This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/bjsIhhJXYWOCxm3-u3SPbRaJhE8.roa
File:                     bjsIhhJXYWOCxm3-u3SPbRaJhE8.roa (raw, json)
Hash identifier:          k601NGiADY++m5H4zoT2dwbTutk80SSDZnVosaITtR0=
Subject key identifier:   6E:3B:08:86:12:57:61:63:82:C6:6D:FE:BB:74:8F:6D:16:89:84:4F
Certificate issuer:       /CN=34832317d2544434b659e5692071d8e4c4938b06
Certificate serial:       019B3B6EB4EE8155A0B386A1AD731DD83392
Authority key identifier: 34:83:23:17:D2:54:44:34:B6:59:E5:69:20:71:D8:E4:C4:93:8B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/bjsIhhJXYWOCxm3-u3SPbRaJhE8.roa
Signing time:             Sat 20 Dec 2025 11:04:29 +0000
ROA not before:           Sat 20 Dec 2025 11:04:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6204
IP address blocks:        176.28.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Dec 2025 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:3b:6e:b4:ee:81:55:a0:b3:86:a1:ad:73:1d:d8:33:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34832317d2544434b659e5692071d8e4c4938b06
        Validity
            Not Before: Dec 20 11:04:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e3b08861257616382c66dfebb748f6d1689844f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:83:18:7b:db:57:1c:b0:ff:7b:fe:88:8d:db:
                    ce:6a:6f:d4:ba:ec:6f:7c:e1:78:60:87:76:aa:15:
                    4c:14:5c:11:16:e3:fb:0d:01:be:f4:a0:e4:00:99:
                    53:21:d8:2c:7d:64:a0:58:19:82:07:d6:ac:7f:4a:
                    30:c3:6e:fd:a4:42:99:41:83:f3:c2:91:18:6b:0a:
                    45:93:ea:93:1d:66:1c:13:3d:a1:ff:d0:66:3b:28:
                    b6:d0:ba:a7:96:0a:8b:b3:0f:d0:3a:55:c0:b1:d7:
                    13:16:7c:cb:20:15:9a:48:9e:b8:03:95:9b:1a:f2:
                    4e:99:fc:ff:05:69:f3:69:66:70:97:b1:9e:1a:f1:
                    31:fc:cf:f6:d3:6a:24:f5:17:36:68:b3:6f:f5:71:
                    f1:da:63:4f:ed:39:9e:b6:e7:a2:0f:76:2d:ee:90:
                    2b:93:78:56:a2:9b:f4:7d:0b:c9:68:9f:1e:b8:2c:
                    37:2a:b2:97:a5:a0:65:54:09:14:40:50:0e:40:32:
                    df:7e:6e:d7:23:bb:8b:64:de:94:87:21:cb:3f:bb:
                    17:02:a1:da:00:38:3f:82:9b:70:92:08:7f:e3:85:
                    3c:bc:c0:24:d4:70:a5:54:22:fc:3d:89:53:85:fb:
                    3c:21:bf:0b:f6:78:1b:67:eb:95:a3:08:97:81:1b:
                    d5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:3B:08:86:12:57:61:63:82:C6:6D:FE:BB:74:8F:6D:16:89:84:4F
            X509v3 Authority Key Identifier:
                keyid:34:83:23:17:D2:54:44:34:B6:59:E5:69:20:71:D8:E4:C4:93:8B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/bjsIhhJXYWOCxm3-u3SPbRaJhE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.28.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:67:ae:8f:00:66:a8:6b:72:c2:51:84:84:28:1c:ed:d0:6c:
         c0:11:11:90:f8:0e:71:7d:e9:4b:af:3f:58:21:50:79:b0:ff:
         03:c6:37:fe:a9:c5:f2:d6:cc:20:5f:ed:b5:0a:77:aa:d3:72:
         9a:0b:cf:1f:af:5a:3c:dc:45:4d:93:fe:a9:bf:36:1f:14:c5:
         43:0e:0b:a4:26:69:11:ee:ce:4f:20:74:0f:f1:27:3a:0b:1c:
         b4:96:f7:dc:c7:77:03:a2:bb:85:2a:c1:d9:d3:6a:be:29:1a:
         0a:0c:c0:9a:e9:90:f9:65:22:de:6f:38:20:1e:f0:5b:f3:d8:
         92:2a:00:11:69:28:fc:17:a3:da:e6:42:c0:4a:93:5c:e1:ac:
         61:c7:4c:33:69:69:9a:94:f0:75:5c:87:8f:44:51:1c:e4:ed:
         dc:be:f0:7d:e2:ea:47:61:3b:4f:9b:fc:55:53:32:33:3f:39:
         df:26:11:57:d5:7d:ee:6a:f5:e1:d2:5c:ae:68:c2:2e:71:e2:
         71:47:08:24:d6:26:83:cb:a4:c8:e5:70:e0:0e:a1:76:ec:8f:
         47:d1:b6:f6:da:63:c2:c4:32:72:7a:c2:09:77:48:99:08:60:
         ad:be:bf:1c:50:0a:4a:04:5c:0b:16:b9:48:5b:ce:37:3c:95:
         c5:a3:04:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZs7brTugVWgs4ahrXMd2DOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ODMyMzE3ZDI1NDQ0MzRiNjU5ZTU2OTIwNzFkOGU0YzQ5
MzhiMDYwHhcNMjUxMjIwMTEwNDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTNiMDg4NjEyNTc2MTYzODJjNjZkZmViYjc0OGY2ZDE2ODk4NDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYMYe9tXHLD/e/6IjdvOam/Uuuxv
fOF4YId2qhVMFFwRFuP7DQG+9KDkAJlTIdgsfWSgWBmCB9asf0oww279pEKZQYPz
wpEYawpFk+qTHWYcEz2h/9BmOyi20LqnlgqLsw/QOlXAsdcTFnzLIBWaSJ64A5Wb
GvJOmfz/BWnzaWZwl7GeGvEx/M/202ok9Rc2aLNv9XHx2mNP7TmetueiD3Yt7pAr
k3hWopv0fQvJaJ8euCw3KrKXpaBlVAkUQFAOQDLffm7XI7uLZN6UhyHLP7sXAqHa
ADg/gptwkgh/44U8vMAk1HClVCL8PYlThfs8Ib8L9ngbZ+uVowiXgRvVRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG47CIYSV2FjgsZt/rt0j20WiYRPMB8GA1UdIwQY
MBaAFDSDIxfSVEQ0tlnlaSBx2OTEk4sGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklNakY5SlVSRFMyV2VWcElISFk1TVNUaXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81YTJlZDktOGY4ZS00YzFkLWFhZjMt
MzBjNjVhZDgzMjkxLzEvYmpzSWhoSlhZV09DeG0zLXUzU1BiUmFKaEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81YTJlZDktOGY4ZS00YzFkLWFhZjMtMzBjNjVhZDgzMjkx
LzEvTklNakY5SlVSRFMyV2VWcElISFk1TVNUaXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsBxMMA0G
CSqGSIb3DQEBCwUAA4IBAQBFZ66PAGaoa3LCUYSEKBzt0GzAERGQ+A5xfelLrz9Y
IVB5sP8Dxjf+qcXy1swgX+21Cneq03KaC88fr1o83EVNk/6pvzYfFMVDDgukJmkR
7s5PIHQP8Sc6Cxy0lvfcx3cDoruFKsHZ02q+KRoKDMCa6ZD5ZSLebzggHvBb89iS
KgARaSj8F6Pa5kLASpNc4axhx0wzaWmalPB1XIePRFEc5O3cvvB94upHYTtPm/xV
UzIzPznfJhFX1X3uavXh0lyuaMIuceJxRwgk1iaDy6TI5XDgDqF27I9H0bb22mPC
xDJyesIJd0iZCGCtvr8cUApKBFwLFrlIW843PJXFowSV
-----END CERTIFICATE-----