This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/BAXXlSV06uuaY8KhG2sNC8heH1s.roa
File:                     BAXXlSV06uuaY8KhG2sNC8heH1s.roa (raw, json)
Hash identifier:          ajZgoDJ8e9hLXYtp4Hn5DX0X8/kHLIPyvG3eppF2AQs=
Subject key identifier:   04:05:D7:95:25:74:EA:EB:9A:63:C2:A1:1B:6B:0D:0B:C8:5E:1F:5B
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       019B7CECC293BB34275854EEB9AA9301A0FB
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/BAXXlSV06uuaY8KhG2sNC8heH1s.roa
Signing time:             Fri 02 Jan 2026 04:17:29 +0000
ROA not before:           Fri 02 Jan 2026 04:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206092
IP address blocks:        146.247.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:c2:93:bb:34:27:58:54:ee:b9:aa:93:01:a0:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Jan  2 04:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0405d7952574eaeb9a63c2a11b6b0d0bc85e1f5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:07:1f:af:bd:3a:50:e6:85:8d:e2:d1:ea:db:
                    88:26:68:c5:3c:c9:a2:f1:1d:3c:a5:73:67:d2:46:
                    0d:6e:83:6d:82:82:c7:6a:f7:58:a1:c8:cc:09:a6:
                    9b:ca:7f:ab:4d:74:aa:42:9a:09:3c:4e:15:14:4e:
                    44:36:97:ba:25:bc:7d:b0:00:aa:5c:ab:6a:f5:35:
                    e9:c6:42:bf:09:4b:0f:cd:c5:91:ef:88:36:e1:a0:
                    6e:08:cb:d6:e6:8b:56:1b:8b:ee:ee:5e:b9:95:3c:
                    93:17:c9:c3:82:62:2c:52:29:ae:8f:8c:d1:a0:d3:
                    6d:21:55:ea:6b:a6:0f:d1:c9:0c:72:44:ca:a8:83:
                    aa:f7:13:d6:b8:5b:11:5e:e8:3c:6f:3a:d5:11:fa:
                    9a:fb:07:fb:10:00:48:57:f4:2a:c5:c3:e7:8f:b3:
                    e3:1e:f0:10:e6:db:d3:bf:c7:7c:8e:6c:3e:d1:0c:
                    69:ac:f0:d2:77:e0:c0:ff:cf:43:76:9d:1a:6a:ae:
                    da:a8:51:a0:da:70:2e:d1:e8:f1:ac:c9:f6:a7:95:
                    39:17:a7:b6:ad:6b:b5:3b:67:18:2f:0d:29:cb:01:
                    46:d4:9a:90:e6:b9:f1:42:fa:14:d3:86:64:5a:3f:
                    73:be:83:20:e5:20:7e:3e:fd:1e:51:8d:26:3b:0d:
                    20:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:05:D7:95:25:74:EA:EB:9A:63:C2:A1:1B:6B:0D:0B:C8:5E:1F:5B
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/BAXXlSV06uuaY8KhG2sNC8heH1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:0c:8b:25:16:98:1c:29:19:32:4d:a9:9e:ec:65:ed:cc:c0:
         d3:b1:27:e0:ff:46:33:8f:f1:f1:e8:8e:c2:ec:90:0e:2d:56:
         91:c1:3d:76:25:33:c4:39:cb:77:c3:6a:8d:04:7d:5e:88:0d:
         86:8f:98:50:34:89:3b:61:23:21:8e:4c:7e:6a:28:84:44:95:
         c3:8b:09:82:0c:ea:b2:2e:9e:47:6b:2d:e9:e2:5c:fb:81:7d:
         11:9e:3d:b8:e5:51:eb:10:f3:ee:32:39:6f:b8:24:77:d7:97:
         fa:3d:c7:25:e6:ae:27:f0:5f:0b:36:db:09:c6:b1:d6:50:d6:
         88:5d:32:38:98:d4:fd:16:9a:e6:bb:db:9a:61:8d:fc:3b:9f:
         f6:11:29:6d:ba:88:0c:4f:b4:6c:0e:c2:b1:43:a3:11:c1:bc:
         7a:1b:f2:c7:4b:93:d9:34:47:2c:c7:e7:f0:c9:6f:80:85:38:
         74:ad:54:99:d6:b8:6a:bc:7b:ec:1a:03:3c:52:5c:87:76:8d:
         5f:52:a8:05:d3:41:39:16:5f:2b:ec:b5:e1:38:96:9b:ea:10:
         d8:e4:a9:99:b8:a3:53:d0:2b:7d:c4:6d:c0:1e:11:b2:2f:39:
         4c:4b:48:6f:50:25:01:42:7b:ad:53:a8:4a:38:ea:14:05:7e:
         61:ed:45:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87MKTuzQnWFTuuaqTAaD7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjYwMTAyMDQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA1ZDc5NTI1NzRlYWViOWE2M2MyYTExYjZiMGQwYmM4NWUxZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gcfr706UOaFjeLR6tuIJmjFPMmi
8R08pXNn0kYNboNtgoLHavdYocjMCaabyn+rTXSqQpoJPE4VFE5ENpe6Jbx9sACq
XKtq9TXpxkK/CUsPzcWR74g24aBuCMvW5otWG4vu7l65lTyTF8nDgmIsUimuj4zR
oNNtIVXqa6YP0ckMckTKqIOq9xPWuFsRXug8bzrVEfqa+wf7EABIV/QqxcPnj7Pj
HvAQ5tvTv8d8jmw+0QxprPDSd+DA/89Ddp0aaq7aqFGg2nAu0ejxrMn2p5U5F6e2
rWu1O2cYLw0pywFG1JqQ5rnxQvoU04ZkWj9zvoMg5SB+Pv0eUY0mOw0gAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQF15UldOrrmmPCoRtrDQvIXh9bMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvQkFYWGxTVjA2dXVhWThLaEcyc05DOGhlSDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvd7MA0G
CSqGSIb3DQEBCwUAA4IBAQBmDIslFpgcKRkyTame7GXtzMDTsSfg/0Yzj/Hx6I7C
7JAOLVaRwT12JTPEOct3w2qNBH1eiA2Gj5hQNIk7YSMhjkx+aiiERJXDiwmCDOqy
Lp5Hay3p4lz7gX0Rnj245VHrEPPuMjlvuCR315f6Pccl5q4n8F8LNtsJxrHWUNaI
XTI4mNT9Fprmu9uaYY38O5/2ESltuogMT7RsDsKxQ6MRwbx6G/LHS5PZNEcsx+fw
yW+AhTh0rVSZ1rhqvHvsGgM8UlyHdo1fUqgF00E5Fl8r7LXhOJab6hDY5KmZuKNT
0Ct9xG3AHhGyLzlMS0hvUCUBQnutU6hKOOoUBX5h7UVF
-----END CERTIFICATE-----