This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/BB327ZRTTLVLGKli0fX4zcIGR1o.roa
File:                     BB327ZRTTLVLGKli0fX4zcIGR1o.roa (raw, json)
Hash identifier:          +0v648EUpGeiPFIDyTh2emVdeUpE7M92nOl7olM8xhQ=
Subject key identifier:   04:1D:F6:ED:94:53:4C:B5:4B:18:A9:62:D1:F5:F8:CD:C2:06:47:5A
Certificate issuer:       /CN=4c3c665e51cc4cb5caf05b8294843e2733a13dee
Certificate serial:       019B77C7013DDD52585602C866792D6EED7E
Authority key identifier: 4C:3C:66:5E:51:CC:4C:B5:CA:F0:5B:82:94:84:3E:27:33:A1:3D:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/BB327ZRTTLVLGKli0fX4zcIGR1o.roa
Signing time:             Thu 01 Jan 2026 04:18:09 +0000
ROA not before:           Thu 01 Jan 2026 04:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43606
IP address blocks:        94.131.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:01:3d:dd:52:58:56:02:c8:66:79:2d:6e:ed:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3c665e51cc4cb5caf05b8294843e2733a13dee
        Validity
            Not Before: Jan  1 04:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=041df6ed94534cb54b18a962d1f5f8cdc206475a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:27:fd:52:65:02:58:db:6a:08:a4:55:2d:76:
                    58:1d:30:c2:b9:64:24:24:6a:07:eb:57:d0:f8:d4:
                    2a:6f:82:f9:2a:e5:98:2c:f1:cb:11:f6:cb:4b:e5:
                    18:f4:79:33:9c:84:d4:07:1d:22:39:1d:97:f0:33:
                    ea:e6:a1:6f:79:67:38:c3:f1:21:38:a7:d7:c2:1d:
                    8e:87:23:26:e2:b4:dc:b6:8d:82:16:b8:2a:93:c1:
                    b2:bf:6a:11:5f:91:fc:bd:20:45:5a:1c:e6:fa:20:
                    8f:cc:72:8c:26:a1:a7:ca:49:04:85:0e:5c:17:f2:
                    05:05:2e:38:b7:21:a3:46:be:bc:26:a0:3a:83:d8:
                    7c:e1:81:c6:5d:df:32:5d:c1:b3:ae:4a:d6:a6:90:
                    b3:ba:01:78:68:0c:a9:b2:84:08:32:04:b9:96:7a:
                    19:69:a7:57:be:90:13:ac:d4:4c:5e:fd:06:cc:8b:
                    8a:e6:cf:53:93:a8:46:84:77:ac:c4:f5:bd:43:b0:
                    6b:a8:f5:da:ea:63:3c:04:80:07:b5:c1:96:80:8e:
                    68:d9:8a:a6:7e:6a:eb:6a:7a:df:9b:98:d4:c3:a2:
                    e0:a0:8c:c3:0b:c4:71:a8:8d:c7:86:6f:ed:be:9f:
                    ec:69:63:ba:c5:24:58:8e:26:87:58:5f:d1:fc:a6:
                    8e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1D:F6:ED:94:53:4C:B5:4B:18:A9:62:D1:F5:F8:CD:C2:06:47:5A
            X509v3 Authority Key Identifier:
                keyid:4C:3C:66:5E:51:CC:4C:B5:CA:F0:5B:82:94:84:3E:27:33:A1:3D:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/BB327ZRTTLVLGKli0fX4zcIGR1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:6e:49:78:fc:1d:57:38:ee:20:ba:b7:e1:d9:94:8c:51:58:
         a4:3a:9f:c3:fd:ab:51:39:26:70:4c:cb:d5:8c:3d:94:18:30:
         67:c1:a0:34:0f:e0:c7:7d:3a:12:70:46:b9:33:3c:4c:b9:39:
         ac:d9:9f:ec:dc:64:da:8c:04:1c:12:28:5c:7a:42:31:a7:ff:
         10:84:8c:6d:ec:ce:47:7c:7e:55:d6:91:51:c9:3f:c0:39:8d:
         33:dd:03:91:43:6c:c9:4e:69:bb:ce:45:86:4b:d5:a3:0d:03:
         46:a0:c6:47:4a:67:95:c1:c2:b1:04:e3:b0:26:8d:38:b9:23:
         12:dd:17:b7:f9:55:5b:05:64:bf:68:7f:e0:70:e5:09:60:a2:
         6e:eb:2d:7a:9a:86:8e:8e:84:20:f0:fd:cb:65:7a:3a:f4:24:
         96:f4:a0:91:61:72:46:f2:2f:2b:c7:10:17:04:eb:aa:29:9d:
         d0:30:aa:18:d2:e7:31:b7:d1:c9:58:cd:d4:36:f4:b5:0b:7e:
         de:24:94:59:bd:0b:75:e0:ee:2e:36:ab:ae:38:10:7d:45:ac:
         96:97:13:2b:ba:1d:eb:04:b9:f9:59:74:2a:2f:2f:7c:99:3c:
         7e:43:29:93:75:61:69:03:41:82:ec:42:8c:af:13:ad:39:2d:
         12:61:7b:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xwE93VJYVgLIZnktbu1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjM2M2NjVlNTFjYzRjYjVjYWYwNWI4Mjk0ODQzZTI3MzNh
MTNkZWUwHhcNMjYwMTAxMDQxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDFkZjZlZDk0NTM0Y2I1NGIxOGE5NjJkMWY1ZjhjZGMyMDY0NzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSf9UmUCWNtqCKRVLXZYHTDCuWQk
JGoH61fQ+NQqb4L5KuWYLPHLEfbLS+UY9HkznITUBx0iOR2X8DPq5qFveWc4w/Eh
OKfXwh2OhyMm4rTcto2CFrgqk8Gyv2oRX5H8vSBFWhzm+iCPzHKMJqGnykkEhQ5c
F/IFBS44tyGjRr68JqA6g9h84YHGXd8yXcGzrkrWppCzugF4aAypsoQIMgS5lnoZ
aadXvpATrNRMXv0GzIuK5s9Tk6hGhHesxPW9Q7BrqPXa6mM8BIAHtcGWgI5o2Yqm
fmrranrfm5jUw6LgoIzDC8RxqI3Hhm/tvp/saWO6xSRYjiaHWF/R/KaOjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQd9u2UU0y1SxipYtH1+M3CBkdaMB8GA1UdIwQY
MBaAFEw8Zl5RzEy1yvBbgpSEPiczoT3uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVER4bVhsSE1UTFhLOEZ1Q2xJUS1Kek9oUGU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS82YjY2YjQtMDY0Yy00MmVlLWE1ZWUt
MWE2NWI5MWJlZTU4LzEvQkIzMjdaUlRUTFZMR0tsaTBmWDR6Y0lHUjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS82YjY2YjQtMDY0Yy00MmVlLWE1ZWUtMWE2NWI5MWJlZTU4
LzEvVER4bVhsSE1UTFhLOEZ1Q2xJUS1Kek9oUGU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPuMA0G
CSqGSIb3DQEBCwUAA4IBAQBdbkl4/B1XOO4gurfh2ZSMUVikOp/D/atROSZwTMvV
jD2UGDBnwaA0D+DHfToScEa5MzxMuTms2Z/s3GTajAQcEihcekIxp/8QhIxt7M5H
fH5V1pFRyT/AOY0z3QORQ2zJTmm7zkWGS9WjDQNGoMZHSmeVwcKxBOOwJo04uSMS
3Re3+VVbBWS/aH/gcOUJYKJu6y16moaOjoQg8P3LZXo69CSW9KCRYXJG8i8rxxAX
BOuqKZ3QMKoY0ucxt9HJWM3UNvS1C37eJJRZvQt14O4uNquuOBB9RayWlxMruh3r
BLn5WXQqLy98mTx+QymTdWFpA0GC7EKMrxOtOS0SYXuj
-----END CERTIFICATE-----