This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/bnh9H9MtaO7JJkGv9fB6vzfbRL8.roa
File:                     bnh9H9MtaO7JJkGv9fB6vzfbRL8.roa (raw, json)
Hash identifier:          OarhJBM7HcEYsfcrksfUPdeB09DN8UfGjioylIK5c3k=
Subject key identifier:   6E:78:7D:1F:D3:2D:68:EE:C9:26:41:AF:F5:F0:7A:BF:37:DB:44:BF
Certificate issuer:       /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial:       019B79107DF62BE9BFEDED9A327BD02C5FCF
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/bnh9H9MtaO7JJkGv9fB6vzfbRL8.roa
Signing time:             Thu 01 Jan 2026 10:18:02 +0000
ROA not before:           Thu 01 Jan 2026 10:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205334
IP address blocks:        146.19.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:7d:f6:2b:e9:bf:ed:ed:9a:32:7b:d0:2c:5f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
        Validity
            Not Before: Jan  1 10:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e787d1fd32d68eec92641aff5f07abf37db44bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:42:7c:93:1a:ea:62:01:e0:60:28:f5:91:81:
                    d5:13:0d:01:b0:79:24:5d:e4:ea:3d:88:96:6c:87:
                    c3:c0:f6:eb:c5:90:0f:51:9c:76:0d:eb:6c:c1:ce:
                    28:f6:3a:6d:0e:d3:a4:41:05:0e:cf:5d:18:88:7e:
                    0d:66:c7:a6:76:8f:70:e2:1b:f2:8e:3e:90:b6:f0:
                    e7:43:59:83:48:e5:8f:b4:c0:fc:10:c2:53:1d:56:
                    7a:1b:18:10:be:2b:6e:4c:ea:f3:fb:dd:5a:f4:e1:
                    02:f2:9b:9c:d2:2e:c0:3b:27:89:fb:c4:5b:71:55:
                    5b:de:c6:60:f0:8f:b7:dc:9b:5c:6b:b6:40:d5:cb:
                    fe:7a:db:f7:87:b8:18:8d:be:41:b6:62:e5:e0:28:
                    1f:8a:73:2a:e4:a0:b7:f1:4b:d1:2c:91:01:6d:e2:
                    e6:4b:05:40:3a:38:9e:29:07:a5:6d:54:2e:41:d5:
                    15:9f:f4:c7:76:1c:23:8e:d9:1f:bd:33:09:f5:f8:
                    b5:d2:ad:ad:62:c1:fa:94:75:8d:ee:83:01:d6:63:
                    76:6a:0a:6a:3d:9c:ff:b9:66:cd:c3:0a:98:93:6c:
                    af:e5:ad:b2:6e:d2:0e:4e:fe:e2:cc:ad:53:ac:91:
                    ac:19:ef:ed:2c:31:81:49:2e:27:64:a9:b1:40:11:
                    0f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:78:7D:1F:D3:2D:68:EE:C9:26:41:AF:F5:F0:7A:BF:37:DB:44:BF
            X509v3 Authority Key Identifier:
                keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/bnh9H9MtaO7JJkGv9fB6vzfbRL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7a:74:d8:4c:ab:cc:c0:fc:0b:38:2a:5d:f7:7c:cd:ec:74:
         58:17:21:9b:c5:9b:a9:81:5f:8c:6f:81:24:2c:76:74:15:5b:
         e3:31:1f:1d:24:af:0c:e0:73:dc:f1:27:0c:77:3f:2b:a5:b1:
         51:3c:39:d0:13:47:6b:e8:74:03:26:d3:3e:48:72:b3:4b:5c:
         28:3b:f8:be:de:53:eb:b3:e0:52:78:1d:f9:e8:c5:9e:1f:69:
         15:46:4c:73:fb:45:f8:35:1c:ba:de:ca:36:f3:6d:62:7e:bc:
         c4:6d:ac:3d:30:88:63:0f:09:b9:29:21:c5:81:52:04:b2:28:
         71:83:86:4e:17:7e:f5:de:ff:cc:70:78:ab:8f:72:a8:05:aa:
         ed:a3:65:08:b6:2f:4f:e4:da:2f:b0:bb:e6:2b:21:d3:91:b6:
         b0:ca:33:1e:0c:a7:aa:df:61:6c:f9:ce:a0:41:fb:29:87:b8:
         33:7d:58:7f:f5:1f:40:29:c9:0d:30:b2:d3:96:ad:20:d3:e8:
         8f:0a:f8:6a:ee:a2:ac:04:87:96:77:01:b6:e9:75:d0:29:f4:
         5f:18:bc:8e:77:64:45:ad:ff:f8:72:c3:b9:e6:d6:2f:a1:07:
         30:a5:9e:02:27:aa:4a:bd:76:54:d3:d8:b5:28:13:a4:32:3e:
         3c:7b:f6:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EH32K+m/7e2aMnvQLF/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjYwMTAxMTAxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc4N2QxZmQzMmQ2OGVlYzkyNjQxYWZmNWYwN2FiZjM3ZGI0NGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkJ8kxrqYgHgYCj1kYHVEw0BsHkk
XeTqPYiWbIfDwPbrxZAPUZx2Detswc4o9jptDtOkQQUOz10YiH4NZsemdo9w4hvy
jj6QtvDnQ1mDSOWPtMD8EMJTHVZ6GxgQvituTOrz+91a9OEC8puc0i7AOyeJ+8Rb
cVVb3sZg8I+33Jtca7ZA1cv+etv3h7gYjb5BtmLl4CgfinMq5KC38UvRLJEBbeLm
SwVAOjieKQelbVQuQdUVn/THdhwjjtkfvTMJ9fi10q2tYsH6lHWN7oMB1mN2agpq
PZz/uWbNwwqYk2yv5a2ybtIOTv7izK1TrJGsGe/tLDGBSS4nZKmxQBEPlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG54fR/TLWjuySZBr/Xwer8320S/MB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvYm5oOUg5TXRhTzdKSmtHdjlmQjZ2emZiUkw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhN1MA0G
CSqGSIb3DQEBCwUAA4IBAQAuenTYTKvMwPwLOCpd93zN7HRYFyGbxZupgV+Mb4Ek
LHZ0FVvjMR8dJK8M4HPc8ScMdz8rpbFRPDnQE0dr6HQDJtM+SHKzS1woO/i+3lPr
s+BSeB356MWeH2kVRkxz+0X4NRy63so2821ifrzEbaw9MIhjDwm5KSHFgVIEsihx
g4ZOF3713v/McHirj3KoBarto2UIti9P5NovsLvmKyHTkbawyjMeDKeq32Fs+c6g
Qfsph7gzfVh/9R9AKckNMLLTlq0g0+iPCvhq7qKsBIeWdwG26XXQKfRfGLyOd2RF
rf/4csO55tYvoQcwpZ4CJ6pKvXZU09i1KBOkMj48e/bv
-----END CERTIFICATE-----