This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/VyKqzxZ8-5ygWJNcg4AE05d6_mE.roa
File:                     VyKqzxZ8-5ygWJNcg4AE05d6_mE.roa (raw, json)
Hash identifier:          eTq1Nu+al+6xzFG/LttgMYk2x81Ow2Yalg2eI2MZJbI=
Subject key identifier:   57:22:AA:CF:16:7C:FB:9C:A0:58:93:5C:83:80:04:D3:97:7A:FE:61
Certificate issuer:       /CN=a9dfc89812340507a2a2e1e74d11824def813f39
Certificate serial:       019B78A36F6A4F4682A144FE8DBC02A2D4FF
Authority key identifier: A9:DF:C8:98:12:34:05:07:A2:A2:E1:E7:4D:11:82:4D:EF:81:3F:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qd_ImBI0BQeiouHnTRGCTe-BPzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/VyKqzxZ8-5ygWJNcg4AE05d6_mE.roa
Signing time:             Thu 01 Jan 2026 08:18:55 +0000
ROA not before:           Thu 01 Jan 2026 08:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42160
IP address blocks:        91.234.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/qd_ImBI0BQeiouHnTRGCTe-BPzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/qd_ImBI0BQeiouHnTRGCTe-BPzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qd_ImBI0BQeiouHnTRGCTe-BPzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:6f:6a:4f:46:82:a1:44:fe:8d:bc:02:a2:d4:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9dfc89812340507a2a2e1e74d11824def813f39
        Validity
            Not Before: Jan  1 08:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5722aacf167cfb9ca058935c838004d3977afe61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:92:ad:97:1f:8b:a8:b6:f7:5e:f2:7a:de:87:
                    bb:d2:52:8c:12:2e:1f:4c:23:d1:41:47:70:ef:cc:
                    ad:bb:58:e1:bf:fd:69:f8:24:82:a5:72:a3:08:56:
                    d5:4b:f5:29:35:63:13:95:93:58:3e:39:12:d2:e5:
                    a0:05:4d:6a:f5:54:98:bc:6c:b9:71:00:d6:5e:97:
                    d6:2d:a0:fc:e1:22:2e:1f:1f:73:b3:7c:a5:1a:03:
                    24:b1:81:90:72:be:76:e2:b0:62:46:04:f6:70:29:
                    ed:02:f2:2d:59:80:5a:83:30:2c:64:97:a3:19:b5:
                    22:a1:71:9e:74:99:14:02:52:7d:59:f2:65:50:b0:
                    cf:7f:88:a8:ed:7b:5e:f2:a5:bf:99:29:a3:bb:79:
                    9d:3e:3d:c6:a8:fb:cd:a5:61:76:62:88:bb:84:43:
                    3d:20:2c:4c:47:6b:ea:f2:c6:83:47:54:e5:63:97:
                    ee:6d:81:62:52:5f:b4:28:3b:d8:e0:8f:1e:2e:26:
                    c0:72:9e:93:fa:f8:ee:f7:44:2a:e1:a8:87:71:8f:
                    ce:28:7b:18:b7:d5:f6:39:73:02:09:b9:20:ca:a0:
                    12:75:9d:4d:c3:8b:4e:64:81:03:2e:a3:7a:c6:85:
                    6c:06:59:a0:ba:eb:71:12:39:94:c8:eb:98:5a:20:
                    94:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:22:AA:CF:16:7C:FB:9C:A0:58:93:5C:83:80:04:D3:97:7A:FE:61
            X509v3 Authority Key Identifier:
                keyid:A9:DF:C8:98:12:34:05:07:A2:A2:E1:E7:4D:11:82:4D:EF:81:3F:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qd_ImBI0BQeiouHnTRGCTe-BPzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/VyKqzxZ8-5ygWJNcg4AE05d6_mE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/qd_ImBI0BQeiouHnTRGCTe-BPzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:60:72:56:32:50:ae:b2:85:cb:59:65:27:1e:8b:fa:24:f9:
         c3:a8:62:9d:4c:af:ae:7b:55:77:6e:17:24:7d:7b:52:ab:e4:
         25:e4:90:d1:dc:e0:2e:64:f2:4a:95:92:06:ab:79:8e:a8:94:
         0e:a5:1b:6b:fe:ce:b7:36:97:4f:6a:53:c4:20:b6:f9:3e:d2:
         19:38:8e:61:1a:6b:a9:c2:42:59:51:8a:5a:f3:a1:e2:04:a6:
         8d:b8:56:08:32:31:c8:bc:f6:0c:6e:5f:f8:46:6e:31:91:81:
         33:e1:2c:fa:20:58:15:e6:72:48:42:6e:12:93:45:50:b3:81:
         27:50:cb:f1:e9:59:32:fa:39:5d:de:2c:27:cb:5d:2a:38:49:
         e3:d4:8b:73:30:d2:29:26:a6:39:6c:b2:02:4b:86:0b:1c:e8:
         22:1b:e0:a7:38:76:8e:48:f6:e2:32:43:21:b2:49:05:99:ef:
         9d:13:3c:41:cc:1c:30:9a:68:74:18:c1:96:2e:75:dd:66:71:
         00:17:f9:5d:f2:12:72:42:fc:4b:5e:89:f7:9e:83:51:98:8f:
         22:e9:eb:c5:25:de:e7:d7:a8:94:c0:2d:f3:aa:3e:79:77:ba:
         c4:ec:87:30:e2:ab:17:7f:d2:7f:fc:1b:df:26:3d:e6:b1:0d:
         00:31:2b:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o29qT0aCoUT+jbwCotT/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZGZjODk4MTIzNDA1MDdhMmEyZTFlNzRkMTE4MjRkZWY4
MTNmMzkwHhcNMjYwMTAxMDgxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzIyYWFjZjE2N2NmYjljYTA1ODkzNWM4MzgwMDRkMzk3N2FmZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJKtlx+LqLb3XvJ63oe70lKMEi4f
TCPRQUdw78ytu1jhv/1p+CSCpXKjCFbVS/UpNWMTlZNYPjkS0uWgBU1q9VSYvGy5
cQDWXpfWLaD84SIuHx9zs3ylGgMksYGQcr524rBiRgT2cCntAvItWYBagzAsZJej
GbUioXGedJkUAlJ9WfJlULDPf4io7Xte8qW/mSmju3mdPj3GqPvNpWF2Yoi7hEM9
ICxMR2vq8saDR1TlY5fubYFiUl+0KDvY4I8eLibAcp6T+vju90Qq4aiHcY/OKHsY
t9X2OXMCCbkgyqASdZ1Nw4tOZIEDLqN6xoVsBlmguutxEjmUyOuYWiCUVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFciqs8WfPucoFiTXIOABNOXev5hMB8GA1UdIwQY
MBaAFKnfyJgSNAUHoqLh500Rgk3vgT85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRfSW1CSTBCUWVpb3VIblRSR0NUZS1CUHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mN2Q1OGUtMzNkYS00MzE5LWI1NGIt
NzA0NDAzZmZmODJlLzEvVnlLcXp4WjgtNXlnV0pOY2c0QUUwNWQ2X21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mN2Q1OGUtMzNkYS00MzE5LWI1NGItNzA0NDAzZmZmODJl
LzEvcWRfSW1CSTBCUWVpb3VIblRSR0NUZS1CUHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rLMA0G
CSqGSIb3DQEBCwUAA4IBAQBGYHJWMlCusoXLWWUnHov6JPnDqGKdTK+ue1V3bhck
fXtSq+Ql5JDR3OAuZPJKlZIGq3mOqJQOpRtr/s63NpdPalPEILb5PtIZOI5hGmup
wkJZUYpa86HiBKaNuFYIMjHIvPYMbl/4Rm4xkYEz4Sz6IFgV5nJIQm4Sk0VQs4En
UMvx6Vky+jld3iwny10qOEnj1ItzMNIpJqY5bLICS4YLHOgiG+CnOHaOSPbiMkMh
skkFme+dEzxBzBwwmmh0GMGWLnXdZnEAF/ld8hJyQvxLXon3noNRmI8i6evFJd7n
16iUwC3zqj55d7rE7Icw4qsXf9J//BvfJj3msQ0AMSuJ
-----END CERTIFICATE-----