This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Brag2AWJxCJOzUNfJ9j8KRrHLV0.roa
File:                     Brag2AWJxCJOzUNfJ9j8KRrHLV0.roa (raw, json)
Hash identifier:          4rlDWgZec7ow5gytumrcSsGCSJMzxJPXHxRRER4U6Jo=
Subject key identifier:   06:B6:A0:D8:05:89:C4:22:4E:CD:43:5F:27:D8:FC:29:1A:C7:2D:5D
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019BC22F9D6432E4A770915A8DB26B092B29
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Brag2AWJxCJOzUNfJ9j8KRrHLV0.roa
Signing time:             Thu 15 Jan 2026 15:04:18 +0000
ROA not before:           Thu 15 Jan 2026 15:04:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213887
IP address blocks:        85.137.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c2:2f:9d:64:32:e4:a7:70:91:5a:8d:b2:6b:09:2b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Jan 15 15:04:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06b6a0d80589c4224ecd435f27d8fc291ac72d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6a:e0:a9:6c:35:40:2e:9d:04:18:71:75:a1:
                    e2:ed:25:ae:3b:8a:ab:31:d6:85:7a:fd:3b:ae:b3:
                    49:46:65:fd:c8:75:95:f3:81:b4:92:76:18:1c:c4:
                    88:f6:ed:55:19:2e:70:5e:d9:76:1c:d2:26:a4:e2:
                    87:41:f6:a3:ed:13:ec:50:b2:ed:4a:ae:3c:f5:25:
                    25:a1:b5:de:ad:8c:ef:86:20:47:2d:d2:99:54:73:
                    32:16:41:52:ee:38:77:cc:fd:3e:41:a6:e5:ec:84:
                    e9:df:bf:53:39:69:89:66:3b:31:20:ea:03:96:4e:
                    51:44:f7:dc:a3:f7:63:38:c5:c6:03:e2:4a:a5:19:
                    e4:e1:f0:44:ff:66:16:86:b1:58:a3:df:81:8d:ad:
                    79:54:fc:16:05:2e:6d:ca:c4:72:b2:76:60:6c:d6:
                    e2:99:8f:c9:e0:72:23:d4:79:12:cf:95:cd:39:e9:
                    4d:b5:25:2c:ea:e0:af:f2:bf:f7:73:a6:e7:15:14:
                    4d:df:bd:bf:e0:a1:47:61:ea:af:9f:bd:27:cf:0b:
                    bd:ba:1e:9a:08:79:c8:c9:fe:fa:5a:36:ca:05:e1:
                    c6:9e:50:e5:5f:a1:96:52:c4:d4:24:8e:cc:d2:e2:
                    16:b6:76:aa:9d:ee:01:b4:49:24:a7:34:0b:b0:d9:
                    1c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B6:A0:D8:05:89:C4:22:4E:CD:43:5F:27:D8:FC:29:1A:C7:2D:5D
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Brag2AWJxCJOzUNfJ9j8KRrHLV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.137.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:16:09:e1:74:6e:36:23:57:9d:f0:7e:be:cf:fa:f3:a6:90:
         10:67:7b:b1:b8:c2:13:dc:40:36:c3:a9:97:b6:67:d7:ac:08:
         cf:68:08:8f:52:82:21:4e:2d:cb:b1:8f:75:28:b7:d4:48:51:
         ff:ac:2d:c3:73:f3:0e:3b:f8:9c:4d:cd:43:2d:c4:73:b2:98:
         a0:5e:40:f3:13:44:a1:f2:ea:07:37:ff:2f:cc:b5:98:0f:61:
         ef:e9:12:90:a4:fe:35:67:bb:e1:76:b3:63:e7:26:ae:21:9d:
         c8:b3:92:42:35:c9:ad:53:17:a3:8e:84:45:18:7a:3f:9f:db:
         2c:55:85:57:fd:07:0b:47:64:fd:f4:1d:17:c5:ef:13:ff:f3:
         66:04:45:84:f8:f0:4e:f1:7a:5e:98:da:59:53:02:83:b6:53:
         e0:b0:1d:29:cb:9c:0b:b9:95:e9:54:33:6e:46:fa:05:ae:1e:
         7f:57:c9:0c:c1:9a:57:b0:8c:23:89:38:9d:c7:5d:21:b5:d3:
         ad:9e:93:52:6c:b8:20:1b:98:3b:dc:2f:73:94:bf:b5:f8:10:
         f1:c6:ef:ed:f1:19:65:b1:bf:2b:46:26:f6:9c:aa:a2:14:54:
         37:a4:da:f1:f6:c4:66:92:db:62:81:cf:67:26:b7:8f:d0:e1:
         32:ab:63:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvCL51kMuSncJFajbJrCSspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMTE1MTUwNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI2YTBkODA1ODljNDIyNGVjZDQzNWYyN2Q4ZmMyOTFhYzcyZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWrgqWw1QC6dBBhxdaHi7SWuO4qr
MdaFev07rrNJRmX9yHWV84G0knYYHMSI9u1VGS5wXtl2HNImpOKHQfaj7RPsULLt
Sq489SUlobXerYzvhiBHLdKZVHMyFkFS7jh3zP0+Qabl7ITp379TOWmJZjsxIOoD
lk5RRPfco/djOMXGA+JKpRnk4fBE/2YWhrFYo9+Bja15VPwWBS5tysRysnZgbNbi
mY/J4HIj1HkSz5XNOelNtSUs6uCv8r/3c6bnFRRN372/4KFHYeqvn70nzwu9uh6a
CHnIyf76WjbKBeHGnlDlX6GWUsTUJI7M0uIWtnaqne4BtEkkpzQLsNkcSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa2oNgFicQiTs1DXyfY/Ckaxy1dMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvQnJhZzJBV0p4Q0pPelVOZko5ajhLUnJITFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVYn+MA0G
CSqGSIb3DQEBCwUAA4IBAQBIFgnhdG42I1ed8H6+z/rzppAQZ3uxuMIT3EA2w6mX
tmfXrAjPaAiPUoIhTi3LsY91KLfUSFH/rC3Dc/MOO/icTc1DLcRzspigXkDzE0Sh
8uoHN/8vzLWYD2Hv6RKQpP41Z7vhdrNj5yauIZ3Is5JCNcmtUxejjoRFGHo/n9ss
VYVX/QcLR2T99B0Xxe8T//NmBEWE+PBO8XpemNpZUwKDtlPgsB0py5wLuZXpVDNu
RvoFrh5/V8kMwZpXsIwjiTidx10htdOtnpNSbLggG5g73C9zlL+1+BDxxu/t8Rll
sb8rRib2nKqiFFQ3pNrx9sRmkttigc9nJreP0OEyq2Mf
-----END CERTIFICATE-----