsjChOBW74ZlJWkG8sHdJ+3ExFFHU9YL8Aw
b/0nGqDsc10C25hfZs5Xn/M6VvpadnBqC6eykUobyPZY
-----END CERTIFICATE-----