This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/vKDDTdeKpC38SOoCmTQDNYKcN_A.roa
File:                     vKDDTdeKpC38SOoCmTQDNYKcN_A.roa (raw, json)
Hash identifier:          1c+RNvMiXqFMlXYtXBUL17aJsh89UBFVQ2ryMtknJE4=
Subject key identifier:   BC:A0:C3:4D:D7:8A:A4:2D:FC:48:EA:02:99:34:03:35:82:9C:37:F0
Certificate issuer:       /CN=ec65d31440bf75d25c606f7915c236ca614464a2
Certificate serial:       019B7A5A18DB3A1F24E89AA43BD0EAA0A16D
Authority key identifier: EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/vKDDTdeKpC38SOoCmTQDNYKcN_A.roa
Signing time:             Thu 01 Jan 2026 16:18:03 +0000
ROA not before:           Thu 01 Jan 2026 16:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206953
IP address blocks:        91.150.186.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:18:db:3a:1f:24:e8:9a:a4:3b:d0:ea:a0:a1:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65d31440bf75d25c606f7915c236ca614464a2
        Validity
            Not Before: Jan  1 16:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bca0c34dd78aa42dfc48ea0299340335829c37f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:66:65:d1:27:eb:e2:bf:e7:c8:89:6b:84:86:
                    64:60:25:f7:4d:ec:70:c6:15:0b:46:b0:1b:b5:4c:
                    00:1f:7f:cb:51:db:af:ff:5a:0d:26:50:74:96:d6:
                    ea:63:34:63:cc:a3:37:c0:16:44:10:85:d2:1a:17:
                    70:bd:a6:05:4e:e6:1f:bc:f8:e0:38:89:54:c9:4a:
                    ac:ab:b2:56:76:65:b0:40:e8:e2:69:fa:f7:9c:62:
                    9b:e2:40:2d:47:e6:fe:c5:e3:59:8d:fd:69:b9:95:
                    a3:74:56:03:35:95:13:cb:b5:1d:d6:07:15:7d:af:
                    0d:aa:d0:6f:40:57:e9:3f:a9:83:71:98:3f:22:2e:
                    d0:46:f8:99:bc:e2:b5:43:88:b6:92:87:17:b9:28:
                    7f:33:88:55:6d:63:a8:ea:93:dd:91:38:65:d8:6c:
                    f6:37:b6:ff:44:16:38:6f:a7:6a:93:00:f9:d6:44:
                    15:3d:d6:87:1f:46:b6:5f:7f:9e:a0:1e:8e:5c:b4:
                    6f:61:4a:a2:19:47:79:32:ac:2e:f8:28:df:7f:d8:
                    a9:5b:03:5a:b6:43:ad:91:f7:e0:89:f1:68:48:ca:
                    06:f1:8e:78:d3:c0:08:ab:44:e5:4f:5d:5a:60:de:
                    59:e7:c6:c6:d1:55:d6:3d:63:0e:34:2e:a5:95:0e:
                    42:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A0:C3:4D:D7:8A:A4:2D:FC:48:EA:02:99:34:03:35:82:9C:37:F0
            X509v3 Authority Key Identifier:
                keyid:EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/vKDDTdeKpC38SOoCmTQDNYKcN_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.150.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:8b:46:e9:c8:23:0b:86:30:31:c6:0b:84:da:51:8c:28:95:
         d0:c8:3b:a4:94:a5:36:24:81:20:10:8d:9b:a9:0a:99:94:08:
         21:68:ac:35:2c:c7:5e:cb:da:ab:76:c6:e1:58:9a:4e:06:23:
         d1:dc:3f:e7:ca:22:9f:b8:44:e3:d5:24:47:77:42:da:e8:fc:
         56:46:cb:35:09:53:5e:b5:f9:a0:13:83:c9:66:3c:e0:74:0f:
         70:22:2b:27:9a:6b:0b:02:51:88:e9:af:40:9b:47:0e:d2:f7:
         3d:ea:e3:ed:b9:62:fa:87:35:89:f8:02:2d:fc:dd:2e:f8:a3:
         8e:26:17:ec:47:61:2c:0e:ac:43:71:a6:02:cc:f1:85:e4:96:
         88:72:77:ed:47:0a:bb:09:f7:04:49:20:5c:58:8b:93:d9:59:
         80:02:ba:e6:3f:2d:8b:ac:54:ea:ff:95:e1:c9:10:e3:17:c0:
         6a:81:b7:8b:d6:d5:6c:81:07:0a:48:ea:8b:78:dc:46:6f:eb:
         ab:2d:a3:14:cb:b0:92:58:db:cc:0f:7a:0e:bd:00:49:cd:ec:
         ff:28:5c:30:32:1f:ac:cc:69:3c:f9:77:42:8f:b9:2f:27:db:
         1f:45:88:c9:a0:87:a1:c3:ed:af:0d:65:92:3b:bf:6a:ab:1c:
         15:59:e6:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WhjbOh8k6JqkO9DqoKFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVkMzE0NDBiZjc1ZDI1YzYwNmY3OTE1YzIzNmNhNjE0
NDY0YTIwHhcNMjYwMTAxMTYxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2EwYzM0ZGQ3OGFhNDJkZmM0OGVhMDI5OTM0MDMzNTgyOWMzN2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGZl0Sfr4r/nyIlrhIZkYCX3Texw
xhULRrAbtUwAH3/LUduv/1oNJlB0ltbqYzRjzKM3wBZEEIXSGhdwvaYFTuYfvPjg
OIlUyUqsq7JWdmWwQOjiafr3nGKb4kAtR+b+xeNZjf1puZWjdFYDNZUTy7Ud1gcV
fa8NqtBvQFfpP6mDcZg/Ii7QRviZvOK1Q4i2kocXuSh/M4hVbWOo6pPdkThl2Gz2
N7b/RBY4b6dqkwD51kQVPdaHH0a2X3+eoB6OXLRvYUqiGUd5Mqwu+Cjff9ipWwNa
tkOtkffgifFoSMoG8Y5408AIq0TlT11aYN5Z58bG0VXWPWMONC6llQ5CQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLygw03XiqQt/EjqApk0AzWCnDfwMB8GA1UdIwQY
MBaAFOxl0xRAv3XSXGBveRXCNsphRGSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzkt
ZTI5NTg5ZTg5NjRhLzEvdktERFRkZUtwQzM4U09vQ21UUUROWUtjTl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzktZTI5NTg5ZTg5NjRh
LzEvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW5a6MA0G
CSqGSIb3DQEBCwUAA4IBAQBZi0bpyCMLhjAxxguE2lGMKJXQyDuklKU2JIEgEI2b
qQqZlAghaKw1LMdey9qrdsbhWJpOBiPR3D/nyiKfuETj1SRHd0La6PxWRss1CVNe
tfmgE4PJZjzgdA9wIisnmmsLAlGI6a9Am0cO0vc96uPtuWL6hzWJ+AIt/N0u+KOO
JhfsR2EsDqxDcaYCzPGF5JaIcnftRwq7CfcESSBcWIuT2VmAArrmPy2LrFTq/5Xh
yRDjF8BqgbeL1tVsgQcKSOqLeNxGb+urLaMUy7CSWNvMD3oOvQBJzez/KFwwMh+s
zGk8+XdCj7kvJ9sfRYjJoIehw+2vDWWSO79qqxwVWeY3
-----END CERTIFICATE-----