This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/BXn_bVoFgxHmHunAkFZSuzgFSwk.roa
File:                     BXn_bVoFgxHmHunAkFZSuzgFSwk.roa (raw, json)
Hash identifier:          jxJIsK3YcEKMp25t1FYnjxefcJAQeAeiUCQ6rxD9bpw=
Subject key identifier:   05:79:FF:6D:5A:05:83:11:E6:1E:E9:C0:90:56:52:BB:38:05:4B:09
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019B7E391FC6DEB0BDB08AE69E8D2EB5531F
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/BXn_bVoFgxHmHunAkFZSuzgFSwk.roa
Signing time:             Fri 02 Jan 2026 10:20:31 +0000
ROA not before:           Fri 02 Jan 2026 10:20:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210975
IP address blocks:        91.211.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:1f:c6:de:b0:bd:b0:8a:e6:9e:8d:2e:b5:53:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 10:20:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0579ff6d5a058311e61ee9c0905652bb38054b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3e:a6:7c:0c:b4:15:3c:98:42:cf:9e:3a:7a:
                    6f:ca:0f:56:db:99:eb:f2:8a:59:a5:5a:0d:ef:73:
                    c4:eb:59:41:8c:2d:38:ba:ab:a8:1b:3f:fe:ec:ef:
                    24:fb:68:5b:35:d4:6e:8d:f4:ee:fd:1c:a0:17:05:
                    0b:fe:7e:8b:3b:12:60:1a:7e:18:67:a5:d7:bc:8d:
                    9d:77:b8:e4:84:9f:f5:1e:de:19:54:92:88:1e:d8:
                    3a:25:cb:a6:0e:e6:e9:fa:d7:7e:7a:0a:ad:92:29:
                    7e:49:0c:95:33:a3:3b:04:99:58:3e:3a:ed:9d:a1:
                    08:4b:97:89:25:03:d7:d1:5b:79:93:f4:d4:21:cb:
                    75:e2:58:2c:12:fd:51:24:8e:8a:da:f9:2b:7e:d3:
                    a0:b6:fa:0f:2f:49:ef:1d:01:6b:4f:24:43:63:ee:
                    d3:a3:b9:6b:59:cc:74:00:b0:03:09:bd:57:2d:4a:
                    79:23:a4:6a:c9:bf:03:18:4e:c0:d3:43:e8:a9:e5:
                    d9:69:33:42:b1:7f:60:ce:e6:67:e7:15:5c:be:8c:
                    82:2c:92:72:be:6e:20:73:fd:7e:00:e2:38:bc:04:
                    3f:72:b5:0c:8e:f6:97:49:11:bd:53:6b:3e:12:6f:
                    04:fb:dd:2e:94:3a:86:9e:90:04:3a:bc:0d:91:ad:
                    8a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:79:FF:6D:5A:05:83:11:E6:1E:E9:C0:90:56:52:BB:38:05:4B:09
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/BXn_bVoFgxHmHunAkFZSuzgFSwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:d4:ed:b3:06:eb:f9:e7:da:ad:71:57:ba:a6:c2:60:6f:db:
         c6:26:30:74:52:0b:9f:73:02:98:11:5f:1b:7c:a6:65:96:2b:
         48:b7:ca:f4:4a:78:70:5b:21:a6:19:3a:6d:e3:5f:04:65:2c:
         2e:b6:8e:bd:42:c3:2d:c0:5c:23:69:d6:24:10:e2:1f:4b:89:
         54:ad:1a:96:e8:93:8d:60:65:23:68:ea:32:32:b5:a8:e7:ac:
         1c:74:32:a7:bd:9c:b4:cd:2e:d1:b0:61:c8:7b:f1:5c:b8:3f:
         f2:94:74:fb:89:51:34:09:a7:93:c0:16:e5:26:15:4c:1f:76:
         6b:c8:ed:5f:fc:af:b9:e3:ec:fe:1f:74:13:d9:94:47:51:57:
         33:e5:41:62:10:fa:38:c8:5d:36:b5:8f:e2:7a:49:c5:03:fb:
         5d:cd:f2:8a:f9:39:7b:b0:37:4a:13:ab:79:0f:ce:86:e1:27:
         aa:39:91:96:56:56:5f:6a:7b:ca:e5:da:82:65:18:98:5d:b5:
         87:94:06:28:12:8d:70:b2:61:30:c6:7a:7e:c7:d6:d9:b5:2e:
         32:71:bb:c7:a3:8c:87:d2:aa:31:7f:8a:f3:28:6d:0b:40:7d:
         c8:3d:b9:b9:50:71:6c:9f:3e:8b:86:d1:90:c9:26:b6:0c:f4:
         17:a6:52:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OR/G3rC9sIrmno0utVMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjYwMTAyMTAyMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTc5ZmY2ZDVhMDU4MzExZTYxZWU5YzA5MDU2NTJiYjM4MDU0YjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtj6mfAy0FTyYQs+eOnpvyg9W25nr
8opZpVoN73PE61lBjC04uquoGz/+7O8k+2hbNdRujfTu/RygFwUL/n6LOxJgGn4Y
Z6XXvI2dd7jkhJ/1Ht4ZVJKIHtg6JcumDubp+td+egqtkil+SQyVM6M7BJlYPjrt
naEIS5eJJQPX0Vt5k/TUIct14lgsEv1RJI6K2vkrftOgtvoPL0nvHQFrTyRDY+7T
o7lrWcx0ALADCb1XLUp5I6Rqyb8DGE7A00PoqeXZaTNCsX9gzuZn5xVcvoyCLJJy
vm4gc/1+AOI4vAQ/crUMjvaXSRG9U2s+Em8E+90ulDqGnpAEOrwNka2KXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAV5/21aBYMR5h7pwJBWUrs4BUsJMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvQlhuX2JWb0ZneEhtSHVuQWtGWlN1emdGU3drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9N5MA0G
CSqGSIb3DQEBCwUAA4IBAQCT1O2zBuv559qtcVe6psJgb9vGJjB0UgufcwKYEV8b
fKZllitIt8r0SnhwWyGmGTpt418EZSwuto69QsMtwFwjadYkEOIfS4lUrRqW6JON
YGUjaOoyMrWo56wcdDKnvZy0zS7RsGHIe/FcuD/ylHT7iVE0CaeTwBblJhVMH3Zr
yO1f/K+54+z+H3QT2ZRHUVcz5UFiEPo4yF02tY/ieknFA/tdzfKK+Tl7sDdKE6t5
D86G4SeqOZGWVlZfanvK5dqCZRiYXbWHlAYoEo1wsmEwxnp+x9bZtS4ycbvHo4yH
0qoxf4rzKG0LQH3IPbm5UHFsnz6LhtGQySa2DPQXplIi
-----END CERTIFICATE-----