This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/bgTj1AVpGOJ4PVrdSMxeLKpik_E.roa
File:                     bgTj1AVpGOJ4PVrdSMxeLKpik_E.roa (raw, json)
Hash identifier:          PA5QdaiNGx0nBgpS5K3tHFIeNRXLUOzm0Y2JaVTpock=
Subject key identifier:   6E:04:E3:D4:05:69:18:E2:78:3D:5A:DD:48:CC:5E:2C:AA:62:93:F1
Certificate issuer:       /CN=405d645741215677b7748d1fdefd416207adb12d
Certificate serial:       019B7A5B0CC7846DDE3EF9E3E014FABFAE59
Authority key identifier: 40:5D:64:57:41:21:56:77:B7:74:8D:1F:DE:FD:41:62:07:AD:B1:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/bgTj1AVpGOJ4PVrdSMxeLKpik_E.roa
Signing time:             Thu 01 Jan 2026 16:19:05 +0000
ROA not before:           Thu 01 Jan 2026 16:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206123
IP address blocks:        193.8.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:0c:c7:84:6d:de:3e:f9:e3:e0:14:fa:bf:ae:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=405d645741215677b7748d1fdefd416207adb12d
        Validity
            Not Before: Jan  1 16:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e04e3d4056918e2783d5add48cc5e2caa6293f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:18:16:42:13:c6:16:01:ee:8a:5a:db:59:9e:
                    63:36:0f:a4:09:68:a6:d1:31:31:16:58:d4:e9:d6:
                    44:01:2b:af:08:a3:d9:0c:45:af:c1:12:1b:60:c1:
                    c6:5c:5c:e3:f7:d3:b3:85:cf:1d:0e:21:27:56:1d:
                    91:6b:48:e5:ab:bd:c4:1a:35:af:37:1c:28:a6:29:
                    57:b7:79:bf:53:f5:db:ef:b3:6a:6c:a6:a3:90:dd:
                    c0:63:c1:b5:e4:f3:ad:9b:04:d8:df:6a:8b:fa:d0:
                    aa:2b:c6:2a:66:d8:95:71:e5:c2:0b:60:31:42:26:
                    45:0c:c5:b5:bf:59:d0:a2:d8:65:ff:f6:56:4d:de:
                    3b:82:57:05:87:46:53:2b:86:23:06:6d:8a:ea:b8:
                    82:97:85:cb:dd:fc:7b:30:0c:21:1f:85:e7:a8:55:
                    0f:ba:d2:45:e8:ea:a0:42:63:82:ab:00:9c:20:ae:
                    51:18:95:86:0d:26:59:54:65:dd:d4:c7:48:ea:39:
                    72:77:4c:a8:ba:e6:30:dd:6f:1d:f2:61:d2:b4:b9:
                    29:53:b2:28:f6:7e:75:95:ee:52:79:3a:db:70:87:
                    f1:79:b8:97:e4:e7:5c:d5:57:30:e6:e3:6c:57:d9:
                    2c:ef:83:00:7f:a1:cf:e1:ef:b4:91:fd:1d:e7:82:
                    fc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:04:E3:D4:05:69:18:E2:78:3D:5A:DD:48:CC:5E:2C:AA:62:93:F1
            X509v3 Authority Key Identifier:
                keyid:40:5D:64:57:41:21:56:77:B7:74:8D:1F:DE:FD:41:62:07:AD:B1:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/bgTj1AVpGOJ4PVrdSMxeLKpik_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:22:3b:cc:01:40:6e:30:4e:37:25:0a:8b:42:5c:e7:3b:d8:
         4f:22:27:93:0f:cb:29:47:93:5e:de:dc:e6:43:ca:60:69:d7:
         45:02:c3:1d:e0:e2:c9:6f:b6:ca:8f:70:9d:94:f8:0e:5c:6d:
         20:c0:2a:47:78:9b:53:92:9c:0f:4c:11:0c:38:87:0c:29:21:
         1d:c1:c6:d2:b6:cb:9d:d7:16:4a:0b:2b:14:ed:4b:a8:3b:3c:
         68:cc:cb:1f:50:76:5d:48:31:d6:97:ba:9f:cc:42:59:1b:a6:
         12:64:04:9f:32:90:de:46:0c:47:88:5c:e5:af:ec:ed:a0:6f:
         47:7a:82:5d:85:76:0c:22:af:ff:51:bc:37:07:7b:74:76:e2:
         52:26:f3:27:43:ec:c3:69:cc:4b:e8:38:09:0a:0b:16:c3:f5:
         d1:5d:20:f6:07:ce:f1:0e:02:a6:a6:85:e6:70:48:5f:92:ec:
         fe:e6:56:cf:3b:e1:24:51:23:2e:19:c8:62:42:22:b4:9b:e3:
         5e:fa:c8:94:37:56:9b:28:b6:9e:0b:c7:67:91:5a:ab:99:0a:
         f1:fc:69:aa:f4:df:09:40:e8:93:3f:26:45:b0:70:00:c4:b1:
         6e:fb:c6:08:95:b5:85:19:88:cf:26:20:60:f8:fa:70:6e:8a:
         7a:86:02:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwzHhG3ePvnj4BT6v65ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNWQ2NDU3NDEyMTU2NzdiNzc0OGQxZmRlZmQ0MTYyMDdh
ZGIxMmQwHhcNMjYwMTAxMTYxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTA0ZTNkNDA1NjkxOGUyNzgzZDVhZGQ0OGNjNWUyY2FhNjI5M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthgWQhPGFgHuilrbWZ5jNg+kCWim
0TExFljU6dZEASuvCKPZDEWvwRIbYMHGXFzj99Ozhc8dDiEnVh2Ra0jlq73EGjWv
NxwopilXt3m/U/Xb77NqbKajkN3AY8G15POtmwTY32qL+tCqK8YqZtiVceXCC2Ax
QiZFDMW1v1nQothl//ZWTd47glcFh0ZTK4YjBm2K6riCl4XL3fx7MAwhH4XnqFUP
utJF6OqgQmOCqwCcIK5RGJWGDSZZVGXd1MdI6jlyd0youuYw3W8d8mHStLkpU7Io
9n51le5SeTrbcIfxebiX5Odc1Vcw5uNsV9ks74MAf6HP4e+0kf0d54L8rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4E49QFaRjieD1a3UjMXiyqYpPxMB8GA1UdIwQY
MBaAFEBdZFdBIVZ3t3SNH979QWIHrbEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUYxa1YwRWhWbmUzZEkwZjN2MUJZZ2V0c1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni80M2Q4MzAtOTgxMS00NTk5LTgzNDkt
NDQwZGQwMTJiMTQxLzEvYmdUajFBVnBHT0o0UFZyZFNNeGVMS3Bpa19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni80M2Q4MzAtOTgxMS00NTk5LTgzNDktNDQwZGQwMTJiMTQx
LzEvUUYxa1YwRWhWbmUzZEkwZjN2MUJZZ2V0c1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhMMA0G
CSqGSIb3DQEBCwUAA4IBAQBHIjvMAUBuME43JQqLQlznO9hPIieTD8spR5Ne3tzm
Q8pgaddFAsMd4OLJb7bKj3CdlPgOXG0gwCpHeJtTkpwPTBEMOIcMKSEdwcbStsud
1xZKCysU7UuoOzxozMsfUHZdSDHWl7qfzEJZG6YSZASfMpDeRgxHiFzlr+ztoG9H
eoJdhXYMIq//Ubw3B3t0duJSJvMnQ+zDacxL6DgJCgsWw/XRXSD2B87xDgKmpoXm
cEhfkuz+5lbPO+EkUSMuGchiQiK0m+Ne+siUN1abKLaeC8dnkVqrmQrx/Gmq9N8J
QOiTPyZFsHAAxLFu+8YIlbWFGYjPJiBg+Ppwbop6hgLl
-----END CERTIFICATE-----