This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/BopDlTC0c6nAAQMLxaNBT2bRioY.roa
File:                     BopDlTC0c6nAAQMLxaNBT2bRioY.roa (raw, json)
Hash identifier:          ClZipMCtxvDV/URwc7VHRGmOhwVRxx+XMHEjapn8R+8=
Subject key identifier:   06:8A:43:95:30:B4:73:A9:C0:01:03:0B:C5:A3:41:4F:66:D1:8A:86
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019B783481B405695705EAAC313463F6F6D5
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/BopDlTC0c6nAAQMLxaNBT2bRioY.roa
Signing time:             Thu 01 Jan 2026 06:17:45 +0000
ROA not before:           Thu 01 Jan 2026 06:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203245
IP address blocks:        194.71.146.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:81:b4:05:69:57:05:ea:ac:31:34:63:f6:f6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  1 06:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=068a439530b473a9c001030bc5a3414f66d18a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:3b:89:be:5d:ac:04:fe:22:e5:ac:c9:bb:
                    60:27:ff:ef:14:06:da:c7:ee:18:5a:15:b2:2f:42:
                    6b:d9:15:74:bb:a8:fd:68:90:e1:68:0c:9f:55:40:
                    42:d7:f9:41:8c:b5:6f:36:ca:5a:5c:f3:45:34:c3:
                    a0:68:e7:cb:a0:8d:56:a0:f4:72:73:3f:8d:e3:50:
                    b2:00:4c:79:53:65:dc:02:51:c7:6d:e7:18:5f:0d:
                    6d:70:7a:20:ca:a5:98:d0:62:12:59:75:3c:2c:8f:
                    c5:89:24:0a:fc:1d:ed:0d:ab:3d:1d:82:23:32:22:
                    86:07:31:fe:55:d8:25:9d:80:51:3f:e7:64:a0:7c:
                    89:be:1b:a5:ad:18:34:78:7f:1b:d3:61:14:2a:98:
                    44:c2:22:c7:4d:51:bc:3b:f6:39:63:1e:10:74:4b:
                    b9:b5:0f:c5:0f:f0:11:54:3b:b0:de:56:b9:8b:82:
                    76:e9:a9:6f:67:42:bf:27:56:4f:1c:93:a2:6c:f5:
                    01:f2:19:76:d3:a1:51:76:e2:49:57:1a:bc:59:92:
                    50:26:57:96:d1:bf:f3:5d:44:82:bd:3c:b3:bb:9f:
                    5d:01:f5:96:a1:c0:e9:e6:c2:c6:62:38:9a:37:e8:
                    74:25:eb:7b:05:db:c3:4d:9c:7c:ce:cf:83:2d:01:
                    c1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:8A:43:95:30:B4:73:A9:C0:01:03:0B:C5:A3:41:4F:66:D1:8A:86
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/BopDlTC0c6nAAQMLxaNBT2bRioY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.71.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:88:78:c3:86:94:d8:be:aa:4b:88:32:db:7c:4d:a7:4a:68:
         05:48:fc:4d:ec:42:0e:1b:91:48:a5:3e:da:6a:01:ca:6a:69:
         28:85:09:9a:65:16:12:ac:af:a7:47:7e:c6:59:40:f8:fe:35:
         0f:25:94:c1:5f:d5:cc:1e:bd:fe:f2:2b:c8:32:da:e4:9b:3b:
         4a:6e:d5:0f:3d:b1:df:8e:58:46:40:f1:27:5c:d1:25:a3:83:
         96:43:72:1b:db:e7:83:c4:68:3c:8c:58:18:27:87:8c:0c:12:
         a2:b2:3c:cb:be:87:58:02:66:d8:a8:73:25:3a:4b:27:31:97:
         e0:ae:98:64:6c:af:24:c5:cd:f5:57:43:fd:4f:fe:f5:7c:08:
         73:b3:d8:4b:86:e7:cc:8c:71:d5:dc:3b:35:b2:76:29:70:c5:
         6a:09:19:0f:a2:19:6d:9d:d8:af:b4:4b:5d:49:b1:38:30:4f:
         f6:5c:1e:b2:0c:b6:d1:55:de:b5:cd:7b:cf:ac:c8:40:52:4b:
         cc:2b:f6:b2:ec:d4:22:67:99:51:b9:e4:26:49:76:31:de:1d:
         7f:27:66:e8:52:20:bc:d1:1b:77:94:5d:17:ad:1c:61:6e:2e:
         3d:51:d8:ff:49:02:16:25:60:04:8b:67:1e:5f:df:3d:da:63:
         b4:08:8e:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NIG0BWlXBeqsMTRj9vbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMTAxMDYxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjhhNDM5NTMwYjQ3M2E5YzAwMTAzMGJjNWEzNDE0ZjY2ZDE4YTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfA7ib5drAT+IuWsybtgJ//vFAba
x+4YWhWyL0Jr2RV0u6j9aJDhaAyfVUBC1/lBjLVvNspaXPNFNMOgaOfLoI1WoPRy
cz+N41CyAEx5U2XcAlHHbecYXw1tcHogyqWY0GISWXU8LI/FiSQK/B3tDas9HYIj
MiKGBzH+VdglnYBRP+dkoHyJvhulrRg0eH8b02EUKphEwiLHTVG8O/Y5Yx4QdEu5
tQ/FD/ARVDuw3la5i4J26alvZ0K/J1ZPHJOibPUB8hl206FRduJJVxq8WZJQJleW
0b/zXUSCvTyzu59dAfWWocDp5sLGYjiaN+h0Jet7BdvDTZx8zs+DLQHBlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaKQ5UwtHOpwAEDC8WjQU9m0YqGMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvQm9wRGxUQzBjNm5BQVFNTHhhTkJUMmJSaW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwkeSMA0G
CSqGSIb3DQEBCwUAA4IBAQARiHjDhpTYvqpLiDLbfE2nSmgFSPxN7EIOG5FIpT7a
agHKamkohQmaZRYSrK+nR37GWUD4/jUPJZTBX9XMHr3+8ivIMtrkmztKbtUPPbHf
jlhGQPEnXNElo4OWQ3Ib2+eDxGg8jFgYJ4eMDBKisjzLvodYAmbYqHMlOksnMZfg
rphkbK8kxc31V0P9T/71fAhzs9hLhufMjHHV3Ds1snYpcMVqCRkPohltndivtEtd
SbE4ME/2XB6yDLbRVd61zXvPrMhAUkvMK/ay7NQiZ5lRueQmSXYx3h1/J2boUiC8
0Rt3lF0XrRxhbi49Udj/SQIWJWAEi2ceX9892mO0CI6P
-----END CERTIFICATE-----