This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/VHTezWH7PF8XYyinWvLQSdLirIo.roa
File:                     VHTezWH7PF8XYyinWvLQSdLirIo.roa (raw, json)
Hash identifier:          G21prvPwFpFtpTkNE/06nds8TG9ODrPN69mRhqerBUg=
Subject key identifier:   54:74:DE:CD:61:FB:3C:5F:17:63:28:A7:5A:F2:D0:49:D2:E2:AC:8A
Certificate issuer:       /CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
Certificate serial:       019B77C66A3306CC4BB921FBA4452DEC2820
Authority key identifier: 2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/VHTezWH7PF8XYyinWvLQSdLirIo.roa
Signing time:             Thu 01 Jan 2026 04:17:30 +0000
ROA not before:           Thu 01 Jan 2026 04:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199009
IP address blocks:        2a0e:eac0:2020::/44 maxlen: 48
                          2a0e:eac0:2020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:6a:33:06:cc:4b:b9:21:fb:a4:45:2d:ec:28:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
        Validity
            Not Before: Jan  1 04:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5474decd61fb3c5f176328a75af2d049d2e2ac8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:c1:d3:0d:06:1b:bb:a3:dd:d4:6b:d8:7a:
                    f7:60:14:67:5a:f4:e6:ea:e6:1d:bd:49:51:24:a4:
                    8d:e6:6e:be:67:57:0d:85:e5:84:f0:70:c9:5b:96:
                    c3:b8:d7:5b:59:76:0a:bb:87:4d:8b:1d:92:cc:9b:
                    ef:e8:df:d2:00:38:c0:1b:4e:dc:78:cf:a6:37:9e:
                    f2:87:61:ea:e9:1c:20:63:1e:df:0b:ba:03:84:09:
                    30:27:51:4c:30:5d:b5:6d:7b:b6:f5:2d:c0:69:82:
                    67:92:49:23:38:5f:ee:29:56:57:12:3f:c5:86:a0:
                    52:45:32:31:c2:27:89:72:6c:7a:82:34:40:25:0e:
                    33:13:bd:f0:c5:d0:e1:a8:af:2b:32:82:09:b9:35:
                    0a:2b:0a:ab:ed:eb:7d:b8:d6:29:cb:ac:2d:1e:c0:
                    48:a3:79:f1:7f:c9:09:80:ca:98:3e:ec:49:e9:3f:
                    93:d2:94:33:5e:f1:1c:43:bd:4e:37:9e:b0:4a:59:
                    05:f5:6e:bb:14:e5:9a:ff:26:45:c8:56:01:49:48:
                    c2:f4:17:be:5b:e4:ea:90:77:76:8a:94:c3:58:e5:
                    e1:9f:93:19:e1:01:60:ce:f4:ef:fe:b6:67:11:d9:
                    cd:93:5c:a8:d3:b1:04:bf:5d:15:4a:09:c6:f9:fe:
                    b7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:74:DE:CD:61:FB:3C:5F:17:63:28:A7:5A:F2:D0:49:D2:E2:AC:8A
            X509v3 Authority Key Identifier:
                keyid:2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/VHTezWH7PF8XYyinWvLQSdLirIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eac0:2020::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:42:36:39:74:92:25:c2:06:72:41:37:ce:c1:d3:b4:1d:e6:
         90:ce:b8:c0:9e:57:3f:05:00:82:96:73:d1:33:71:9d:7e:bd:
         de:45:d5:6c:9b:07:68:6c:6c:ab:0d:44:61:c1:77:92:8c:74:
         9d:c1:12:c3:d7:dc:52:df:6e:77:33:01:01:da:84:54:ff:90:
         c7:f8:7d:86:70:a3:f3:92:36:66:68:db:f2:e2:12:c0:df:5f:
         e7:f9:4f:59:0c:e2:e5:0b:cd:06:b8:57:33:37:6b:19:8f:e4:
         86:63:6b:0e:81:d7:81:f3:6f:d6:8f:1a:ba:26:a8:2c:77:bf:
         31:10:d5:9a:7f:25:ee:24:99:1c:e2:52:d6:f2:2e:98:cf:9d:
         c4:d7:d1:45:b0:0b:51:20:1a:e4:d6:e0:2c:17:fe:57:dc:66:
         17:6f:d8:81:5f:57:1e:9e:8a:b0:96:94:c4:cc:67:d3:a0:50:
         a5:4b:f3:9c:c7:12:eb:87:f1:94:0d:24:41:ea:b2:b7:5f:63:
         73:3b:76:bc:ff:c3:bd:dd:11:77:87:70:54:77:3d:88:81:1c:
         d4:a7:d7:c8:ed:43:7f:dd:1a:ed:f4:e1:b4:3d:7b:78:8b:c7:
         e2:35:64:b1:cc:c2:39:b2:0e:56:d3:b7:0f:8a:e4:3f:d3:6c:
         95:f9:3d:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xmozBsxLuSH7pEUt7CggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQ3ZTUxOTFmODFmZjBhMTlmMTAyYjE3MThhYjRmOWUw
ZWEzYTAwHhcNMjYwMTAxMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDc0ZGVjZDYxZmIzYzVmMTc2MzI4YTc1YWYyZDA0OWQyZTJhYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRPB0w0GG7uj3dRr2Hr3YBRnWvTm
6uYdvUlRJKSN5m6+Z1cNheWE8HDJW5bDuNdbWXYKu4dNix2SzJvv6N/SADjAG07c
eM+mN57yh2Hq6RwgYx7fC7oDhAkwJ1FMMF21bXu29S3AaYJnkkkjOF/uKVZXEj/F
hqBSRTIxwieJcmx6gjRAJQ4zE73wxdDhqK8rMoIJuTUKKwqr7et9uNYpy6wtHsBI
o3nxf8kJgMqYPuxJ6T+T0pQzXvEcQ71ON56wSlkF9W67FOWa/yZFyFYBSUjC9Be+
W+TqkHd2ipTDWOXhn5MZ4QFgzvTv/rZnEdnNk1yo07EEv10VSgnG+f63IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFR03s1h+zxfF2Mop1ry0EnS4qyKMB8GA1UdIwQY
MBaAFCttflGR+B/woZ8QKxcYq0+eDqOgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAt
MDBjYTMxMjZiM2ZlLzEvVkhUZXpXSDdQRjhYWXlpbld2TFFTZExpcklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAtMDBjYTMxMjZiM2Zl
LzEvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg7qwCAg
MA0GCSqGSIb3DQEBCwUAA4IBAQANQjY5dJIlwgZyQTfOwdO0HeaQzrjAnlc/BQCC
lnPRM3Gdfr3eRdVsmwdobGyrDURhwXeSjHSdwRLD19xS3253MwEB2oRU/5DH+H2G
cKPzkjZmaNvy4hLA31/n+U9ZDOLlC80GuFczN2sZj+SGY2sOgdeB82/Wjxq6Jqgs
d78xENWafyXuJJkc4lLW8i6Yz53E19FFsAtRIBrk1uAsF/5X3GYXb9iBX1cenoqw
lpTEzGfToFClS/OcxxLrh/GUDSRB6rK3X2NzO3a8/8O93RF3h3BUdz2IgRzUp9fI
7UN/3Rrt9OG0PXt4i8fiNWSxzMI5sg5W07cPiuQ/02yV+T3d
-----END CERTIFICATE-----