This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/Vh01heQZwiiV-5U2YWUI9ETdNp0.roa
File:                     Vh01heQZwiiV-5U2YWUI9ETdNp0.roa (raw, json)
Hash identifier:          NerAxUNFCszCX2X5F5Gpmh7sivfYufWqTOLrM/cv+gM=
Subject key identifier:   56:1D:35:85:E4:19:C2:28:95:FB:95:36:61:65:08:F4:44:DD:36:9D
Certificate issuer:       /CN=3deb104463e920b45542b6af1a27d5950e86e9a0
Certificate serial:       019B7F1538EE20A2100C88AE6CD5E4A37A87
Authority key identifier: 3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/Vh01heQZwiiV-5U2YWUI9ETdNp0.roa
Signing time:             Fri 02 Jan 2026 14:20:55 +0000
ROA not before:           Fri 02 Jan 2026 14:20:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200640
IP address blocks:        37.34.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:38:ee:20:a2:10:0c:88:ae:6c:d5:e4:a3:7a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb104463e920b45542b6af1a27d5950e86e9a0
        Validity
            Not Before: Jan  2 14:20:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=561d3585e419c22895fb9536616508f444dd369d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cb:24:ba:1d:bd:62:5e:bc:31:f3:c3:77:01:
                    80:9f:eb:c8:97:7e:0c:c8:0b:13:51:79:8d:72:29:
                    b1:62:dc:d5:9d:7c:6b:93:93:8c:13:7d:d1:bb:5f:
                    4e:a6:8b:22:53:3b:e6:77:e4:99:90:8f:25:45:f6:
                    e3:de:d0:18:96:91:fb:c3:9c:03:c1:0c:a7:83:a4:
                    b8:2d:30:67:9f:82:82:b6:e8:8e:af:08:34:2e:c7:
                    50:5f:a7:cc:1d:2e:5c:07:a5:0c:e4:80:3e:b0:37:
                    22:a1:d3:d8:6b:5c:d3:4d:81:43:62:72:c7:9d:54:
                    e7:fe:cd:15:a6:67:ee:1e:a0:cb:dd:2e:2d:e7:46:
                    89:c6:54:fa:ec:4a:fa:04:db:ea:02:32:80:27:a6:
                    d5:7b:e6:3a:3e:56:f8:b8:d1:e7:88:0b:92:8b:1e:
                    f1:47:e7:40:8b:30:b7:5c:42:9a:4d:7a:fb:a8:25:
                    d2:d5:38:73:6b:be:89:e3:d1:1e:43:08:dd:5e:87:
                    2e:d2:65:ad:00:5f:2b:5d:ca:2a:d8:c9:fe:80:d5:
                    8b:a0:77:9a:53:cb:68:75:6f:47:09:5d:7a:04:0f:
                    7b:ea:af:24:77:2f:fd:ab:3c:1c:c9:dc:5d:d5:38:
                    c5:a4:b2:c6:cf:65:dc:64:69:e3:74:bf:c7:02:e2:
                    59:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:1D:35:85:E4:19:C2:28:95:FB:95:36:61:65:08:F4:44:DD:36:9D
            X509v3 Authority Key Identifier:
                keyid:3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/Vh01heQZwiiV-5U2YWUI9ETdNp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:e6:52:6a:50:4a:db:27:91:1d:e9:cd:3b:54:ca:82:33:ab:
         b7:8f:84:b5:62:fb:b6:f9:37:13:1d:51:26:89:22:ca:b4:c5:
         56:d3:2d:47:ea:15:32:92:b9:7a:0e:48:f3:bc:15:67:fb:02:
         c0:f1:07:ef:aa:41:8d:87:4e:1e:18:56:11:a1:5a:c5:db:92:
         07:38:93:50:c5:32:6c:44:a3:a1:7c:77:f2:27:ae:1f:f3:e2:
         98:35:61:5a:d7:07:ca:30:d9:ec:5f:2a:d9:ae:cb:4e:11:49:
         13:01:f7:d1:b5:98:41:62:c1:e0:e0:d3:2d:7c:12:1d:13:41:
         f2:70:f1:09:17:44:90:3d:34:61:c5:71:a0:d4:d2:2f:e4:9c:
         4a:46:a2:f3:c4:76:3e:b6:fb:95:89:bb:b5:b5:a3:a6:0f:6f:
         6d:37:2e:1f:a9:80:a6:56:32:d7:0c:dd:63:77:b0:b2:c3:38:
         26:8d:37:02:e0:7b:0c:7d:22:90:c3:e9:ff:5d:ee:17:60:fe:
         d3:1e:e7:0c:c6:66:45:9c:44:93:a0:64:5d:eb:56:a6:c0:1f:
         75:84:bf:2c:3f:8a:df:97:b5:4a:56:a7:48:23:3e:5d:92:2f:
         59:5b:f5:b1:27:47:7f:2d:8c:36:f0:ef:b3:8a:0f:02:e7:db:
         12:81:83:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FTjuIKIQDIiubNXko3qHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWIxMDQ0NjNlOTIwYjQ1NTQyYjZhZjFhMjdkNTk1MGU4
NmU5YTAwHhcNMjYwMTAyMTQyMDU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjFkMzU4NWU0MTljMjI4OTVmYjk1MzY2MTY1MDhmNDQ0ZGQzNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8skuh29Yl68MfPDdwGAn+vIl34M
yAsTUXmNcimxYtzVnXxrk5OME33Ru19OposiUzvmd+SZkI8lRfbj3tAYlpH7w5wD
wQyng6S4LTBnn4KCtuiOrwg0LsdQX6fMHS5cB6UM5IA+sDciodPYa1zTTYFDYnLH
nVTn/s0VpmfuHqDL3S4t50aJxlT67Er6BNvqAjKAJ6bVe+Y6Plb4uNHniAuSix7x
R+dAizC3XEKaTXr7qCXS1Thza76J49EeQwjdXocu0mWtAF8rXcoq2Mn+gNWLoHea
U8todW9HCV16BA976q8kdy/9qzwcydxd1TjFpLLGz2XcZGnjdL/HAuJZpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYdNYXkGcIolfuVNmFlCPRE3TadMB8GA1UdIwQY
MBaAFD3rEERj6SC0VUK2rxon1ZUOhumgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMt
MTE5ZDhiZjcxN2JiLzEvVmgwMWhlUVp3aWlWLTVVMllXVUk5RVRkTnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMtMTE5ZDhiZjcxN2Ji
LzEvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJSJkMA0G
CSqGSIb3DQEBCwUAA4IBAQAP5lJqUErbJ5Ed6c07VMqCM6u3j4S1Yvu2+TcTHVEm
iSLKtMVW0y1H6hUykrl6DkjzvBVn+wLA8QfvqkGNh04eGFYRoVrF25IHOJNQxTJs
RKOhfHfyJ64f8+KYNWFa1wfKMNnsXyrZrstOEUkTAffRtZhBYsHg4NMtfBIdE0Hy
cPEJF0SQPTRhxXGg1NIv5JxKRqLzxHY+tvuVibu1taOmD29tNy4fqYCmVjLXDN1j
d7CywzgmjTcC4HsMfSKQw+n/Xe4XYP7THucMxmZFnESToGRd61amwB91hL8sP4rf
l7VKVqdIIz5dki9ZW/WxJ0d/LYw28O+zig8C59sSgYMn
-----END CERTIFICATE-----