This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/BK_uZd5RIdvcCcnIrkl91Qf2mFw.roa
File:                     BK_uZd5RIdvcCcnIrkl91Qf2mFw.roa (raw, json)
Hash identifier:          wV2RNnXCJX3V+Medw8LdpmAEbR5QwEUgTvufx7pFq14=
Subject key identifier:   04:AF:EE:65:DE:51:21:DB:DC:09:C9:C8:AE:49:7D:D5:07:F6:98:5C
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       019B79ED46FA1C7CBA4813C8E7C17004ACA5
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/BK_uZd5RIdvcCcnIrkl91Qf2mFw.roa
Signing time:             Thu 01 Jan 2026 14:19:11 +0000
ROA not before:           Thu 01 Jan 2026 14:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50738
IP address blocks:        95.140.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:46:fa:1c:7c:ba:48:13:c8:e7:c1:70:04:ac:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  1 14:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04afee65de5121dbdc09c9c8ae497dd507f6985c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a5:1f:8e:ea:be:c9:85:89:8f:80:65:8c:0a:
                    2c:fd:92:b1:58:60:48:55:84:76:86:59:f4:39:f2:
                    1c:58:fa:39:85:00:22:53:df:ae:b0:4d:13:ed:07:
                    52:3c:7f:aa:d0:f1:64:57:e5:f4:9f:26:6c:ec:48:
                    8a:55:62:ee:15:06:11:d3:ff:00:ce:d1:38:19:ea:
                    4c:53:3d:44:f1:c3:6f:fd:03:48:f2:40:24:fc:5c:
                    2c:de:4f:b9:79:6c:df:00:09:ae:42:a8:71:16:2a:
                    08:74:81:3d:d2:6c:4e:7b:b1:bb:da:38:f8:62:7c:
                    de:72:06:4f:d5:eb:e0:d7:11:f4:69:27:38:68:2a:
                    de:70:e8:12:43:f0:09:e2:99:23:a2:f0:36:66:1a:
                    d0:fb:1c:01:53:d4:6d:dc:45:a4:4c:c6:bb:51:eb:
                    52:22:5c:20:aa:b1:f1:c2:4f:86:4e:2d:a7:8b:75:
                    de:35:3e:56:43:ef:36:ea:14:38:6c:5e:9c:08:29:
                    a8:8b:f6:fb:59:15:47:f5:a2:04:f5:41:f4:83:2d:
                    82:84:06:01:aa:33:87:09:19:07:c6:52:56:a7:5c:
                    00:bc:de:d7:48:72:8a:2d:26:6f:82:73:4b:d8:fb:
                    57:6d:99:6b:f5:49:2f:46:e4:de:2e:08:e9:89:89:
                    da:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:AF:EE:65:DE:51:21:DB:DC:09:C9:C8:AE:49:7D:D5:07:F6:98:5C
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/BK_uZd5RIdvcCcnIrkl91Qf2mFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:3c:35:a6:67:9d:d6:eb:8e:22:fe:dd:17:f8:67:20:9e:6f:
         12:8f:18:bc:23:eb:68:71:16:32:e4:75:fc:27:11:b5:fe:d5:
         d8:74:c1:cc:b8:35:27:50:3c:2f:6a:75:9d:b8:99:ea:46:d6:
         a9:a7:38:07:3e:71:33:eb:bc:55:94:1e:9f:66:9d:85:84:c2:
         83:dc:10:d9:54:b9:14:6a:37:2f:9f:8d:1b:eb:fd:da:da:18:
         42:73:4e:50:59:ac:9e:b0:6d:a4:8e:57:fd:15:cc:81:76:3f:
         e6:ca:fb:39:0d:22:6c:4b:63:c2:54:b0:95:9c:06:1d:20:19:
         f0:0b:b6:09:7f:3e:c0:8c:5f:e2:0e:e4:4d:44:65:42:9c:b9:
         44:92:54:c8:08:07:1f:85:b0:f5:5c:dc:7b:84:a1:d2:fa:07:
         28:a4:4f:af:c7:1c:29:4b:6d:76:29:cd:9c:83:ec:20:24:42:
         43:84:29:39:ee:fb:7e:c5:fd:4c:e7:80:8c:a5:44:e0:6b:76:
         8b:db:21:96:6c:30:23:90:ee:ea:d4:d4:dd:52:aa:f4:7c:7a:
         2d:c8:32:07:ce:79:68:c3:ac:ee:64:41:35:dd:e5:64:fa:68:
         80:38:5a:d1:2f:b9:66:2c:72:a9:f8:04:ca:65:b1:c7:b6:d9:
         a9:1d:77:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Ub6HHy6SBPI58FwBKylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjYwMTAxMTQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGFmZWU2NWRlNTEyMWRiZGMwOWM5YzhhZTQ5N2RkNTA3ZjY5ODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqUfjuq+yYWJj4BljAos/ZKxWGBI
VYR2hln0OfIcWPo5hQAiU9+usE0T7QdSPH+q0PFkV+X0nyZs7EiKVWLuFQYR0/8A
ztE4GepMUz1E8cNv/QNI8kAk/Fws3k+5eWzfAAmuQqhxFioIdIE90mxOe7G72jj4
YnzecgZP1evg1xH0aSc4aCrecOgSQ/AJ4pkjovA2ZhrQ+xwBU9Rt3EWkTMa7UetS
IlwgqrHxwk+GTi2ni3XeNT5WQ+826hQ4bF6cCCmoi/b7WRVH9aIE9UH0gy2ChAYB
qjOHCRkHxlJWp1wAvN7XSHKKLSZvgnNL2PtXbZlr9UkvRuTeLgjpiYna5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASv7mXeUSHb3AnJyK5JfdUH9phcMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvQktfdVpkNVJJZHZjQ2NuSXJrbDkxUWYybUZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4yUMA0G
CSqGSIb3DQEBCwUAA4IBAQDJPDWmZ53W644i/t0X+Gcgnm8Sjxi8I+tocRYy5HX8
JxG1/tXYdMHMuDUnUDwvanWduJnqRtappzgHPnEz67xVlB6fZp2FhMKD3BDZVLkU
ajcvn40b6/3a2hhCc05QWayesG2kjlf9FcyBdj/myvs5DSJsS2PCVLCVnAYdIBnw
C7YJfz7AjF/iDuRNRGVCnLlEklTICAcfhbD1XNx7hKHS+gcopE+vxxwpS212Kc2c
g+wgJEJDhCk57vt+xf1M54CMpUTga3aL2yGWbDAjkO7q1NTdUqr0fHotyDIHznlo
w6zuZEE13eVk+miAOFrRL7lmLHKp+ATKZbHHttmpHXdY
-----END CERTIFICATE-----