This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/VXiNyOdsOXCFTgyfrrZA_8BMZR0.roa
File:                     VXiNyOdsOXCFTgyfrrZA_8BMZR0.roa (raw, json)
Hash identifier:          pELMx1f1M83UZRqJfnbVYj9OTRiewgnk4FieswJJgw4=
Subject key identifier:   55:78:8D:C8:E7:6C:39:70:85:4E:0C:9F:AE:B6:40:FF:C0:4C:65:1D
Certificate issuer:       /CN=010a7d4c64aed4bc98c6b5b064ff0a9b82eada82
Certificate serial:       019B76EB4F9E6D91C5E3D5DAFA328660EB51
Authority key identifier: 01:0A:7D:4C:64:AE:D4:BC:98:C6:B5:B0:64:FF:0A:9B:82:EA:DA:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/VXiNyOdsOXCFTgyfrrZA_8BMZR0.roa
Signing time:             Thu 01 Jan 2026 00:18:11 +0000
ROA not before:           Thu 01 Jan 2026 00:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12301
IP address blocks:        91.220.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:4f:9e:6d:91:c5:e3:d5:da:fa:32:86:60:eb:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=010a7d4c64aed4bc98c6b5b064ff0a9b82eada82
        Validity
            Not Before: Jan  1 00:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55788dc8e76c3970854e0c9faeb640ffc04c651d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b9:d6:59:55:aa:e5:c5:b2:62:78:d1:83:86:
                    12:09:cf:e2:81:58:7e:d7:b9:2b:ef:cf:ca:dc:51:
                    dc:15:ef:d7:12:1c:b0:38:7c:2a:65:17:0d:df:16:
                    f0:c7:c1:7c:41:7d:23:66:ff:e1:b9:66:81:4c:08:
                    7d:2c:ac:f1:22:c8:35:3e:3c:cb:9b:c3:c3:3c:83:
                    dc:3b:e2:ea:11:cd:b9:b0:14:82:da:d9:01:38:33:
                    de:c4:3f:eb:4f:bc:f2:a8:1e:b7:a2:2e:27:cb:0f:
                    de:8d:34:4b:9f:dd:43:c5:ff:b0:38:b9:3e:8b:12:
                    d6:57:e9:f2:46:15:37:e5:1c:f0:8f:72:ae:17:fe:
                    78:83:d1:15:41:c3:a3:36:43:85:83:55:78:6a:c6:
                    d4:22:61:ba:df:a5:9b:77:15:96:09:18:7c:8d:c8:
                    a2:87:64:49:5f:8b:a6:3d:ac:c9:f6:4d:6a:da:45:
                    ce:36:83:6e:14:f3:7b:a7:6a:86:54:25:ef:85:4e:
                    b3:97:3c:e2:5a:bb:b9:5b:9f:28:f7:ed:2a:7b:b3:
                    93:c8:6c:23:7d:41:29:0f:f6:d2:11:a4:04:0d:a2:
                    f3:17:2d:3e:8b:ba:34:b2:25:b9:d7:5d:07:14:f2:
                    10:96:43:5f:b2:e4:56:35:ea:41:fc:e6:7f:69:88:
                    94:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:78:8D:C8:E7:6C:39:70:85:4E:0C:9F:AE:B6:40:FF:C0:4C:65:1D
            X509v3 Authority Key Identifier:
                keyid:01:0A:7D:4C:64:AE:D4:BC:98:C6:B5:B0:64:FF:0A:9B:82:EA:DA:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/VXiNyOdsOXCFTgyfrrZA_8BMZR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:5b:46:e3:b4:91:cf:20:6a:80:85:14:f6:ad:60:a3:0c:1b:
         24:f9:af:37:fa:5a:1e:e7:59:9e:f4:1a:ee:44:14:e8:32:ce:
         71:f3:94:d3:71:54:d5:b1:ac:64:bf:ed:4c:da:2d:d6:68:c2:
         37:5b:78:0c:3e:f4:4a:70:cf:3b:9d:f8:5e:95:5c:35:99:89:
         29:c4:37:a2:49:4b:8b:3d:d2:ba:76:80:07:05:53:de:26:17:
         74:ce:1f:de:4f:9f:3a:e7:f5:1c:2b:5a:9b:f4:8c:56:6a:aa:
         2f:4e:0e:60:91:ca:46:0b:a1:1c:3c:f0:d3:8f:d6:56:cb:6c:
         c9:2a:66:a5:60:f7:d6:66:4f:7b:49:d6:d0:c2:91:c6:1b:9c:
         fb:ed:6b:d1:ea:98:25:7c:38:59:af:cf:19:e4:38:28:99:00:
         46:e9:a0:33:1a:fd:fe:51:16:6f:d3:89:81:fb:2a:c3:35:ea:
         56:f5:57:89:a9:bb:64:a2:e4:8c:28:bd:e4:f5:ed:21:3c:4d:
         93:56:f7:b8:83:66:d8:59:c1:23:1e:c1:fd:67:37:dc:3e:79:
         fc:92:12:49:bd:a4:7b:47:f1:e8:4a:28:f2:1f:69:8e:91:30:
         3c:30:51:94:25:ba:58:f0:e8:34:d5:83:4e:9d:28:c0:f1:97:
         e5:ef:95:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260+ebZHF49Xa+jKGYOtRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMGE3ZDRjNjRhZWQ0YmM5OGM2YjViMDY0ZmYwYTliODJl
YWRhODIwHhcNMjYwMTAxMDAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTc4OGRjOGU3NmMzOTcwODU0ZTBjOWZhZWI2NDBmZmMwNGM2NTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bnWWVWq5cWyYnjRg4YSCc/igVh+
17kr78/K3FHcFe/XEhywOHwqZRcN3xbwx8F8QX0jZv/huWaBTAh9LKzxIsg1PjzL
m8PDPIPcO+LqEc25sBSC2tkBODPexD/rT7zyqB63oi4nyw/ejTRLn91Dxf+wOLk+
ixLWV+nyRhU35Rzwj3KuF/54g9EVQcOjNkOFg1V4asbUImG636WbdxWWCRh8jcii
h2RJX4umPazJ9k1q2kXONoNuFPN7p2qGVCXvhU6zlzziWru5W58o9+0qe7OTyGwj
fUEpD/bSEaQEDaLzFy0+i7o0siW5110HFPIQlkNfsuRWNepB/OZ/aYiUzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFV4jcjnbDlwhU4Mn662QP/ATGUdMB8GA1UdIwQY
MBaAFAEKfUxkrtS8mMa1sGT/CpuC6tqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVFwOVRHU3UxTHlZeHJXd1pQOEttNExxMm9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kMzM2M2UtNDgzMi00ZDU3LTlkYTUt
ZGJmNzZlZDM5MzlmLzEvVlhpTnlPZHNPWENGVGd5ZnJyWkFfOEJNWlIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kMzM2M2UtNDgzMi00ZDU3LTlkYTUtZGJmNzZlZDM5Mzlm
LzEvQVFwOVRHU3UxTHlZeHJXd1pQOEttNExxMm9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9z7MA0G
CSqGSIb3DQEBCwUAA4IBAQBlW0bjtJHPIGqAhRT2rWCjDBsk+a83+loe51me9Bru
RBToMs5x85TTcVTVsaxkv+1M2i3WaMI3W3gMPvRKcM87nfhelVw1mYkpxDeiSUuL
PdK6doAHBVPeJhd0zh/eT5865/UcK1qb9IxWaqovTg5gkcpGC6EcPPDTj9ZWy2zJ
KmalYPfWZk97SdbQwpHGG5z77WvR6pglfDhZr88Z5DgomQBG6aAzGv3+URZv04mB
+yrDNepW9VeJqbtkouSMKL3k9e0hPE2TVve4g2bYWcEjHsH9ZzfcPnn8khJJvaR7
R/HoSijyH2mOkTA8MFGUJbpY8Og01YNOnSjA8Zfl75Uj
-----END CERTIFICATE-----