This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/Bg94-F9i2Jnpyy_ChTan2u5FmyY.roa
File:                     Bg94-F9i2Jnpyy_ChTan2u5FmyY.roa (raw, json)
Hash identifier:          DEbeaWmESIJAfvI0AWdbHW3D5o5mtMuvaof9/WcDDdY=
Subject key identifier:   06:0F:78:F8:5F:62:D8:99:E9:CB:2F:C2:85:36:A7:DA:EE:45:9B:26
Certificate issuer:       /CN=032b9d2de53710b3158e42f22889109e2c40f43b
Certificate serial:       019BBECAC7A313FF24E9BB4A07CEBF9F1D72
Authority key identifier: 03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/Bg94-F9i2Jnpyy_ChTan2u5FmyY.roa
Signing time:             Wed 14 Jan 2026 23:15:19 +0000
ROA not before:           Wed 14 Jan 2026 23:15:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207598
IP address blocks:        185.158.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:be:ca:c7:a3:13:ff:24:e9:bb:4a:07:ce:bf:9f:1d:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=032b9d2de53710b3158e42f22889109e2c40f43b
        Validity
            Not Before: Jan 14 23:15:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=060f78f85f62d899e9cb2fc28536a7daee459b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:71:1c:d5:ac:d3:c7:b6:46:df:5d:dd:b8:45:
                    fe:96:cf:1c:8e:fe:59:4a:4b:58:f2:9f:d2:3a:e3:
                    8f:93:52:bd:b1:4a:a9:c1:8b:c7:87:7f:45:69:a0:
                    95:aa:98:f2:c1:7a:3a:c7:94:57:f7:1c:fa:8d:a7:
                    3f:fb:31:c1:4a:b4:3f:c7:a7:08:b9:c6:a1:b6:93:
                    3a:6a:e4:65:d1:88:60:1c:91:1b:f2:c0:2d:d7:4e:
                    f6:c8:1d:6d:2c:41:11:a5:95:86:47:8a:2c:ba:c8:
                    d4:c6:98:42:c2:8b:fb:73:8e:18:70:11:4b:71:fa:
                    b3:f1:26:bf:9b:e1:b7:85:af:fc:e4:3b:ed:e2:63:
                    13:53:a1:3d:3c:c7:b2:0e:bc:56:15:53:8b:81:43:
                    b0:6f:17:a2:92:43:ea:cb:68:22:d5:c8:e4:b6:44:
                    fc:37:ab:a3:db:1b:12:e8:7a:3d:eb:61:93:1b:b2:
                    e2:67:0d:a0:f1:d8:bb:73:76:3b:16:b9:e1:da:8e:
                    a3:2b:f3:a7:4b:ab:2d:d3:2c:46:2f:28:49:cf:d0:
                    7a:7b:91:33:ba:f9:3c:06:f9:33:8a:0c:a0:73:ce:
                    d0:a5:34:27:32:94:4d:6d:00:cf:dc:9f:19:92:6d:
                    f6:81:29:f5:c7:f6:a5:e3:e0:7d:2a:c8:47:2b:f4:
                    59:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0F:78:F8:5F:62:D8:99:E9:CB:2F:C2:85:36:A7:DA:EE:45:9B:26
            X509v3 Authority Key Identifier:
                keyid:03:2B:9D:2D:E5:37:10:B3:15:8E:42:F2:28:89:10:9E:2C:40:F4:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyudLeU3ELMVjkLyKIkQnixA9Ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/Bg94-F9i2Jnpyy_ChTan2u5FmyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/d6dc9d-eb33-4ca4-aa82-4d19a8de0aba/1/AyudLeU3ELMVjkLyKIkQnixA9Ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:b6:8b:28:57:57:29:69:1f:fe:ce:9a:83:4b:48:71:2e:48:
         f0:fd:7f:e9:e0:bc:9f:e1:0f:09:37:59:45:02:21:36:ac:43:
         e3:91:e1:41:21:e8:6d:04:14:f3:1b:70:b1:7b:9d:a2:00:e2:
         22:37:21:da:df:64:0d:b8:37:df:75:da:a2:3d:bd:19:d2:ee:
         0e:f7:8b:b4:93:cd:a9:ac:91:d8:1c:5e:11:3b:61:89:91:7c:
         f7:71:27:d5:9b:cb:be:ef:4f:ff:b7:bc:a3:a5:c4:bb:4b:05:
         c0:52:52:e2:c8:2b:59:50:37:31:3d:ec:41:40:a1:6f:ed:19:
         b3:65:9a:3c:10:80:c2:58:0f:23:87:96:7c:c8:b6:b5:4c:14:
         91:73:94:4a:1a:3f:de:42:43:9f:99:ec:46:a8:f7:3f:d2:be:
         a7:ac:a0:18:b0:42:85:66:d3:1a:68:13:0f:39:be:cd:ba:a6:
         d5:97:d3:74:5e:d2:cd:4b:44:c2:52:40:31:d9:99:31:57:d1:
         50:e4:d4:e6:13:f4:9a:c6:32:62:69:71:ed:08:1a:72:94:3b:
         bc:06:db:e7:64:d3:44:75:22:eb:af:e3:c7:f7:85:7b:97:ca:
         b1:40:4f:b8:06:b0:83:85:69:82:e4:16:bb:a9:b4:f5:b6:3c:
         b4:99:c2:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZu+ysejE/8k6btKB86/nx1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMmI5ZDJkZTUzNzEwYjMxNThlNDJmMjI4ODkxMDllMmM0
MGY0M2IwHhcNMjYwMTE0MjMxNTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjBmNzhmODVmNjJkODk5ZTljYjJmYzI4NTM2YTdkYWVlNDU5YjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XEc1azTx7ZG313duEX+ls8cjv5Z
SktY8p/SOuOPk1K9sUqpwYvHh39FaaCVqpjywXo6x5RX9xz6jac/+zHBSrQ/x6cI
ucahtpM6auRl0YhgHJEb8sAt1072yB1tLEERpZWGR4osusjUxphCwov7c44YcBFL
cfqz8Sa/m+G3ha/85Dvt4mMTU6E9PMeyDrxWFVOLgUOwbxeikkPqy2gi1cjktkT8
N6uj2xsS6Ho962GTG7LiZw2g8di7c3Y7Frnh2o6jK/OnS6st0yxGLyhJz9B6e5Ez
uvk8Bvkzigygc87QpTQnMpRNbQDP3J8Zkm32gSn1x/al4+B9KshHK/RZqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYPePhfYtiZ6csvwoU2p9ruRZsmMB8GA1UdIwQY
MBaAFAMrnS3lNxCzFY5C8iiJEJ4sQPQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODIt
NGQxOWE4ZGUwYWJhLzEvQmc5NC1GOWkySm5weXlfQ2hUYW4ydTVGbXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kNmRjOWQtZWIzMy00Y2E0LWFhODItNGQxOWE4ZGUwYWJh
LzEvQXl1ZExlVTNFTE1WamtMeUtJa1FuaXhBOURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ4UMA0G
CSqGSIb3DQEBCwUAA4IBAQAetosoV1cpaR/+zpqDS0hxLkjw/X/p4Lyf4Q8JN1lF
AiE2rEPjkeFBIehtBBTzG3Cxe52iAOIiNyHa32QNuDffddqiPb0Z0u4O94u0k82p
rJHYHF4RO2GJkXz3cSfVm8u+70//t7yjpcS7SwXAUlLiyCtZUDcxPexBQKFv7Rmz
ZZo8EIDCWA8jh5Z8yLa1TBSRc5RKGj/eQkOfmexGqPc/0r6nrKAYsEKFZtMaaBMP
Ob7NuqbVl9N0XtLNS0TCUkAx2ZkxV9FQ5NTmE/SaxjJiaXHtCBpylDu8BtvnZNNE
dSLrr+PH94V7l8qxQE+4BrCDhWmC5Ba7qbT1tjy0mcLL
-----END CERTIFICATE-----