This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/437150-783c-431a-b3fd-7c3d79401ec2/1/tVgtWKf3hovbROlWOuakv2HBNcQ.roa
File:                     tVgtWKf3hovbROlWOuakv2HBNcQ.roa (raw, json)
Hash identifier:          tZH+J6Wky64drRqnuI4atQm17bvmIikThIiw7SOfunU=
Subject key identifier:   B5:58:2D:58:A7:F7:86:8B:DB:44:E9:56:3A:E6:A4:BF:61:C1:35:C4
Certificate issuer:       /CN=40518ecbd6464d78ad451551648f9206f7fb5f42
Certificate serial:       019B78A24A667D02D8D34C29C09E3AC783F6
Authority key identifier: 40:51:8E:CB:D6:46:4D:78:AD:45:15:51:64:8F:92:06:F7:FB:5F:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QFGOy9ZGTXitRRVRZI-SBvf7X0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/437150-783c-431a-b3fd-7c3d79401ec2/1/tVgtWKf3hovbROlWOuakv2HBNcQ.roa
Signing time:             Thu 01 Jan 2026 08:17:40 +0000
ROA not before:           Thu 01 Jan 2026 08:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21473
IP address blocks:        138.222.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/437150-783c-431a-b3fd-7c3d79401ec2/1/QFGOy9ZGTXitRRVRZI-SBvf7X0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/437150-783c-431a-b3fd-7c3d79401ec2/1/QFGOy9ZGTXitRRVRZI-SBvf7X0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QFGOy9ZGTXitRRVRZI-SBvf7X0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:4a:66:7d:02:d8:d3:4c:29:c0:9e:3a:c7:83:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40518ecbd6464d78ad451551648f9206f7fb5f42
        Validity
            Not Before: Jan  1 08:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5582d58a7f7868bdb44e9563ae6a4bf61c135c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a5:61:b7:50:38:04:17:52:d2:9b:98:19:85:
                    19:7f:fb:cf:d5:e4:2a:3b:ac:b6:6a:2e:d3:e3:d4:
                    f5:cc:d7:0c:bf:e5:03:1b:83:ba:f1:22:53:0a:ae:
                    cf:55:2c:97:60:13:2c:9f:16:29:26:a4:24:78:ab:
                    08:2e:68:c8:7e:3e:8c:4d:26:0a:e1:4a:cb:aa:12:
                    af:73:cf:24:81:70:6e:53:87:37:0d:83:50:b0:65:
                    68:50:97:63:6c:70:b7:6d:81:ae:24:b8:ac:29:22:
                    7d:12:f1:0a:fb:c2:f9:29:ed:fe:51:9c:3d:5c:e2:
                    93:b2:77:5a:3d:be:d6:e0:29:a0:db:6b:11:22:44:
                    d7:7b:d4:7d:46:13:d8:1a:b3:a3:e9:41:d5:78:fc:
                    ce:2e:f9:db:55:d5:eb:3a:90:5a:0c:22:b3:0c:0c:
                    56:ee:19:b9:75:13:18:33:f5:80:30:2b:4e:77:a5:
                    76:d1:fc:04:3f:44:da:36:81:0b:9a:5f:b7:70:c4:
                    e7:9e:e2:78:b4:df:bb:c6:3a:73:0d:2c:57:29:e5:
                    8c:9e:ca:66:b2:68:a7:60:02:12:f5:b2:00:14:68:
                    91:83:c3:f8:4e:97:a6:a1:43:b0:2a:df:29:de:f4:
                    d3:1e:cc:19:6c:de:e6:27:64:88:da:cf:86:db:f9:
                    10:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:58:2D:58:A7:F7:86:8B:DB:44:E9:56:3A:E6:A4:BF:61:C1:35:C4
            X509v3 Authority Key Identifier:
                keyid:40:51:8E:CB:D6:46:4D:78:AD:45:15:51:64:8F:92:06:F7:FB:5F:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QFGOy9ZGTXitRRVRZI-SBvf7X0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/437150-783c-431a-b3fd-7c3d79401ec2/1/tVgtWKf3hovbROlWOuakv2HBNcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/437150-783c-431a-b3fd-7c3d79401ec2/1/QFGOy9ZGTXitRRVRZI-SBvf7X0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.222.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:d7:bc:cb:60:ca:29:9f:ed:3a:7a:9f:b2:f5:86:7f:70:a3:
         7e:c2:f8:57:ac:ff:f0:ab:b2:07:f6:08:71:b3:20:d3:e5:ec:
         49:46:6b:18:c6:20:cf:ed:9f:af:5a:45:73:e1:05:2d:f8:d4:
         62:a0:ff:89:60:95:87:54:58:b1:8a:ed:bf:4f:46:d5:5e:3b:
         b4:7d:10:29:72:c4:09:b2:ae:51:f7:90:97:3b:51:4a:88:16:
         c6:3c:89:bc:20:4e:2e:f6:b6:53:22:2c:1b:ec:8a:72:fa:82:
         21:63:4f:34:75:e2:2d:fa:28:e3:23:dc:48:d1:98:c2:95:d9:
         1f:53:ea:d0:b7:16:89:2f:95:35:ee:65:01:0b:14:58:58:87:
         b1:4e:33:12:5f:ea:e1:0e:3f:b6:11:17:a0:b1:42:59:04:71:
         a5:d9:6e:7d:0c:f4:e5:ae:9c:f6:f8:29:12:41:20:02:a1:a9:
         93:29:9c:c8:df:20:5c:e6:26:eb:c2:91:08:dd:c1:97:23:d0:
         bb:8f:25:9a:3d:36:89:f8:d5:63:80:0b:81:0e:00:78:46:d8:
         ee:93:08:b7:7e:a6:0d:56:1d:85:88:6e:81:ef:6a:5e:fa:d8:
         7a:0e:ae:7c:75:b3:ea:3f:14:34:3d:6e:fb:0a:81:54:3a:02:
         77:ea:88:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4okpmfQLY00wpwJ46x4P2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNTE4ZWNiZDY0NjRkNzhhZDQ1MTU1MTY0OGY5MjA2Zjdm
YjVmNDIwHhcNMjYwMTAxMDgxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTU4MmQ1OGE3Zjc4NjhiZGI0NGU5NTYzYWU2YTRiZjYxYzEzNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqVht1A4BBdS0puYGYUZf/vP1eQq
O6y2ai7T49T1zNcMv+UDG4O68SJTCq7PVSyXYBMsnxYpJqQkeKsILmjIfj6MTSYK
4UrLqhKvc88kgXBuU4c3DYNQsGVoUJdjbHC3bYGuJLisKSJ9EvEK+8L5Ke3+UZw9
XOKTsndaPb7W4Cmg22sRIkTXe9R9RhPYGrOj6UHVePzOLvnbVdXrOpBaDCKzDAxW
7hm5dRMYM/WAMCtOd6V20fwEP0TaNoELml+3cMTnnuJ4tN+7xjpzDSxXKeWMnspm
sminYAIS9bIAFGiRg8P4TpemoUOwKt8p3vTTHswZbN7mJ2SI2s+G2/kQXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVYLVin94aL20TpVjrmpL9hwTXEMB8GA1UdIwQY
MBaAFEBRjsvWRk14rUUVUWSPkgb3+19CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUZHT3k5WkdUWGl0UlJWUlpJLVNCdmY3WDBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni80MzcxNTAtNzgzYy00MzFhLWIzZmQt
N2MzZDc5NDAxZWMyLzEvdFZndFdLZjNob3ZiUk9sV091YWt2MkhCTmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni80MzcxNTAtNzgzYy00MzFhLWIzZmQtN2MzZDc5NDAxZWMy
LzEvUUZHT3k5WkdUWGl0UlJWUlpJLVNCdmY3WDBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAit5IMA0G
CSqGSIb3DQEBCwUAA4IBAQBr17zLYMopn+06ep+y9YZ/cKN+wvhXrP/wq7IH9ghx
syDT5exJRmsYxiDP7Z+vWkVz4QUt+NRioP+JYJWHVFixiu2/T0bVXju0fRApcsQJ
sq5R95CXO1FKiBbGPIm8IE4u9rZTIiwb7Ipy+oIhY080deIt+ijjI9xI0ZjCldkf
U+rQtxaJL5U17mUBCxRYWIexTjMSX+rhDj+2ERegsUJZBHGl2W59DPTlrpz2+CkS
QSACoamTKZzI3yBc5ibrwpEI3cGXI9C7jyWaPTaJ+NVjgAuBDgB4Rtjukwi3fqYN
Vh2FiG6B72pe+th6Dq58dbPqPxQ0PW77CoFUOgJ36ogO
-----END CERTIFICATE-----