This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/BIcN5aoAOl1KvHqrpwSgfpe3bKQ.roa
File:                     BIcN5aoAOl1KvHqrpwSgfpe3bKQ.roa (raw, json)
Hash identifier:          lnNlQg8amQO6kFSvzSOC3nKLC4UQiHYnnxg5VQ58z58=
Subject key identifier:   04:87:0D:E5:AA:00:3A:5D:4A:BC:7A:AB:A7:04:A0:7E:97:B7:6C:A4
Certificate issuer:       /CN=4295c3ef00cffece2f71b61991c6c6d3da49c110
Certificate serial:       019B783436D0533B544000D365A95CA0D692
Authority key identifier: 42:95:C3:EF:00:CF:FE:CE:2F:71:B6:19:91:C6:C6:D3:DA:49:C1:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpXD7wDP_s4vcbYZkcbG09pJwRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/BIcN5aoAOl1KvHqrpwSgfpe3bKQ.roa
Signing time:             Thu 01 Jan 2026 06:17:26 +0000
ROA not before:           Thu 01 Jan 2026 06:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31027
IP address blocks:        192.66.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/QpXD7wDP_s4vcbYZkcbG09pJwRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/QpXD7wDP_s4vcbYZkcbG09pJwRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpXD7wDP_s4vcbYZkcbG09pJwRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:36:d0:53:3b:54:40:00:d3:65:a9:5c:a0:d6:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4295c3ef00cffece2f71b61991c6c6d3da49c110
        Validity
            Not Before: Jan  1 06:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04870de5aa003a5d4abc7aaba704a07e97b76ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ea:b8:b4:52:83:e4:e7:e9:17:d0:a8:fa:78:
                    a7:de:6d:d8:37:5c:7b:d3:1b:7f:ae:4e:cd:f9:5d:
                    7e:35:ef:54:04:b7:6e:1e:6f:78:0c:22:43:82:fb:
                    9a:95:28:25:02:f6:67:e2:40:81:b6:aa:ba:92:c2:
                    c7:07:b6:86:9a:d1:f6:43:62:15:4c:7c:13:33:a4:
                    df:fa:53:42:e1:1c:dd:0e:7b:1d:e6:c6:8a:7c:e2:
                    c7:17:1c:c8:05:b3:e9:32:a4:71:c4:b4:5f:31:c8:
                    14:86:a6:2b:55:d4:02:16:2a:b0:cc:84:2a:38:58:
                    f9:9b:46:fe:ed:60:0b:17:92:21:84:54:99:ab:62:
                    67:6c:de:fc:e0:03:11:7d:97:6b:59:49:84:64:4e:
                    3f:78:2a:b2:73:d6:c8:31:86:c3:d6:34:a1:b6:e6:
                    d5:90:a2:c6:fe:7e:38:86:5e:6e:61:82:e7:37:c2:
                    39:57:fe:ae:b0:52:a7:2c:c9:2a:e7:c8:82:a6:1a:
                    52:c0:fe:6a:6d:40:af:fb:50:29:e9:84:5f:c2:f3:
                    92:67:5a:53:2d:dd:97:db:dd:ad:58:ab:7e:44:18:
                    dc:c0:3a:af:80:92:11:b9:97:c9:1d:c2:7c:b1:c5:
                    99:45:e8:2d:5e:19:fc:31:9d:12:42:ee:a3:4f:8c:
                    00:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:87:0D:E5:AA:00:3A:5D:4A:BC:7A:AB:A7:04:A0:7E:97:B7:6C:A4
            X509v3 Authority Key Identifier:
                keyid:42:95:C3:EF:00:CF:FE:CE:2F:71:B6:19:91:C6:C6:D3:DA:49:C1:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpXD7wDP_s4vcbYZkcbG09pJwRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/BIcN5aoAOl1KvHqrpwSgfpe3bKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/QpXD7wDP_s4vcbYZkcbG09pJwRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.66.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:4f:49:7a:f9:02:7b:76:95:30:fb:1a:92:04:4a:83:66:1b:
         3c:b3:99:1f:17:1d:7c:7c:30:29:03:36:4f:8a:27:3d:64:5c:
         51:dc:3c:49:7d:dc:78:2b:be:da:8c:6f:fb:9f:c7:e5:16:da:
         fe:7f:90:42:0a:ac:1a:b8:fd:a9:11:d7:33:f1:4f:c8:b6:0e:
         b7:ab:59:3a:99:76:af:07:29:c2:bd:b2:0b:90:76:24:4f:b7:
         c6:da:0d:1f:ee:78:b4:28:72:aa:df:f2:cd:1e:8a:a7:8b:25:
         10:7c:1f:3d:12:9a:33:70:9b:c8:02:78:b1:30:bf:b0:84:45:
         e2:ec:53:42:45:ab:bd:98:ea:93:2a:47:7d:df:ce:22:c4:e4:
         a0:ee:3a:c1:b8:1d:6d:37:29:05:52:cf:fb:a4:70:2b:af:87:
         48:c4:00:3d:c2:a8:c0:a1:7e:c2:20:a2:ca:09:a1:af:d2:e5:
         ff:b7:34:e3:49:39:77:cc:8c:93:af:bf:0a:68:59:db:38:5a:
         da:91:86:92:4f:94:7b:7c:bf:07:bb:aa:9e:d6:1a:01:8f:d3:
         1b:cf:84:92:99:65:64:ad:68:70:31:61:d1:44:56:1f:b8:d7:
         07:b8:2f:4b:2d:87:4d:d8:29:5e:c4:bc:51:8b:35:c5:14:7e:
         6b:a6:40:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NDbQUztUQADTZalcoNaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTVjM2VmMDBjZmZlY2UyZjcxYjYxOTkxYzZjNmQzZGE0
OWMxMTAwHhcNMjYwMTAxMDYxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDg3MGRlNWFhMDAzYTVkNGFiYzdhYWJhNzA0YTA3ZTk3Yjc2Y2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+q4tFKD5OfpF9Co+nin3m3YN1x7
0xt/rk7N+V1+Ne9UBLduHm94DCJDgvualSglAvZn4kCBtqq6ksLHB7aGmtH2Q2IV
THwTM6Tf+lNC4RzdDnsd5saKfOLHFxzIBbPpMqRxxLRfMcgUhqYrVdQCFiqwzIQq
OFj5m0b+7WALF5IhhFSZq2JnbN784AMRfZdrWUmEZE4/eCqyc9bIMYbD1jShtubV
kKLG/n44hl5uYYLnN8I5V/6usFKnLMkq58iCphpSwP5qbUCv+1Ap6YRfwvOSZ1pT
Ld2X292tWKt+RBjcwDqvgJIRuZfJHcJ8scWZRegtXhn8MZ0SQu6jT4wAIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASHDeWqADpdSrx6q6cEoH6Xt2ykMB8GA1UdIwQY
MBaAFEKVw+8Az/7OL3G2GZHGxtPaScEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBYRDd3RFBfczR2Y2JZWmtjYkcwOXBKd1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8zYzdmODMtYmMyOC00MjgyLWFhMDIt
OTY5ZjJhMDBlZGUwLzEvQkljTjVhb0FPbDFLdkhxcnB3U2dmcGUzYktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8zYzdmODMtYmMyOC00MjgyLWFhMDItOTY5ZjJhMDBlZGUw
LzEvUXBYRDd3RFBfczR2Y2JZWmtjYkcwOXBKd1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwEI8MA0G
CSqGSIb3DQEBCwUAA4IBAQAhT0l6+QJ7dpUw+xqSBEqDZhs8s5kfFx18fDApAzZP
iic9ZFxR3DxJfdx4K77ajG/7n8flFtr+f5BCCqwauP2pEdcz8U/Itg63q1k6mXav
BynCvbILkHYkT7fG2g0f7ni0KHKq3/LNHoqniyUQfB89EpozcJvIAnixML+whEXi
7FNCRau9mOqTKkd9384ixOSg7jrBuB1tNykFUs/7pHArr4dIxAA9wqjAoX7CIKLK
CaGv0uX/tzTjSTl3zIyTr78KaFnbOFrakYaST5R7fL8Hu6qe1hoBj9Mbz4SSmWVk
rWhwMWHRRFYfuNcHuC9LLYdN2ClexLxRizXFFH5rpkDt
-----END CERTIFICATE-----