This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/bpUtIFcpj0wFmx0CClP1L0TgIfY.roa
File:                     bpUtIFcpj0wFmx0CClP1L0TgIfY.roa (raw, json)
Hash identifier:          JpwXWXow0nu1gKjNId4RQPrmV9a8gFVj5DrvmpBJ7Ac=
Subject key identifier:   6E:95:2D:20:57:29:8F:4C:05:9B:1D:02:0A:53:F5:2F:44:E0:21:F6
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       019B7EA6A3E5A94E74DECE23A6A7F40980AD
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/bpUtIFcpj0wFmx0CClP1L0TgIfY.roa
Signing time:             Fri 02 Jan 2026 12:20:08 +0000
ROA not before:           Fri 02 Jan 2026 12:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     140693
IP address blocks:        157.23.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:a3:e5:a9:4e:74:de:ce:23:a6:a7:f4:09:80:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  2 12:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e952d2057298f4c059b1d020a53f52f44e021f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0e:a5:65:80:4e:b2:e3:25:5f:44:1b:6c:1a:
                    13:8b:12:85:a6:f6:b6:01:6b:38:38:da:00:48:5c:
                    16:89:7d:b3:3a:de:3e:94:7a:73:2d:be:dc:6b:2f:
                    fe:12:56:30:13:8a:e8:6a:19:86:ab:5d:fc:11:da:
                    68:5b:25:eb:73:b6:3a:89:9a:4b:fd:fa:d3:f7:7c:
                    50:81:f5:62:d8:81:f2:1d:a0:39:d6:32:3c:c1:88:
                    18:7a:1f:23:32:91:a2:74:72:f5:03:1b:10:8e:b3:
                    47:ed:52:ac:5d:2d:d9:cf:e3:d2:62:a9:d2:d9:c7:
                    7e:f1:aa:a1:62:2d:a5:70:7c:60:39:e9:09:cf:75:
                    f5:9f:ef:0b:06:28:08:66:36:ec:6d:b3:01:43:52:
                    34:81:dc:8a:8e:ee:d9:e5:69:37:ce:08:32:6d:9a:
                    ce:d3:44:81:89:37:c0:66:dd:af:16:0d:28:e1:7f:
                    41:c1:2b:03:e3:6e:1b:f1:13:02:af:70:02:9a:ac:
                    aa:ee:e4:da:44:8f:84:3e:af:0c:4e:c8:ca:ed:c1:
                    fa:c2:1c:1d:ef:03:9f:b6:25:61:b2:83:d6:9f:5f:
                    9f:07:83:dc:d2:0b:6c:0a:22:e7:9b:d3:eb:b3:db:
                    a7:d7:d7:f4:20:99:4e:8d:83:91:13:7d:f9:82:6f:
                    9a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:95:2D:20:57:29:8F:4C:05:9B:1D:02:0A:53:F5:2F:44:E0:21:F6
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/bpUtIFcpj0wFmx0CClP1L0TgIfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7a:b7:01:66:46:4d:58:b5:10:73:e7:f9:46:b1:1b:89:f3:
         f5:29:58:de:36:79:5e:49:e6:74:fc:17:ff:ae:61:29:ba:fa:
         b0:61:04:ef:36:e7:45:7f:b9:99:f2:5f:82:93:1a:b8:25:1f:
         60:84:68:7d:46:44:21:54:a1:e3:4e:12:7e:d7:ac:25:df:f9:
         f7:d2:04:af:51:c5:02:37:9c:c6:a4:33:f5:3b:da:00:0a:45:
         ca:af:0b:08:20:f2:b3:41:61:d9:11:6f:9b:75:7b:1f:b9:11:
         d7:82:2d:26:dc:1f:5a:14:fb:d4:9d:05:47:b3:f5:53:12:16:
         9e:42:1f:73:77:7e:61:47:d1:57:18:c6:c9:aa:77:48:22:01:
         ea:dc:1f:76:a6:a6:24:b2:ee:07:e9:b8:ab:f4:2e:8a:69:21:
         91:e5:82:17:c6:b2:7d:c8:21:5f:e7:3d:a9:64:07:e6:56:04:
         f1:75:64:15:7e:b2:aa:1c:c0:a9:51:7b:73:8c:42:34:32:20:
         82:22:cb:28:c5:ca:f2:9d:49:3e:43:9c:29:14:90:a3:7b:72:
         00:46:69:c6:bf:72:fb:36:39:a1:c2:8e:6e:25:78:2d:ed:51:
         ff:40:94:1e:71:b4:a1:12:f7:20:60:bb:c5:62:3a:5a:25:cc:
         05:ff:d2:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pqPlqU503s4jpqf0CYCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjYwMTAyMTIyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk1MmQyMDU3Mjk4ZjRjMDU5YjFkMDIwYTUzZjUyZjQ0ZTAyMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQ6lZYBOsuMlX0QbbBoTixKFpva2
AWs4ONoASFwWiX2zOt4+lHpzLb7cay/+ElYwE4roahmGq138EdpoWyXrc7Y6iZpL
/frT93xQgfVi2IHyHaA51jI8wYgYeh8jMpGidHL1AxsQjrNH7VKsXS3Zz+PSYqnS
2cd+8aqhYi2lcHxgOekJz3X1n+8LBigIZjbsbbMBQ1I0gdyKju7Z5Wk3zggybZrO
00SBiTfAZt2vFg0o4X9BwSsD424b8RMCr3ACmqyq7uTaRI+EPq8MTsjK7cH6whwd
7wOftiVhsoPWn1+fB4Pc0gtsCiLnm9Prs9un19f0IJlOjYORE335gm+a0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6VLSBXKY9MBZsdAgpT9S9E4CH2MB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvYnBVdElGY3BqMHdGbXgwQ0NsUDFMMFRnSWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnRf4MA0G
CSqGSIb3DQEBCwUAA4IBAQAeercBZkZNWLUQc+f5RrEbifP1KVjeNnleSeZ0/Bf/
rmEpuvqwYQTvNudFf7mZ8l+Ckxq4JR9ghGh9RkQhVKHjThJ+16wl3/n30gSvUcUC
N5zGpDP1O9oACkXKrwsIIPKzQWHZEW+bdXsfuRHXgi0m3B9aFPvUnQVHs/VTEhae
Qh9zd35hR9FXGMbJqndIIgHq3B92pqYksu4H6bir9C6KaSGR5YIXxrJ9yCFf5z2p
ZAfmVgTxdWQVfrKqHMCpUXtzjEI0MiCCIssoxcrynUk+Q5wpFJCje3IARmnGv3L7
Njmhwo5uJXgt7VH/QJQecbShEvcgYLvFYjpaJcwF/9Kj
-----END CERTIFICATE-----