This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/bzKAo4zECLyu2L68XcJoXTVMySI.roa
File:                     bzKAo4zECLyu2L68XcJoXTVMySI.roa (raw, json)
Hash identifier:          kP2zT2S/KNqpadzxZxu4vmptHfecZRfN1dTF3IoZRnE=
Subject key identifier:   6F:32:80:A3:8C:C4:08:BC:AE:D8:BE:BC:5D:C2:68:5D:35:4C:C9:22
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       019B7D5D00CDDEBB8017F63BAAF9129335DA
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/bzKAo4zECLyu2L68XcJoXTVMySI.roa
Signing time:             Fri 02 Jan 2026 06:20:05 +0000
ROA not before:           Fri 02 Jan 2026 06:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43153
IP address blocks:        85.219.208.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:00:cd:de:bb:80:17:f6:3b:aa:f9:12:93:35:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  2 06:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f3280a38cc408bcaed8bebc5dc2685d354cc922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:2d:e8:f8:ad:01:e4:bf:0b:11:38:5f:d4:72:
                    71:af:26:8f:f2:d3:82:62:6a:cb:21:cf:36:12:8d:
                    d9:ce:3c:78:81:5e:f8:4a:78:8f:00:a1:a4:7f:9d:
                    29:12:4c:40:d2:2c:9c:3b:26:fa:6e:88:4f:ff:63:
                    d4:90:03:e9:ac:c5:3f:ee:2f:35:e8:ad:4f:a8:f5:
                    88:b9:6d:be:15:33:a4:31:8b:80:cd:6d:3e:15:de:
                    4f:8f:90:69:db:e3:4d:37:53:d8:af:77:a7:b1:f4:
                    0f:36:54:fc:fe:00:b0:c4:88:91:98:65:da:23:d2:
                    1a:93:63:12:0f:aa:93:4c:7d:cd:eb:2b:b9:0a:a2:
                    c3:57:55:58:43:6b:4b:4b:c7:da:f0:eb:50:9b:2a:
                    42:27:1b:e2:1e:37:c4:f4:5b:3c:b2:3c:b7:f3:17:
                    2b:3b:19:02:2e:2f:46:13:9d:f9:de:bb:b7:d3:fb:
                    5c:3d:aa:b2:73:bf:6d:35:d8:7e:34:20:2d:55:c1:
                    e0:d8:80:f6:7b:00:d7:cd:df:c7:19:e6:5e:ba:3c:
                    c6:13:64:1f:56:96:2b:1d:d3:51:ee:f1:d3:e4:84:
                    35:7a:60:af:94:87:aa:de:59:37:9b:93:c7:37:7d:
                    8c:d7:ac:70:5a:ba:1c:23:ce:67:29:73:22:71:02:
                    b3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:32:80:A3:8C:C4:08:BC:AE:D8:BE:BC:5D:C2:68:5D:35:4C:C9:22
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/bzKAo4zECLyu2L68XcJoXTVMySI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:25:e4:6c:3a:f8:cc:dd:7e:27:7c:d7:c8:98:57:14:c3:d9:
         e3:7f:d3:4e:14:d9:c1:5a:d9:db:75:c0:e1:c4:64:df:cb:86:
         d1:f2:fa:8c:10:f0:51:e8:01:26:35:35:69:83:92:35:53:75:
         f2:8a:6a:5f:2f:38:e4:24:c2:ac:2e:d1:a2:0e:93:b5:f0:71:
         98:17:d9:9f:a4:fa:a6:8c:51:97:41:89:4c:4b:24:bf:52:b2:
         26:d7:db:0b:9d:15:1d:af:7f:9c:eb:77:9c:b9:ee:74:95:88:
         65:11:cb:21:31:91:59:e4:9e:85:02:e5:82:15:8b:11:cc:7c:
         3d:c7:db:24:67:11:08:99:67:ac:f3:20:7c:e0:f7:47:dd:4a:
         31:21:b9:44:65:03:7a:de:ac:88:76:f9:24:be:e8:f4:91:36:
         0d:f0:4f:4e:bd:35:c6:e4:37:c9:2e:8b:6d:e0:1b:74:2b:eb:
         82:a3:35:fc:63:bc:2e:1c:98:6a:a2:4e:c1:98:f1:16:6a:8b:
         ef:81:bc:ea:ec:7d:46:07:1f:64:8d:fa:40:df:c3:bf:45:f6:
         e8:9c:ba:a1:84:c8:bb:49:f9:db:49:04:d7:38:86:dc:56:b5:
         a5:54:af:a8:90:9f:84:63:b4:a6:b9:f3:dd:8f:38:92:87:c2:
         52:85:56:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQDN3ruAF/Y7qvkSkzXaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjYwMTAyMDYyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjMyODBhMzhjYzQwOGJjYWVkOGJlYmM1ZGMyNjg1ZDM1NGNjOTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4y3o+K0B5L8LEThf1HJxryaP8tOC
YmrLIc82Eo3Zzjx4gV74SniPAKGkf50pEkxA0iycOyb6bohP/2PUkAPprMU/7i81
6K1PqPWIuW2+FTOkMYuAzW0+Fd5Pj5Bp2+NNN1PYr3ensfQPNlT8/gCwxIiRmGXa
I9Iak2MSD6qTTH3N6yu5CqLDV1VYQ2tLS8fa8OtQmypCJxviHjfE9Fs8sjy38xcr
OxkCLi9GE5353ru30/tcPaqyc79tNdh+NCAtVcHg2ID2ewDXzd/HGeZeujzGE2Qf
VpYrHdNR7vHT5IQ1emCvlIeq3lk3m5PHN32M16xwWrocI85nKXMicQKzAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8ygKOMxAi8rti+vF3CaF01TMkiMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvYnpLQW80ekVDTHl1Mkw2OFhjSm9YVFZNeVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVdvQMA0G
CSqGSIb3DQEBCwUAA4IBAQB7JeRsOvjM3X4nfNfImFcUw9njf9NOFNnBWtnbdcDh
xGTfy4bR8vqMEPBR6AEmNTVpg5I1U3XyimpfLzjkJMKsLtGiDpO18HGYF9mfpPqm
jFGXQYlMSyS/UrIm19sLnRUdr3+c63ecue50lYhlEcshMZFZ5J6FAuWCFYsRzHw9
x9skZxEImWes8yB84PdH3UoxIblEZQN63qyIdvkkvuj0kTYN8E9OvTXG5DfJLott
4Bt0K+uCozX8Y7wuHJhqok7BmPEWaovvgbzq7H1GBx9kjfpA38O/RfbonLqhhMi7
SfnbSQTXOIbcVrWlVK+okJ+EY7SmufPdjziSh8JShVbL
-----END CERTIFICATE-----