This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/BN0rBq-tNCIxQPqmFjFDV44qYpk.roa
File:                     BN0rBq-tNCIxQPqmFjFDV44qYpk.roa (raw, json)
Hash identifier:          jKAg3bTdZuNi/EJCwdlUsNQtwlFvyoL5tw2t5y9MU1I=
Subject key identifier:   04:DD:2B:06:AF:AD:34:22:31:40:FA:A6:16:31:43:57:8E:2A:62:99
Certificate issuer:       /CN=2f6a434c4b5d239c4e6e41b7e585c8d58f8995ab
Certificate serial:       019B7E3888AF0DB5403906ABBA8B469A67F2
Authority key identifier: 2F:6A:43:4C:4B:5D:23:9C:4E:6E:41:B7:E5:85:C8:D5:8F:89:95:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/BN0rBq-tNCIxQPqmFjFDV44qYpk.roa
Signing time:             Fri 02 Jan 2026 10:19:52 +0000
ROA not before:           Fri 02 Jan 2026 10:19:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56547
IP address blocks:        5.201.172.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:88:af:0d:b5:40:39:06:ab:ba:8b:46:9a:67:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6a434c4b5d239c4e6e41b7e585c8d58f8995ab
        Validity
            Not Before: Jan  2 10:19:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04dd2b06afad34223140faa6163143578e2a6299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:04:c3:f0:ce:0b:8b:f5:b3:8b:75:e9:6a:4c:
                    d3:da:09:50:99:f8:c9:fd:21:9d:bc:d3:c0:69:a6:
                    19:54:e6:0f:01:4e:ac:e9:b7:c0:c7:b1:24:c5:03:
                    81:13:de:60:5d:2d:a3:fd:41:18:61:31:e5:58:c0:
                    56:79:ad:38:41:2f:52:66:16:e5:df:3c:9c:7f:b0:
                    c7:38:36:54:cb:02:77:e4:bf:2c:9a:53:bd:da:eb:
                    b1:9c:64:80:d1:0d:14:26:c1:1d:41:eb:a6:d0:6f:
                    f9:c4:16:a2:f5:23:36:7b:ee:57:a3:b8:7a:ec:c7:
                    d3:58:97:1d:18:b4:da:05:38:9d:cf:b4:e2:cc:73:
                    97:8e:27:3d:18:4d:d9:17:a2:8a:42:06:50:fd:5b:
                    1a:82:77:b0:b1:16:37:9a:37:b0:6b:24:ca:fe:d4:
                    a1:72:9e:45:4e:2c:7a:5f:e0:01:56:f8:43:9b:eb:
                    89:05:3a:e0:e0:28:06:8d:9a:fd:ce:95:d1:bd:95:
                    8d:43:86:a0:59:34:d4:7e:00:6e:f5:c1:a2:64:23:
                    1c:a7:c3:69:c1:27:f7:52:48:2a:47:9d:39:0c:1a:
                    ed:6e:36:d2:4e:0d:bf:c3:57:69:91:13:4b:9c:6a:
                    23:65:bb:ba:61:15:15:b3:26:f9:29:d9:37:94:08:
                    99:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:DD:2B:06:AF:AD:34:22:31:40:FA:A6:16:31:43:57:8E:2A:62:99
            X509v3 Authority Key Identifier:
                keyid:2F:6A:43:4C:4B:5D:23:9C:4E:6E:41:B7:E5:85:C8:D5:8F:89:95:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/BN0rBq-tNCIxQPqmFjFDV44qYpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.201.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:bc:c0:c2:c3:39:fb:13:19:ad:1e:56:64:dc:a2:5b:3a:25:
         79:0e:1d:8d:98:74:ef:cd:93:41:b2:83:3d:eb:db:0e:68:6d:
         fd:de:85:7a:2f:0d:83:dd:88:4d:7c:35:0c:e4:3a:d5:df:d9:
         ca:c6:6f:f2:f0:33:6d:dd:7e:65:87:1a:c2:9e:cf:ee:dc:49:
         d8:ce:13:2e:b3:07:73:91:00:83:e9:dc:e4:fe:1a:33:bb:39:
         12:0a:b6:45:52:52:53:ae:ac:82:26:d3:32:3a:02:0c:e1:b2:
         b4:b8:1d:bf:47:5b:bb:44:a9:ef:3d:12:63:0f:cf:d8:2d:18:
         d4:28:2c:65:80:9d:7a:df:79:d3:ea:f2:cf:b8:eb:fe:3b:35:
         0d:84:28:fd:6f:a4:f5:8f:5a:1e:3c:6a:ef:d1:8d:3f:57:13:
         23:8e:c8:21:b4:e1:48:e2:5a:d7:41:26:db:34:94:df:f0:ea:
         31:c2:6c:cf:a2:be:00:19:22:07:52:c8:aa:76:6a:a3:da:99:
         d4:99:ce:19:59:75:35:6c:e2:8d:30:4a:58:e7:bb:25:a1:8d:
         0a:c2:56:0e:cf:8d:cd:58:c6:90:62:68:7d:c4:88:6a:e8:a8:
         e5:1c:98:f4:e9:4a:ef:0d:82:78:f6:70:ed:a2:c7:0e:87:ef:
         f8:ce:36:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OIivDbVAOQaruotGmmfyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmE0MzRjNGI1ZDIzOWM0ZTZlNDFiN2U1ODVjOGQ1OGY4
OTk1YWIwHhcNMjYwMTAyMTAxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGRkMmIwNmFmYWQzNDIyMzE0MGZhYTYxNjMxNDM1NzhlMmE2Mjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgTD8M4Li/Wzi3XpakzT2glQmfjJ
/SGdvNPAaaYZVOYPAU6s6bfAx7EkxQOBE95gXS2j/UEYYTHlWMBWea04QS9SZhbl
3zycf7DHODZUywJ35L8smlO92uuxnGSA0Q0UJsEdQeum0G/5xBai9SM2e+5Xo7h6
7MfTWJcdGLTaBTidz7TizHOXjic9GE3ZF6KKQgZQ/VsagnewsRY3mjewayTK/tSh
cp5FTix6X+ABVvhDm+uJBTrg4CgGjZr9zpXRvZWNQ4agWTTUfgBu9cGiZCMcp8Np
wSf3UkgqR505DBrtbjbSTg2/w1dpkRNLnGojZbu6YRUVsyb5Kdk3lAiZNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATdKwavrTQiMUD6phYxQ1eOKmKZMB8GA1UdIwQY
MBaAFC9qQ0xLXSOcTm5Bt+WFyNWPiZWrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDJwRFRFdGRJNXhPYmtHMzVZWEkxWS1KbGFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85OGFiZTUtYmQwMS00NjRmLTk2YWIt
NDBiNmQ2N2ZjZDk0LzEvQk4wckJxLXROQ0l4UVBxbUZqRkRWNDRxWXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85OGFiZTUtYmQwMS00NjRmLTk2YWItNDBiNmQ2N2ZjZDk0
LzEvTDJwRFRFdGRJNXhPYmtHMzVZWEkxWS1KbGFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBcmsMA0G
CSqGSIb3DQEBCwUAA4IBAQCNvMDCwzn7ExmtHlZk3KJbOiV5Dh2NmHTvzZNBsoM9
69sOaG393oV6Lw2D3YhNfDUM5DrV39nKxm/y8DNt3X5lhxrCns/u3EnYzhMuswdz
kQCD6dzk/hozuzkSCrZFUlJTrqyCJtMyOgIM4bK0uB2/R1u7RKnvPRJjD8/YLRjU
KCxlgJ1633nT6vLPuOv+OzUNhCj9b6T1j1oePGrv0Y0/VxMjjsghtOFI4lrXQSbb
NJTf8OoxwmzPor4AGSIHUsiqdmqj2pnUmc4ZWXU1bOKNMEpY57sloY0KwlYOz43N
WMaQYmh9xIhq6KjlHJj06UrvDYJ49nDtoscOh+/4zjbC
-----END CERTIFICATE-----