This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/beRNZVAtAWiOfxZLwz9Tb3epajM.roa
File:                     beRNZVAtAWiOfxZLwz9Tb3epajM.roa (raw, json)
Hash identifier:          pv5BVmzc3/x0DZzp0BIh9wKZN12+///ave9ZheyD4wo=
Subject key identifier:   6D:E4:4D:65:50:2D:01:68:8E:7F:16:4B:C3:3F:53:6F:77:A9:6A:33
Certificate issuer:       /CN=89a041670001660a3720b77d764d836852190138
Certificate serial:       019B2D27EB76B61A1A9172D68048AE57A586
Authority key identifier: 89:A0:41:67:00:01:66:0A:37:20:B7:7D:76:4D:83:68:52:19:01:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iaBBZwABZgo3ILd9dk2DaFIZATg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/beRNZVAtAWiOfxZLwz9Tb3epajM.roa
Signing time:             Wed 17 Dec 2025 16:32:29 +0000
ROA not before:           Wed 17 Dec 2025 16:32:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        95.128.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/iaBBZwABZgo3ILd9dk2DaFIZATg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/iaBBZwABZgo3ILd9dk2DaFIZATg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iaBBZwABZgo3ILd9dk2DaFIZATg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:2d:27:eb:76:b6:1a:1a:91:72:d6:80:48:ae:57:a5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a041670001660a3720b77d764d836852190138
        Validity
            Not Before: Dec 17 16:32:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6de44d65502d01688e7f164bc33f536f77a96a33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a5:b2:b5:3f:a4:31:8e:ec:87:66:32:cd:31:
                    45:84:24:0c:6e:19:ef:e7:80:fa:76:27:42:57:bb:
                    1e:fa:06:a8:9d:37:4a:a4:72:83:aa:e2:7a:4e:c8:
                    45:29:1c:c0:f0:71:f6:83:68:ad:25:53:7a:69:69:
                    e7:d7:3b:09:3f:12:eb:5e:ac:54:d5:a4:04:a9:31:
                    be:44:03:57:ec:8e:be:f7:8f:25:5f:8c:af:5b:e2:
                    bc:3c:73:65:8d:4a:f1:cc:08:38:6f:f9:80:d6:f1:
                    1f:61:1c:3d:2e:8a:be:96:6b:3b:52:ca:69:86:3d:
                    be:ae:1e:63:6a:31:94:6f:bc:d4:06:aa:fd:30:c3:
                    1d:c5:d0:07:d6:a9:de:5e:72:cb:a8:0e:28:cb:d0:
                    71:1a:6a:b9:91:e1:73:d8:ae:76:95:4d:e3:66:69:
                    0d:4a:34:d0:3f:8e:5c:3f:32:4a:91:40:9a:6b:bc:
                    2e:5f:72:bb:c8:27:29:f4:16:cd:39:61:6f:69:b3:
                    a9:e7:a7:93:25:78:03:97:07:32:21:f0:b6:16:0e:
                    f3:9a:88:ea:e8:be:12:98:a9:17:a3:b7:4d:8f:c5:
                    c3:32:0f:3b:f2:1f:93:8d:be:77:f7:9e:33:8d:90:
                    64:31:fa:cd:b7:df:d3:a8:22:29:33:33:d3:86:d6:
                    13:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E4:4D:65:50:2D:01:68:8E:7F:16:4B:C3:3F:53:6F:77:A9:6A:33
            X509v3 Authority Key Identifier:
                keyid:89:A0:41:67:00:01:66:0A:37:20:B7:7D:76:4D:83:68:52:19:01:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iaBBZwABZgo3ILd9dk2DaFIZATg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/beRNZVAtAWiOfxZLwz9Tb3epajM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/iaBBZwABZgo3ILd9dk2DaFIZATg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:0c:9a:e6:25:6d:4f:ec:3f:0b:88:75:14:35:42:bb:32:02:
         88:fe:9d:f5:7e:7e:63:51:8b:23:2e:d6:d0:9b:0c:aa:39:d1:
         43:50:d4:e5:14:82:3a:83:c8:b6:15:c9:43:69:f7:a7:da:bc:
         9b:df:e6:b1:01:1b:e6:74:44:53:e6:ec:6c:ec:da:b9:7b:3f:
         01:cb:bd:c8:cb:27:dd:9e:93:26:81:43:ce:47:c0:56:f1:a4:
         fd:3f:ec:6e:e3:d2:01:04:ff:e0:95:19:a1:78:5b:7c:0a:92:
         cc:a1:a3:69:bb:ad:24:dc:e2:62:ee:36:8e:f9:15:b9:11:9d:
         2f:ed:26:80:ed:31:24:45:b9:f4:bf:f3:77:e4:04:15:06:07:
         ea:38:f3:58:de:04:87:6a:dc:6a:e8:14:d2:8a:9c:49:03:3d:
         69:eb:a2:2a:5b:b0:9a:73:51:47:bc:f6:e9:25:92:50:6d:bd:
         c0:9d:bd:9d:cc:91:4d:c4:da:c9:79:cb:c2:76:bd:aa:25:86:
         6c:97:79:85:08:df:98:7b:1f:b9:3e:39:00:d5:22:7a:e3:19:
         2f:5b:b8:cb:30:56:70:76:d0:a7:3f:6d:f8:7c:83:e1:e7:16:
         67:8e:c2:37:13:67:df:39:09:79:f0:d4:96:01:5c:d9:02:1d:
         d0:45:3a:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZstJ+t2thoakXLWgEiuV6WGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTA0MTY3MDAwMTY2MGEzNzIwYjc3ZDc2NGQ4MzY4NTIx
OTAxMzgwHhcNMjUxMjE3MTYzMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGU0NGQ2NTUwMmQwMTY4OGU3ZjE2NGJjMzNmNTM2Zjc3YTk2YTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaWytT+kMY7sh2YyzTFFhCQMbhnv
54D6didCV7se+gaonTdKpHKDquJ6TshFKRzA8HH2g2itJVN6aWnn1zsJPxLrXqxU
1aQEqTG+RANX7I6+948lX4yvW+K8PHNljUrxzAg4b/mA1vEfYRw9Loq+lms7Uspp
hj2+rh5jajGUb7zUBqr9MMMdxdAH1qneXnLLqA4oy9BxGmq5keFz2K52lU3jZmkN
SjTQP45cPzJKkUCaa7wuX3K7yCcp9BbNOWFvabOp56eTJXgDlwcyIfC2Fg7zmojq
6L4SmKkXo7dNj8XDMg878h+Tjb53954zjZBkMfrNt9/TqCIpMzPThtYTfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3kTWVQLQFojn8WS8M/U293qWozMB8GA1UdIwQY
MBaAFImgQWcAAWYKNyC3fXZNg2hSGQE4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFCQlp3QUJaZ28zSUxkOWRrMkRhRklaQVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9kNDQ2OWEtMTNhOC00NzJjLWI0NmYt
NGJiNDE0NjIzYTE0LzEvYmVSTlpWQXRBV2lPZnhaTHd6OVRiM2VwYWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9kNDQ2OWEtMTNhOC00NzJjLWI0NmYtNGJiNDE0NjIzYTE0
LzEvaWFCQlp3QUJaZ28zSUxkOWRrMkRhRklaQVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CYMA0G
CSqGSIb3DQEBCwUAA4IBAQBCDJrmJW1P7D8LiHUUNUK7MgKI/p31fn5jUYsjLtbQ
mwyqOdFDUNTlFII6g8i2FclDafen2ryb3+axARvmdERT5uxs7Nq5ez8By73Iyyfd
npMmgUPOR8BW8aT9P+xu49IBBP/glRmheFt8CpLMoaNpu60k3OJi7jaO+RW5EZ0v
7SaA7TEkRbn0v/N35AQVBgfqOPNY3gSHatxq6BTSipxJAz1p66IqW7Cac1FHvPbp
JZJQbb3Anb2dzJFNxNrJecvCdr2qJYZsl3mFCN+Yex+5PjkA1SJ64xkvW7jLMFZw
dtCnP234fIPh5xZnjsI3E2ffOQl58NSWAVzZAh3QRTrY
-----END CERTIFICATE-----