This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/_VixDRlDHcr6PrncvZUZ-GW6afw.roa
File:                     _VixDRlDHcr6PrncvZUZ-GW6afw.roa (raw, json)
Hash identifier:          XqMR9xWk1nvAk22Z7sQHJKRu3wfO9rwjwEWrKeLB+8c=
Subject key identifier:   FD:58:B1:0D:19:43:1D:CA:FA:3E:B9:DC:BD:95:19:F8:65:BA:69:FC
Certificate issuer:       /CN=2b4e2d34ccee4576b5ce7605a084e6c08522c228
Certificate serial:       019B7CECC7898F59DAE2D7EE8F092757C4C7
Authority key identifier: 2B:4E:2D:34:CC:EE:45:76:B5:CE:76:05:A0:84:E6:C0:85:22:C2:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/_VixDRlDHcr6PrncvZUZ-GW6afw.roa
Signing time:             Fri 02 Jan 2026 04:17:30 +0000
ROA not before:           Fri 02 Jan 2026 04:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47254
IP address blocks:        212.102.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:c7:89:8f:59:da:e2:d7:ee:8f:09:27:57:c4:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b4e2d34ccee4576b5ce7605a084e6c08522c228
        Validity
            Not Before: Jan  2 04:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd58b10d19431dcafa3eb9dcbd9519f865ba69fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a9:dc:4a:b8:d9:07:1a:f1:e7:62:3c:55:6e:
                    16:e1:fb:72:5d:40:40:01:37:12:16:8e:d6:cc:dd:
                    3f:f9:4e:9f:63:9a:ba:5e:0b:d9:4e:8f:a2:72:75:
                    cb:5e:24:77:27:82:5c:c3:39:5e:e9:cc:0b:b3:35:
                    cc:7e:38:a5:d3:7c:a9:4f:8f:13:0c:20:56:23:d1:
                    10:a4:04:74:13:e0:90:cc:a6:4c:a7:71:86:83:9f:
                    29:4f:d6:b4:9e:8f:db:d4:27:24:fc:fc:e4:59:ad:
                    3f:c1:d5:20:80:9f:b4:a5:b7:c4:98:b8:68:aa:78:
                    e8:52:5a:4b:c2:e5:0d:3c:d6:2e:e9:a2:01:f4:75:
                    8e:49:e6:c7:ea:84:c3:94:46:f2:ea:0b:40:90:e0:
                    a1:a7:47:1b:bf:40:cc:09:70:cf:7c:f9:6c:73:59:
                    30:a9:4f:99:60:f6:92:21:61:c5:32:2d:92:02:d1:
                    66:78:55:d2:88:23:17:e3:85:dd:5e:0a:e7:c6:05:
                    49:16:59:95:76:cc:79:b0:3e:5a:0b:00:70:45:20:
                    83:47:5e:ce:61:6f:f1:1b:d9:c5:16:83:14:9b:bf:
                    cb:9b:6c:0f:20:9c:f2:56:1e:20:a7:86:62:49:f7:
                    36:e0:64:5d:15:85:58:ed:2c:60:2e:1b:f3:4e:ba:
                    55:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:58:B1:0D:19:43:1D:CA:FA:3E:B9:DC:BD:95:19:F8:65:BA:69:FC
            X509v3 Authority Key Identifier:
                keyid:2B:4E:2D:34:CC:EE:45:76:B5:CE:76:05:A0:84:E6:C0:85:22:C2:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/_VixDRlDHcr6PrncvZUZ-GW6afw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:92:12:fa:18:57:3e:a7:4d:44:83:13:1e:9d:9e:0e:0e:8e:
         73:d1:22:4d:4f:39:a3:65:d1:2c:8f:54:c2:22:b5:ef:ae:81:
         c9:60:fc:14:1d:71:b7:7f:67:7d:ff:57:46:f6:b6:41:db:0b:
         05:4b:05:e4:ad:e4:a9:ea:38:7e:f6:b6:d7:ca:be:91:f6:a0:
         d3:fa:09:03:ac:b1:af:9a:03:7b:25:68:47:3f:51:72:8f:dd:
         9e:cd:9c:b8:85:f5:f8:13:61:39:f4:9f:48:36:3a:7b:9c:ed:
         49:32:94:eb:1d:1a:36:9d:44:c6:c4:48:1c:2c:8d:5d:86:cc:
         4b:ed:0e:91:3f:b9:f1:eb:4f:cf:b0:90:fa:e8:37:c9:c9:45:
         31:cc:3f:94:89:30:58:21:a5:0f:37:5f:86:b8:00:89:54:02:
         30:7a:69:dc:3d:2a:17:15:1a:52:a1:eb:6f:1b:cc:01:a7:b7:
         99:81:d9:c4:aa:7d:c2:00:f4:1b:90:9a:3c:47:ff:5d:45:96:
         8b:67:7b:02:96:ee:4a:6a:66:db:a5:be:f8:0b:a4:36:70:77:
         ab:cd:cb:82:50:89:97:2c:fe:91:44:5e:ec:ad:74:f0:19:23:
         8c:48:4d:ad:d1:60:c7:be:bd:a7:5b:4b:2b:cd:a4:e4:07:43:
         a4:02:3a:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87MeJj1na4tfujwknV8THMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNGUyZDM0Y2NlZTQ1NzZiNWNlNzYwNWEwODRlNmMwODUy
MmMyMjgwHhcNMjYwMTAyMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDU4YjEwZDE5NDMxZGNhZmEzZWI5ZGNiZDk1MTlmODY1YmE2OWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnancSrjZBxrx52I8VW4W4ftyXUBA
ATcSFo7WzN0/+U6fY5q6XgvZTo+icnXLXiR3J4Jcwzle6cwLszXMfjil03ypT48T
DCBWI9EQpAR0E+CQzKZMp3GGg58pT9a0no/b1Cck/PzkWa0/wdUggJ+0pbfEmLho
qnjoUlpLwuUNPNYu6aIB9HWOSebH6oTDlEby6gtAkOChp0cbv0DMCXDPfPlsc1kw
qU+ZYPaSIWHFMi2SAtFmeFXSiCMX44XdXgrnxgVJFlmVdsx5sD5aCwBwRSCDR17O
YW/xG9nFFoMUm7/Lm2wPIJzyVh4gp4ZiSfc24GRdFYVY7SxgLhvzTrpVawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1YsQ0ZQx3K+j653L2VGfhlumn8MB8GA1UdIwQY
MBaAFCtOLTTM7kV2tc52BaCE5sCFIsIoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzA0dE5NenVSWGExem5ZRm9JVG13SVVpd2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kODk5Y2MtNTM1Ny00NzFhLWJjMWMt
MDc3YmM4YmExZTVkLzEvX1ZpeERSbERIY3I2UHJuY3ZaVVotR1c2YWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kODk5Y2MtNTM1Ny00NzFhLWJjMWMtMDc3YmM4YmExZTVk
LzEvSzA0dE5NenVSWGExem5ZRm9JVG13SVVpd2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GZiMA0G
CSqGSIb3DQEBCwUAA4IBAQBZkhL6GFc+p01EgxMenZ4ODo5z0SJNTzmjZdEsj1TC
IrXvroHJYPwUHXG3f2d9/1dG9rZB2wsFSwXkreSp6jh+9rbXyr6R9qDT+gkDrLGv
mgN7JWhHP1Fyj92ezZy4hfX4E2E59J9INjp7nO1JMpTrHRo2nUTGxEgcLI1dhsxL
7Q6RP7nx60/PsJD66DfJyUUxzD+UiTBYIaUPN1+GuACJVAIwemncPSoXFRpSoetv
G8wBp7eZgdnEqn3CAPQbkJo8R/9dRZaLZ3sClu5Kambbpb74C6Q2cHerzcuCUImX
LP6RRF7srXTwGSOMSE2t0WDHvr2nW0srzaTkB0OkAjqT
-----END CERTIFICATE-----