This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/VGWXxgnVjRzhnWv4xLC7nIAXaR8.roa
File:                     VGWXxgnVjRzhnWv4xLC7nIAXaR8.roa (raw, json)
Hash identifier:          b/7VbWeRSEWFgdp8+ZkMOanq2mlESLfiHeCuFxwqmRM=
Subject key identifier:   54:65:97:C6:09:D5:8D:1C:E1:9D:6B:F8:C4:B0:BB:9C:80:17:69:1F
Certificate issuer:       /CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Certificate serial:       019B7F1366C4A8EE12AD3A79D670C78691B9
Authority key identifier: 6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/VGWXxgnVjRzhnWv4xLC7nIAXaR8.roa
Signing time:             Fri 02 Jan 2026 14:18:56 +0000
ROA not before:           Fri 02 Jan 2026 14:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213282
IP address blocks:        185.211.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:66:c4:a8:ee:12:ad:3a:79:d6:70:c7:86:91:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
        Validity
            Not Before: Jan  2 14:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=546597c609d58d1ce19d6bf8c4b0bb9c8017691f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:65:64:26:22:5b:95:50:99:54:5e:33:ef:f4:
                    7a:94:4e:e6:22:ef:74:89:d9:1f:eb:98:4c:a0:e2:
                    56:64:fe:4d:78:48:35:3e:ab:31:72:f6:e8:b7:c3:
                    9a:26:80:9f:b0:ab:b9:f5:ee:18:4d:38:3e:f1:6d:
                    80:8f:9c:d7:e5:a2:79:eb:8d:b8:46:13:f5:f5:ae:
                    b1:76:8e:dc:58:37:c2:dd:13:69:4b:66:71:68:1d:
                    2d:24:6d:f9:26:3d:8d:59:ad:ca:bb:4c:11:50:64:
                    dd:8a:ad:ac:b9:1e:7c:fd:7b:3b:b9:e3:8f:51:42:
                    0f:2d:83:47:c9:dc:7d:3b:79:38:e4:bb:32:f8:7b:
                    a1:16:65:a1:5b:07:ea:9d:79:79:15:86:97:e2:b3:
                    ba:01:11:66:fd:17:14:32:d6:c7:d2:99:d0:f7:f5:
                    a6:69:5a:e9:c2:05:a3:a4:e9:83:8d:ce:32:5b:da:
                    70:78:6c:46:52:10:84:50:84:c1:d1:b2:aa:e3:3a:
                    41:50:e9:cd:90:eb:b7:14:6e:25:34:12:90:8c:fb:
                    aa:d2:d6:36:cb:b4:58:68:50:54:3d:4c:b4:2e:51:
                    2f:8a:de:b7:88:fb:0d:08:99:be:b3:94:f6:fe:ab:
                    a8:26:0a:a5:48:1f:69:df:7a:cd:9b:d5:93:e8:1b:
                    eb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:65:97:C6:09:D5:8D:1C:E1:9D:6B:F8:C4:B0:BB:9C:80:17:69:1F
            X509v3 Authority Key Identifier:
                keyid:6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/VGWXxgnVjRzhnWv4xLC7nIAXaR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d4:7e:5f:e0:f2:e4:98:ae:d2:84:bd:a0:9f:5e:bf:76:9b:
         11:36:bb:93:3d:90:a0:03:8c:8e:5e:cc:f3:cf:44:01:f0:8f:
         0f:ce:e8:87:1d:f4:50:b9:20:8a:34:8c:42:69:63:c6:4f:a6:
         de:d8:95:7b:7a:91:9f:72:e2:04:55:8d:5f:20:4f:9b:50:61:
         b8:b5:50:66:4e:e8:f5:1a:7a:98:0b:43:95:90:bd:8b:02:90:
         4f:df:34:24:f3:7f:d7:33:98:55:72:53:e7:fb:d4:fe:9c:32:
         7a:e3:60:28:2b:63:83:df:32:1c:25:e0:52:71:c4:35:f4:6b:
         c0:bf:14:d0:d8:4f:3c:ae:53:9e:3b:51:fa:65:e0:fe:16:b5:
         d6:c8:18:d8:59:81:f8:0b:2b:ba:70:78:46:e1:f1:aa:18:06:
         33:0f:76:29:93:36:c8:f6:3a:37:b6:fb:fb:46:5e:44:67:10:
         54:d5:0f:71:67:c3:5b:80:fa:42:a8:71:c8:c2:b2:f1:ea:64:
         7c:5b:09:61:7f:4c:72:c2:c8:79:f1:0b:06:60:ad:2d:c6:6f:
         17:71:9f:ed:de:21:41:ab:02:b7:8d:ed:80:4a:77:d1:8c:18:
         7d:98:60:83:2a:65:9f:7b:e6:96:ea:0d:de:24:9b:f6:8a:a4:
         49:da:c0:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E2bEqO4SrTp51nDHhpG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzI1MGE1YzFiZGFiNzRiMWJkMjNjMDFjNTRhOGQ3MGI2
ZGVmMjAwHhcNMjYwMTAyMTQxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDY1OTdjNjA5ZDU4ZDFjZTE5ZDZiZjhjNGIwYmI5YzgwMTc2OTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWVkJiJblVCZVF4z7/R6lE7mIu90
idkf65hMoOJWZP5NeEg1Pqsxcvbot8OaJoCfsKu59e4YTTg+8W2Aj5zX5aJ56424
RhP19a6xdo7cWDfC3RNpS2ZxaB0tJG35Jj2NWa3Ku0wRUGTdiq2suR58/Xs7ueOP
UUIPLYNHydx9O3k45Lsy+HuhFmWhWwfqnXl5FYaX4rO6ARFm/RcUMtbH0pnQ9/Wm
aVrpwgWjpOmDjc4yW9pweGxGUhCEUITB0bKq4zpBUOnNkOu3FG4lNBKQjPuq0tY2
y7RYaFBUPUy0LlEvit63iPsNCJm+s5T2/quoJgqlSB9p33rNm9WT6BvrswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRll8YJ1Y0c4Z1r+MSwu5yAF2kfMB8GA1UdIwQY
MBaAFGwyUKXBvat0sb0jwBxUqNcLbe8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEt
MjU0NDY4M2FhMTI1LzEvVkdXWHhnblZqUnpobld2NHhMQzduSUFYYVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEtMjU0NDY4M2FhMTI1
LzEvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudNkMA0G
CSqGSIb3DQEBCwUAA4IBAQA+1H5f4PLkmK7ShL2gn16/dpsRNruTPZCgA4yOXszz
z0QB8I8PzuiHHfRQuSCKNIxCaWPGT6be2JV7epGfcuIEVY1fIE+bUGG4tVBmTuj1
GnqYC0OVkL2LApBP3zQk83/XM5hVclPn+9T+nDJ642AoK2OD3zIcJeBSccQ19GvA
vxTQ2E88rlOeO1H6ZeD+FrXWyBjYWYH4Cyu6cHhG4fGqGAYzD3YpkzbI9jo3tvv7
Rl5EZxBU1Q9xZ8NbgPpCqHHIwrLx6mR8Wwlhf0xywsh58QsGYK0txm8XcZ/t3iFB
qwK3je2ASnfRjBh9mGCDKmWfe+aW6g3eJJv2iqRJ2sDf
-----END CERTIFICATE-----