This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/3e61d0-f6ce-4aad-9764-762d27277591/1/BVQLcuQ2z_bNWh8-bphHvzehfD8.roa
File:                     BVQLcuQ2z_bNWh8-bphHvzehfD8.roa (raw, json)
Hash identifier:          7yeAKow0/HvGyL5Krz9LW+Di5af53xxZoND+qyE9qtM=
Subject key identifier:   05:54:0B:72:E4:36:CF:F6:CD:5A:1F:3E:6E:98:47:BF:37:A1:7C:3F
Certificate issuer:       /CN=8f51aad0e4148abe3f2a8b8d4318f34b456b65f1
Certificate serial:       019AB60115E6B89F0EDBE80EE120C9D6C0F5
Authority key identifier: 8F:51:AA:D0:E4:14:8A:BE:3F:2A:8B:8D:43:18:F3:4B:45:6B:65:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j1Gq0OQUir4_KouNQxjzS0VrZfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/3e61d0-f6ce-4aad-9764-762d27277591/1/BVQLcuQ2z_bNWh8-bphHvzehfD8.roa
Signing time:             Mon 24 Nov 2025 13:15:15 +0000
ROA not before:           Mon 24 Nov 2025 13:15:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42465
IP address blocks:        86.111.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/3e61d0-f6ce-4aad-9764-762d27277591/1/j1Gq0OQUir4_KouNQxjzS0VrZfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/3e61d0-f6ce-4aad-9764-762d27277591/1/j1Gq0OQUir4_KouNQxjzS0VrZfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j1Gq0OQUir4_KouNQxjzS0VrZfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b6:01:15:e6:b8:9f:0e:db:e8:0e:e1:20:c9:d6:c0:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f51aad0e4148abe3f2a8b8d4318f34b456b65f1
        Validity
            Not Before: Nov 24 13:15:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05540b72e436cff6cd5a1f3e6e9847bf37a17c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c3:81:9f:e1:f5:8d:8c:22:a2:70:fa:05:f0:
                    7f:38:54:f5:94:ad:a2:d7:30:1d:c1:0d:d5:95:84:
                    ca:88:ef:13:96:55:b9:a4:5a:cb:f6:3c:ea:7f:25:
                    48:27:58:32:87:aa:fa:b7:db:f2:1b:29:71:fb:86:
                    49:d6:8a:c2:1e:31:8a:d7:57:6f:19:3c:cf:d1:b5:
                    12:81:b5:b5:76:7e:c5:41:25:98:9e:b6:7e:1f:08:
                    6b:ce:7b:f4:f8:9b:58:f2:21:34:f3:4d:2f:d0:18:
                    b6:03:2c:92:fa:3c:a3:80:9e:2e:59:85:c7:ce:5f:
                    53:68:2e:38:30:b9:01:c0:71:f8:15:9f:41:64:e7:
                    2c:8f:99:c3:b7:6a:b3:54:b0:4e:6c:dd:df:cc:65:
                    b7:c6:a7:df:28:5c:7e:01:13:2d:1d:72:5f:3b:f7:
                    dc:5d:fa:5c:ce:48:4d:f4:8d:fb:d6:e8:13:fc:8c:
                    18:85:b3:4f:ca:63:bd:00:c5:b7:55:8d:42:68:c9:
                    ef:04:59:02:f3:b0:32:ae:56:69:34:0a:30:1a:f9:
                    f1:da:f9:85:9d:bd:7c:08:cb:84:04:ef:dc:b5:3a:
                    06:4e:27:6b:3e:bd:c0:42:7c:a2:72:a3:8d:a8:71:
                    10:41:f9:54:71:0d:96:b9:74:fe:54:2e:60:08:11:
                    f8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:54:0B:72:E4:36:CF:F6:CD:5A:1F:3E:6E:98:47:BF:37:A1:7C:3F
            X509v3 Authority Key Identifier:
                keyid:8F:51:AA:D0:E4:14:8A:BE:3F:2A:8B:8D:43:18:F3:4B:45:6B:65:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j1Gq0OQUir4_KouNQxjzS0VrZfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/3e61d0-f6ce-4aad-9764-762d27277591/1/BVQLcuQ2z_bNWh8-bphHvzehfD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/3e61d0-f6ce-4aad-9764-762d27277591/1/j1Gq0OQUir4_KouNQxjzS0VrZfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.111.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:f7:0a:d1:c0:ac:ab:97:46:94:a7:53:be:cc:7a:c0:2d:1f:
         58:c2:09:ff:1a:87:1f:9a:09:a6:69:ed:23:a9:06:ce:e8:e8:
         1c:0b:ef:40:2c:b2:bc:3a:46:ea:5e:13:af:f5:72:ec:32:8c:
         e9:57:37:ce:da:a5:c3:91:90:d2:5b:1a:57:01:f1:40:05:fe:
         66:24:03:41:ba:42:e4:8e:cf:72:d7:60:b9:e3:bd:41:26:e7:
         9c:9b:3d:4f:d3:12:8c:93:27:a0:66:75:42:f0:ee:9f:c0:6d:
         3f:ea:ca:d3:34:fd:85:c3:49:7c:4f:8f:4c:33:86:f1:85:8a:
         8b:e6:de:1d:24:e0:fa:92:cd:91:af:d6:70:35:95:b5:0f:bc:
         2a:d8:d8:27:d6:19:d7:02:63:90:9c:78:24:b3:d1:82:33:96:
         82:8b:27:0d:a8:c9:1e:39:b7:1d:46:f3:24:b3:2a:f4:7f:aa:
         ee:b0:7e:5d:26:0d:98:3e:a3:ad:e0:4a:cb:77:15:7f:1d:49:
         92:3f:9b:bd:f0:df:b2:61:1f:58:6d:cc:73:69:f3:7a:19:78:
         ac:cb:a0:e3:07:26:25:95:38:98:ed:5f:81:23:c2:df:7a:1c:
         3d:e1:a7:79:2e:97:81:4e:d0:03:75:f7:88:19:c2:1f:19:9b:
         df:16:ee:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq2ARXmuJ8O2+gO4SDJ1sD1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNTFhYWQwZTQxNDhhYmUzZjJhOGI4ZDQzMThmMzRiNDU2
YjY1ZjEwHhcNMjUxMTI0MTMxNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTU0MGI3MmU0MzZjZmY2Y2Q1YTFmM2U2ZTk4NDdiZjM3YTE3YzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusOBn+H1jYwionD6BfB/OFT1lK2i
1zAdwQ3VlYTKiO8TllW5pFrL9jzqfyVIJ1gyh6r6t9vyGylx+4ZJ1orCHjGK11dv
GTzP0bUSgbW1dn7FQSWYnrZ+Hwhrznv0+JtY8iE0800v0Bi2AyyS+jyjgJ4uWYXH
zl9TaC44MLkBwHH4FZ9BZOcsj5nDt2qzVLBObN3fzGW3xqffKFx+ARMtHXJfO/fc
XfpczkhN9I371ugT/IwYhbNPymO9AMW3VY1CaMnvBFkC87AyrlZpNAowGvnx2vmF
nb18CMuEBO/ctToGTidrPr3AQnyicqONqHEQQflUcQ2WuXT+VC5gCBH4vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVUC3LkNs/2zVofPm6YR783oXw/MB8GA1UdIwQY
MBaAFI9RqtDkFIq+PyqLjUMY80tFa2XxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajFHcTBPUVVpcjRfS291TlF4anpTMFZyWmZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zZTYxZDAtZjZjZS00YWFkLTk3NjQt
NzYyZDI3Mjc3NTkxLzEvQlZRTGN1UTJ6X2JOV2g4LWJwaEh2emVoZkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zZTYxZDAtZjZjZS00YWFkLTk3NjQtNzYyZDI3Mjc3NTkx
LzEvajFHcTBPUVVpcjRfS291TlF4anpTMFZyWmZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm/YMA0G
CSqGSIb3DQEBCwUAA4IBAQCH9wrRwKyrl0aUp1O+zHrALR9Ywgn/Gocfmgmmae0j
qQbO6OgcC+9ALLK8OkbqXhOv9XLsMozpVzfO2qXDkZDSWxpXAfFABf5mJANBukLk
js9y12C5471BJuecmz1P0xKMkyegZnVC8O6fwG0/6srTNP2Fw0l8T49MM4bxhYqL
5t4dJOD6ks2Rr9ZwNZW1D7wq2Ngn1hnXAmOQnHgks9GCM5aCiycNqMkeObcdRvMk
syr0f6rusH5dJg2YPqOt4ErLdxV/HUmSP5u98N+yYR9YbcxzafN6GXisy6DjByYl
lTiY7V+BI8Lfehw94ad5LpeBTtADdfeIGcIfGZvfFu5u
-----END CERTIFICATE-----