This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/iBWI_be6KZTQs8EfQhXMJzUgSHM.roa
File:                     iBWI_be6KZTQs8EfQhXMJzUgSHM.roa (raw, json)
Hash identifier:          ocUnmNt9pPZOeFDjwHl6jCfHOmkeOSrq2u2q/CCROrc=
Subject key identifier:   88:15:88:FD:B7:BA:29:94:D0:B3:C1:1F:42:15:CC:27:35:20:48:73
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       019B7B36A62EC0E741547D6F883001C04852
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/iBWI_be6KZTQs8EfQhXMJzUgSHM.roa
Signing time:             Thu 01 Jan 2026 20:18:57 +0000
ROA not before:           Thu 01 Jan 2026 20:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19197
IP address blocks:        57.72.96.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a6:2e:c0:e7:41:54:7d:6f:88:30:01:c0:48:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  1 20:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=881588fdb7ba2994d0b3c11f4215cc2735204873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f8:83:98:3f:d2:1d:b8:f9:fd:ba:b2:9d:2d:
                    de:4b:83:14:cd:8e:ed:81:de:34:88:60:3d:db:8c:
                    21:bb:19:a7:61:2a:4c:2d:4a:d9:c6:b9:7f:94:30:
                    4a:6d:86:9a:3a:eb:fb:b0:ff:b9:3f:1f:1a:fc:4e:
                    56:bd:3d:d5:25:7b:5f:af:24:31:75:4c:0a:5c:4a:
                    e5:20:59:68:cf:a7:6f:d7:a6:28:ed:b3:64:80:82:
                    6e:41:46:2f:ae:ed:c3:ec:bf:3f:d1:07:a7:18:5d:
                    77:07:20:af:63:23:52:e1:44:33:0a:90:91:03:bc:
                    89:3e:4c:9f:d1:bd:84:fe:35:ea:d6:41:cd:ed:9e:
                    0b:d3:d1:e2:4b:5c:5a:5a:36:7f:7d:d4:ef:c7:f6:
                    af:f1:3d:66:03:70:76:ca:88:9e:71:cf:a7:56:bd:
                    99:1c:5b:02:2c:78:e3:f2:c4:25:67:a8:43:bb:17:
                    b3:82:4c:e1:b7:2f:bd:d7:1e:67:a5:06:53:e1:27:
                    0c:6b:01:45:c8:7f:f1:fc:14:df:b9:61:b4:20:90:
                    7d:80:00:65:2b:a9:5b:f7:e8:d0:b1:a5:e4:75:9b:
                    02:7a:39:f5:77:0b:56:6b:12:61:ce:f1:c8:d2:ae:
                    e1:32:fe:b4:34:7a:39:53:6e:41:65:98:b1:5c:f4:
                    5d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:15:88:FD:B7:BA:29:94:D0:B3:C1:1F:42:15:CC:27:35:20:48:73
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/iBWI_be6KZTQs8EfQhXMJzUgSHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.72.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:6a:91:d7:31:2a:b9:18:af:64:3a:50:15:6c:13:4c:ed:f4:
         35:35:a8:cb:2d:cd:73:b6:33:1b:00:e9:92:e5:a4:86:96:31:
         2e:26:e9:5d:af:0a:7d:24:e1:6d:c7:f8:22:73:81:37:00:a7:
         98:fd:84:d5:59:a9:4e:3e:53:34:3b:e4:d3:c5:53:12:ce:47:
         45:f4:15:a2:c3:b6:1a:3a:b7:f6:97:09:6e:f3:57:f5:bd:7f:
         dc:f3:a3:d2:ba:c6:7c:11:46:ad:6b:5b:ad:46:13:12:b7:7f:
         cc:a1:a4:bb:a7:0e:76:63:68:b2:c6:7a:6d:bf:1b:dc:69:29:
         f8:a5:af:b9:de:64:5f:7d:55:71:1a:88:8d:13:16:1e:02:8b:
         7e:1d:01:16:90:3b:6c:eb:3b:0a:3f:45:04:92:1e:30:69:8a:
         f1:83:07:dc:ae:b9:f1:1f:0d:b6:d2:d2:ce:cd:31:78:2e:ad:
         39:04:ab:b4:ef:b0:0f:7a:17:b9:39:21:10:4f:75:60:0f:08:
         d7:5d:d5:e0:2c:64:e7:d7:a4:db:ed:0a:e2:17:21:af:2a:0e:
         de:f3:6a:c7:3c:05:10:6a:28:52:0e:09:dd:f2:5c:9a:3b:bf:
         41:91:31:1e:48:29:b7:ec:0e:50:1e:90:27:d0:88:e8:14:13:
         3c:d6:f1:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NqYuwOdBVH1viDABwEhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjYwMTAxMjAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE1ODhmZGI3YmEyOTk0ZDBiM2MxMWY0MjE1Y2MyNzM1MjA0ODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsviDmD/SHbj5/bqynS3eS4MUzY7t
gd40iGA924whuxmnYSpMLUrZxrl/lDBKbYaaOuv7sP+5Px8a/E5WvT3VJXtfryQx
dUwKXErlIFloz6dv16Yo7bNkgIJuQUYvru3D7L8/0QenGF13ByCvYyNS4UQzCpCR
A7yJPkyf0b2E/jXq1kHN7Z4L09HiS1xaWjZ/fdTvx/av8T1mA3B2yoiecc+nVr2Z
HFsCLHjj8sQlZ6hDuxezgkzhty+91x5npQZT4ScMawFFyH/x/BTfuWG0IJB9gABl
K6lb9+jQsaXkdZsCejn1dwtWaxJhzvHI0q7hMv60NHo5U25BZZixXPRdkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgViP23uimU0LPBH0IVzCc1IEhzMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvaUJXSV9iZTZLWlRRczhFZlFoWE1KelVnU0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAOUhgMA0G
CSqGSIb3DQEBCwUAA4IBAQB3apHXMSq5GK9kOlAVbBNM7fQ1NajLLc1ztjMbAOmS
5aSGljEuJuldrwp9JOFtx/gic4E3AKeY/YTVWalOPlM0O+TTxVMSzkdF9BWiw7Ya
Orf2lwlu81f1vX/c86PSusZ8EUata1utRhMSt3/MoaS7pw52Y2iyxnptvxvcaSn4
pa+53mRffVVxGoiNExYeAot+HQEWkDts6zsKP0UEkh4waYrxgwfcrrnxHw220tLO
zTF4Lq05BKu077APehe5OSEQT3VgDwjXXdXgLGTn16Tb7QriFyGvKg7e82rHPAUQ
aihSDgnd8lyaO79BkTEeSCm37A5QHpAn0IjoFBM81vGW
-----END CERTIFICATE-----