This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/vNzE5xMsU5yzGRSukoH_ztpCjao.roa
File:                     vNzE5xMsU5yzGRSukoH_ztpCjao.roa (raw, json)
Hash identifier:          HE3gn3vVBI6nPgvGdME4ssEZYBlEN8YwsdsyEiKntAU=
Subject key identifier:   BC:DC:C4:E7:13:2C:53:9C:B3:19:14:AE:92:81:FF:CE:DA:42:8D:AA
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       019B78A36BBEDFEDDAEED81DCC01EED51027
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/vNzE5xMsU5yzGRSukoH_ztpCjao.roa
Signing time:             Thu 01 Jan 2026 08:18:54 +0000
ROA not before:           Thu 01 Jan 2026 08:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39298
IP address blocks:        213.143.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:6b:be:df:ed:da:ee:d8:1d:cc:01:ee:d5:10:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: Jan  1 08:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bcdcc4e7132c539cb31914ae9281ffceda428daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cf:cd:77:5b:45:ec:fb:df:5b:8c:7d:3f:1e:
                    18:81:02:b9:cd:2e:00:f3:9a:ef:bb:be:ea:d5:6c:
                    a3:10:b8:8a:77:51:46:8b:6c:16:0c:ca:4f:75:ea:
                    2b:bc:25:80:71:cc:7b:bf:66:aa:9c:0d:ce:fe:e6:
                    e4:60:f3:2a:76:09:98:96:bf:52:b9:89:61:f7:7b:
                    34:49:b4:81:53:2e:89:84:3e:aa:13:c7:08:c2:74:
                    4a:a0:45:d7:3e:3e:5c:dc:39:99:23:04:9e:fc:30:
                    22:ad:6f:44:61:b4:22:48:c9:95:5e:9b:39:dc:53:
                    84:36:85:61:7e:f4:5c:70:89:26:36:cf:4e:39:46:
                    9e:63:4f:e4:ab:9a:8b:1e:2f:7a:01:25:15:c8:6a:
                    34:ba:63:97:cb:b9:96:88:98:54:61:fc:d6:1c:87:
                    71:0d:13:09:50:a2:16:77:db:cc:fe:3b:6d:3b:7d:
                    de:2c:33:81:8a:bc:e4:70:1e:48:3d:98:80:9c:72:
                    e7:bb:17:6f:4b:5b:51:f1:db:d9:34:d3:21:67:dc:
                    29:4f:dc:03:dd:e0:8a:8b:29:5d:59:96:93:f4:c6:
                    55:ac:36:8d:ff:53:11:1d:82:16:83:ad:bf:d5:ca:
                    b9:b6:ec:37:26:3d:c1:0f:85:99:a0:99:7f:29:80:
                    5b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DC:C4:E7:13:2C:53:9C:B3:19:14:AE:92:81:FF:CE:DA:42:8D:AA
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/vNzE5xMsU5yzGRSukoH_ztpCjao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.143.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:04:7d:08:ff:d7:d6:0d:e6:ec:be:c5:7d:e1:7a:a7:2e:e1:
         d9:02:58:21:b1:69:11:a7:eb:a1:ff:a1:81:8b:2c:71:6f:20:
         47:8e:54:f2:eb:08:aa:e6:bf:d8:5a:9b:c6:af:f9:a6:94:12:
         aa:26:8a:7d:68:52:43:48:88:c2:a9:08:bb:21:9e:92:5f:53:
         c6:d8:fc:ac:36:ab:6c:2a:40:59:d1:d2:45:74:2e:f5:8c:58:
         73:93:43:71:4f:d3:4f:0d:0f:c7:ce:eb:ab:21:e2:79:6b:4c:
         73:85:c5:69:2e:03:ee:4c:c7:51:c1:8e:4a:ac:eb:71:c0:ec:
         b8:0c:dd:6e:fb:37:c1:fb:ff:6c:8e:8f:f1:09:24:f0:69:28:
         98:62:e2:08:20:31:e5:fe:69:39:34:e4:b4:68:5f:df:d9:00:
         6e:af:c1:8c:f3:be:c0:12:f8:3a:41:07:8c:43:a6:bd:e1:ba:
         e9:84:98:63:fe:2a:0c:9f:74:9c:e2:9b:3a:d6:e9:ba:b9:12:
         47:07:99:f0:6e:df:2d:bd:1b:a8:bb:78:c6:d3:ab:ed:6f:8a:
         d6:f8:54:bc:9e:25:65:3e:97:84:78:02:cb:a7:6d:b0:72:2d:
         7b:a4:a4:32:8b:84:60:4e:f0:fe:7a:41:89:25:48:5e:04:1e:
         4d:ad:02:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2u+3+3a7tgdzAHu1RAnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjYwMTAxMDgxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RjYzRlNzEzMmM1MzljYjMxOTE0YWU5MjgxZmZjZWRhNDI4ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc/Nd1tF7PvfW4x9Px4YgQK5zS4A
85rvu77q1WyjELiKd1FGi2wWDMpPdeorvCWAccx7v2aqnA3O/ubkYPMqdgmYlr9S
uYlh93s0SbSBUy6JhD6qE8cIwnRKoEXXPj5c3DmZIwSe/DAirW9EYbQiSMmVXps5
3FOENoVhfvRccIkmNs9OOUaeY0/kq5qLHi96ASUVyGo0umOXy7mWiJhUYfzWHIdx
DRMJUKIWd9vM/jttO33eLDOBirzkcB5IPZiAnHLnuxdvS1tR8dvZNNMhZ9wpT9wD
3eCKiyldWZaT9MZVrDaN/1MRHYIWg62/1cq5tuw3Jj3BD4WZoJl/KYBbmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzcxOcTLFOcsxkUrpKB/87aQo2qMB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvdk56RTV4TXNVNXl6R1JTdWtvSF96dHBDamFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y/7MA0G
CSqGSIb3DQEBCwUAA4IBAQBIBH0I/9fWDebsvsV94XqnLuHZAlghsWkRp+uh/6GB
iyxxbyBHjlTy6wiq5r/YWpvGr/mmlBKqJop9aFJDSIjCqQi7IZ6SX1PG2PysNqts
KkBZ0dJFdC71jFhzk0NxT9NPDQ/HzuurIeJ5a0xzhcVpLgPuTMdRwY5KrOtxwOy4
DN1u+zfB+/9sjo/xCSTwaSiYYuIIIDHl/mk5NOS0aF/f2QBur8GM877AEvg6QQeM
Q6a94brphJhj/ioMn3Sc4ps61um6uRJHB5nwbt8tvRuou3jG06vtb4rW+FS8niVl
PpeEeALLp22wci17pKQyi4RgTvD+ekGJJUheBB5NrQKK
-----END CERTIFICATE-----