This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/c1ae8d-c2cb-4fe5-9a1c-f28cd2764904/1/BHb65oEe87M0M_POvyT9Y4SCR5o.roa
File:                     BHb65oEe87M0M_POvyT9Y4SCR5o.roa (raw, json)
Hash identifier:          sBqJRrwyip4eAtZfyp+mo4JP1rjpyldZyBdCRdUfx7M=
Subject key identifier:   04:76:FA:E6:81:1E:F3:B3:34:33:F3:CE:BF:24:FD:63:84:82:47:9A
Certificate issuer:       /CN=2de1203acd9b07a11ea37e82f6c241ff8402975a
Certificate serial:       019B78A36E6A7DA4DDFEE781EA4CC8BC923F
Authority key identifier: 2D:E1:20:3A:CD:9B:07:A1:1E:A3:7E:82:F6:C2:41:FF:84:02:97:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LeEgOs2bB6Eeo36C9sJB_4QCl1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/c1ae8d-c2cb-4fe5-9a1c-f28cd2764904/1/BHb65oEe87M0M_POvyT9Y4SCR5o.roa
Signing time:             Thu 01 Jan 2026 08:18:55 +0000
ROA not before:           Thu 01 Jan 2026 08:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5408
IP address blocks:        150.140.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/c1ae8d-c2cb-4fe5-9a1c-f28cd2764904/1/LeEgOs2bB6Eeo36C9sJB_4QCl1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/c1ae8d-c2cb-4fe5-9a1c-f28cd2764904/1/LeEgOs2bB6Eeo36C9sJB_4QCl1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LeEgOs2bB6Eeo36C9sJB_4QCl1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:6e:6a:7d:a4:dd:fe:e7:81:ea:4c:c8:bc:92:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2de1203acd9b07a11ea37e82f6c241ff8402975a
        Validity
            Not Before: Jan  1 08:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0476fae6811ef3b33433f3cebf24fd638482479a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ac:2c:e1:ba:04:f2:1e:bb:46:6a:c4:61:8f:
                    6a:38:61:7a:08:f0:1c:74:33:f0:fd:a2:a6:82:62:
                    71:06:b6:30:f6:f2:3f:e9:3e:83:43:fb:40:d9:64:
                    e4:ac:68:bb:ca:6d:a8:42:82:e3:ed:80:4b:fe:d3:
                    7d:ba:21:f2:65:e2:a6:c3:5c:22:01:4f:1a:66:e7:
                    e3:09:5b:fb:77:77:1f:47:88:36:57:75:bb:7f:fb:
                    81:d6:76:e8:57:99:2a:d3:25:1b:06:b4:8a:68:6e:
                    2b:66:90:84:54:db:11:ef:0b:91:12:2f:c8:6f:d9:
                    3c:fe:6f:40:5d:5d:69:48:73:02:bd:6e:d6:78:32:
                    8b:26:46:ad:b5:85:00:84:bb:42:b0:77:1a:30:ef:
                    91:5a:d9:88:0f:48:c2:4b:c0:57:37:90:08:a2:3d:
                    5e:02:02:36:86:24:d2:81:18:5f:11:6f:b2:bc:f2:
                    a0:60:53:81:19:24:60:aa:f9:66:dc:3a:0b:e3:ae:
                    74:3d:99:43:a0:97:08:e4:e2:94:6f:53:91:65:ba:
                    36:b9:8b:45:c2:c2:8d:7d:df:f7:4e:55:f9:60:23:
                    22:61:1b:5c:e7:43:0f:e0:02:e4:f6:bc:b2:26:c0:
                    9f:07:75:7e:f8:ab:d4:22:46:fd:5f:f5:61:d2:54:
                    1f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:76:FA:E6:81:1E:F3:B3:34:33:F3:CE:BF:24:FD:63:84:82:47:9A
            X509v3 Authority Key Identifier:
                keyid:2D:E1:20:3A:CD:9B:07:A1:1E:A3:7E:82:F6:C2:41:FF:84:02:97:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LeEgOs2bB6Eeo36C9sJB_4QCl1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/c1ae8d-c2cb-4fe5-9a1c-f28cd2764904/1/BHb65oEe87M0M_POvyT9Y4SCR5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/c1ae8d-c2cb-4fe5-9a1c-f28cd2764904/1/LeEgOs2bB6Eeo36C9sJB_4QCl1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.140.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         64:6d:b8:21:4a:08:7b:52:00:c7:08:9e:51:95:2c:67:0c:0f:
         24:f9:8e:55:2a:80:5d:8e:f8:4a:12:02:e0:70:f4:c7:bb:3c:
         70:2e:5d:c7:3f:97:97:f5:da:57:38:2b:13:c8:c9:a8:f8:95:
         84:37:c2:f4:8b:ae:c9:b5:50:ac:0d:eb:e5:04:3b:98:ff:28:
         15:32:c3:d7:9a:61:54:30:15:dd:2b:85:a5:92:00:3f:d3:b5:
         b6:46:ee:3f:65:a6:87:fc:25:8e:56:2c:a6:e6:57:ec:a8:12:
         3a:20:dc:d2:64:9d:ee:4c:07:8a:a2:70:61:e8:a0:73:56:a3:
         12:f2:e8:cb:a2:bf:7c:d6:81:47:37:59:c2:1b:77:71:cf:ac:
         2b:14:0e:fe:d0:bb:1f:36:1a:90:da:ac:e4:f6:d4:4f:91:d0:
         37:c0:8f:6b:ad:60:a6:e8:4b:b3:4d:1a:de:05:9f:42:08:49:
         73:22:30:39:75:e8:35:9d:90:f0:5a:11:e5:0b:0f:b3:79:50:
         c7:4c:27:54:60:59:dc:20:d9:55:5f:54:24:b2:5a:75:87:f6:
         ba:f8:9f:ff:17:54:d5:07:90:71:95:37:44:e6:83:f8:64:c3:
         3a:dd:15:46:6f:79:2c:ad:ea:c7:85:7c:4f:22:28:2c:fd:74:
         df:2f:ea:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o25qfaTd/ueB6kzIvJI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZTEyMDNhY2Q5YjA3YTExZWEzN2U4MmY2YzI0MWZmODQw
Mjk3NWEwHhcNMjYwMTAxMDgxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDc2ZmFlNjgxMWVmM2IzMzQzM2YzY2ViZjI0ZmQ2Mzg0ODI0NzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKws4boE8h67RmrEYY9qOGF6CPAc
dDPw/aKmgmJxBrYw9vI/6T6DQ/tA2WTkrGi7ym2oQoLj7YBL/tN9uiHyZeKmw1wi
AU8aZufjCVv7d3cfR4g2V3W7f/uB1nboV5kq0yUbBrSKaG4rZpCEVNsR7wuREi/I
b9k8/m9AXV1pSHMCvW7WeDKLJkattYUAhLtCsHcaMO+RWtmID0jCS8BXN5AIoj1e
AgI2hiTSgRhfEW+yvPKgYFOBGSRgqvlm3DoL4650PZlDoJcI5OKUb1ORZbo2uYtF
wsKNfd/3TlX5YCMiYRtc50MP4ALk9ryyJsCfB3V++KvUIkb9X/Vh0lQfTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR2+uaBHvOzNDPzzr8k/WOEgkeaMB8GA1UdIwQY
MBaAFC3hIDrNmwehHqN+gvbCQf+EApdaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGVFZ09zMmJCNkVlbzM2QzlzSkJfNFFDbDFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9jMWFlOGQtYzJjYi00ZmU1LTlhMWMt
ZjI4Y2QyNzY0OTA0LzEvQkhiNjVvRWU4N00wTV9QT3Z5VDlZNFNDUjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9jMWFlOGQtYzJjYi00ZmU1LTlhMWMtZjI4Y2QyNzY0OTA0
LzEvTGVFZ09zMmJCNkVlbzM2QzlzSkJfNFFDbDFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHloyAMA0G
CSqGSIb3DQEBCwUAA4IBAQBkbbghSgh7UgDHCJ5RlSxnDA8k+Y5VKoBdjvhKEgLg
cPTHuzxwLl3HP5eX9dpXOCsTyMmo+JWEN8L0i67JtVCsDevlBDuY/ygVMsPXmmFU
MBXdK4WlkgA/07W2Ru4/ZaaH/CWOViym5lfsqBI6INzSZJ3uTAeKonBh6KBzVqMS
8ujLor981oFHN1nCG3dxz6wrFA7+0LsfNhqQ2qzk9tRPkdA3wI9rrWCm6EuzTRre
BZ9CCElzIjA5deg1nZDwWhHlCw+zeVDHTCdUYFncINlVX1Qkslp1h/a6+J//F1TV
B5BxlTdE5oP4ZMM63RVGb3ksrerHhXxPIigs/XTfL+oB
-----END CERTIFICATE-----