This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/vVhNtVNsCVeIUDedNR2pXiMXJ9I.roa
File:                     vVhNtVNsCVeIUDedNR2pXiMXJ9I.roa (raw, json)
Hash identifier:          Vxc5nIGp5qmqYCBfvRkwh/ne6MswcuhCDYcPNLnJgwM=
Subject key identifier:   BD:58:4D:B5:53:6C:09:57:88:50:37:9D:35:1D:A9:5E:23:17:27:D2
Certificate issuer:       /CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Certificate serial:       019B7F13666125CC0E3DBAF6CAEB1915390C
Authority key identifier: 6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/vVhNtVNsCVeIUDedNR2pXiMXJ9I.roa
Signing time:             Fri 02 Jan 2026 14:18:56 +0000
ROA not before:           Fri 02 Jan 2026 14:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204769
IP address blocks:        185.211.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:66:61:25:cc:0e:3d:ba:f6:ca:eb:19:15:39:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
        Validity
            Not Before: Jan  2 14:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd584db5536c09578850379d351da95e231727d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ff:4e:15:a4:af:47:f9:d4:43:26:b5:7a:f0:
                    73:68:ef:f5:02:38:9d:81:b7:b9:b6:0f:05:be:4f:
                    3f:df:26:6c:ac:c7:b0:2f:18:77:6c:01:b2:c8:4b:
                    8c:8b:09:29:4d:03:2e:26:07:c5:ad:dc:4f:1f:db:
                    10:a8:33:05:c4:c8:c7:5b:4f:8f:5c:db:d0:09:f8:
                    01:a0:fd:98:14:64:c8:26:91:37:ea:3e:13:b9:e2:
                    8e:91:93:93:e3:5c:a9:d8:d7:ec:a2:74:cf:96:fd:
                    cc:c6:1d:49:7b:03:aa:8e:7e:d6:8b:f1:4c:a0:ae:
                    76:6a:77:2d:d5:b8:3d:9a:be:72:fb:42:6b:5e:cd:
                    26:58:ec:f3:75:24:d7:60:21:8e:5d:3f:da:20:93:
                    6d:9f:37:b0:f2:3d:1d:16:66:88:90:65:cc:7a:54:
                    a8:85:7b:81:2c:1d:8e:49:3a:7d:66:7c:be:65:41:
                    09:5d:3a:47:3c:9c:0f:bd:4f:0b:54:57:5b:a4:f6:
                    53:79:83:f3:94:0f:1d:bb:ca:9a:71:cb:d2:3c:91:
                    fd:76:c4:fc:80:b2:41:26:f6:86:4f:a6:43:d2:dd:
                    db:dd:60:1c:a7:79:c0:92:5d:02:66:4a:ac:88:c1:
                    13:a0:d3:f2:64:36:3f:74:8b:fa:7b:8a:b1:cd:2f:
                    47:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:58:4D:B5:53:6C:09:57:88:50:37:9D:35:1D:A9:5E:23:17:27:D2
            X509v3 Authority Key Identifier:
                keyid:6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/vVhNtVNsCVeIUDedNR2pXiMXJ9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:08:27:e2:9e:c6:d4:3f:61:50:6b:c7:93:80:75:06:40:50:
         a6:67:41:b7:f7:a1:12:f3:36:85:03:30:67:77:d9:81:05:15:
         17:b6:b3:c7:63:fc:ad:08:e2:d8:d4:34:aa:7c:70:80:a3:29:
         f8:54:88:cc:f5:bf:c7:6a:e4:2c:75:6a:5f:28:fd:a8:18:ce:
         30:de:6e:b8:73:c8:e9:00:ee:89:0b:d2:bc:73:47:df:6f:fd:
         5e:af:16:94:a2:9c:d0:c8:d5:1e:7f:45:9f:13:47:e8:c4:a1:
         9f:17:f7:67:88:d7:03:00:b0:df:03:1c:e3:4c:6b:6f:cd:b4:
         14:e9:2a:9e:36:38:10:99:ac:93:42:0e:2b:41:f4:e9:f8:9c:
         7a:70:4a:9b:13:b8:0b:ac:38:a9:f9:2a:73:4d:d2:39:3f:96:
         e6:a6:4f:ba:78:a9:43:ed:7d:d6:95:df:3d:77:41:ef:0c:99:
         c4:17:f9:26:2a:f3:cf:16:93:a9:40:3d:cd:5b:e1:3f:e8:92:
         5c:00:21:3c:18:2f:3e:51:05:8c:10:fd:a4:2f:b9:8c:77:cb:
         d7:20:0b:58:9b:6e:18:0f:9a:8f:99:a4:89:ba:d5:cd:98:37:
         0a:8e:22:f9:1c:c3:53:fa:a3:50:37:a2:10:a7:c9:04:c1:df:
         69:c0:d2:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E2ZhJcwOPbr2yusZFTkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzI1MGE1YzFiZGFiNzRiMWJkMjNjMDFjNTRhOGQ3MGI2
ZGVmMjAwHhcNMjYwMTAyMTQxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDU4NGRiNTUzNmMwOTU3ODg1MDM3OWQzNTFkYTk1ZTIzMTcyN2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/9OFaSvR/nUQya1evBzaO/1Ajid
gbe5tg8Fvk8/3yZsrMewLxh3bAGyyEuMiwkpTQMuJgfFrdxPH9sQqDMFxMjHW0+P
XNvQCfgBoP2YFGTIJpE36j4TueKOkZOT41yp2NfsonTPlv3Mxh1JewOqjn7Wi/FM
oK52anct1bg9mr5y+0JrXs0mWOzzdSTXYCGOXT/aIJNtnzew8j0dFmaIkGXMelSo
hXuBLB2OSTp9Zny+ZUEJXTpHPJwPvU8LVFdbpPZTeYPzlA8du8qaccvSPJH9dsT8
gLJBJvaGT6ZD0t3b3WAcp3nAkl0CZkqsiMEToNPyZDY/dIv6e4qxzS9HiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1YTbVTbAlXiFA3nTUdqV4jFyfSMB8GA1UdIwQY
MBaAFGwyUKXBvat0sb0jwBxUqNcLbe8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEt
MjU0NDY4M2FhMTI1LzEvdlZoTnRWTnNDVmVJVURlZE5SMnBYaU1YSjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEtMjU0NDY4M2FhMTI1
LzEvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudNlMA0G
CSqGSIb3DQEBCwUAA4IBAQBkCCfinsbUP2FQa8eTgHUGQFCmZ0G396ES8zaFAzBn
d9mBBRUXtrPHY/ytCOLY1DSqfHCAoyn4VIjM9b/HauQsdWpfKP2oGM4w3m64c8jp
AO6JC9K8c0ffb/1erxaUopzQyNUef0WfE0foxKGfF/dniNcDALDfAxzjTGtvzbQU
6SqeNjgQmayTQg4rQfTp+Jx6cEqbE7gLrDip+SpzTdI5P5bmpk+6eKlD7X3Wld89
d0HvDJnEF/kmKvPPFpOpQD3NW+E/6JJcACE8GC8+UQWMEP2kL7mMd8vXIAtYm24Y
D5qPmaSJutXNmDcKjiL5HMNT+qNQN6IQp8kEwd9pwNLY
-----END CERTIFICATE-----