This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/vGrC2-drySe2AMWxLJR-BIFPfqU.roa
File:                     vGrC2-drySe2AMWxLJR-BIFPfqU.roa (raw, json)
Hash identifier:          9+yMz3lGp0JAq/KZf+dzg6yS70OlUWhkzJeo6kUOdhw=
Subject key identifier:   BC:6A:C2:DB:E7:6B:C9:27:B6:00:C5:B1:2C:94:7E:04:81:4F:7E:A5
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA5285CADB0E42DF45D037345CA516A
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/vGrC2-drySe2AMWxLJR-BIFPfqU.roa
Signing time:             Thu 01 Jan 2026 22:19:39 +0000
ROA not before:           Thu 01 Jan 2026 22:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8734
IP address blocks:        95.43.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:28:5c:ad:b0:e4:2d:f4:5d:03:73:45:ca:51:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc6ac2dbe76bc927b600c5b12c947e04814f7ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:dd:24:af:69:ee:f8:d6:0f:41:89:3c:25:95:
                    0d:92:ff:eb:97:0f:2f:65:0f:18:9e:17:1b:82:71:
                    07:b3:ed:3a:b5:5d:50:df:80:1a:76:fc:9d:05:54:
                    a7:df:52:d3:c2:bb:61:df:8d:bc:ed:c9:6f:5e:9d:
                    e3:fd:1b:87:87:99:e0:e3:19:51:b2:50:d0:a3:97:
                    94:ad:3a:d5:3c:84:c0:dd:7b:c7:05:99:48:ca:9c:
                    8f:ae:61:21:1a:4d:14:27:07:bb:65:30:f5:9e:48:
                    25:4c:45:07:3f:4b:19:00:38:b9:d4:21:ee:f0:0d:
                    8f:6f:8b:22:21:e8:12:44:c4:55:97:a4:da:2b:44:
                    12:ea:9c:25:6e:88:c2:de:c9:b6:72:dc:63:50:2d:
                    d2:71:34:7b:76:55:d6:1f:d1:8d:f9:37:54:b7:21:
                    cb:8a:41:d2:87:25:6e:ce:68:0e:68:e4:83:64:aa:
                    fd:d8:f1:6e:fd:31:c1:34:4a:56:a7:1a:1f:1d:28:
                    93:4b:e5:f9:7d:dd:94:0f:3d:46:ef:b8:b3:d7:6d:
                    0b:27:5d:3b:35:ae:b2:f0:2d:a6:22:a1:c3:3f:bf:
                    7c:6f:91:89:fc:f3:6a:8b:c8:47:7b:2e:83:fd:25:
                    5e:35:71:42:51:df:13:13:c3:20:96:09:84:ed:ec:
                    c9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:6A:C2:DB:E7:6B:C9:27:B6:00:C5:B1:2C:94:7E:04:81:4F:7E:A5
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/vGrC2-drySe2AMWxLJR-BIFPfqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:49:f6:6e:86:63:e1:ee:5f:0a:7c:29:e7:7d:ff:bb:23:fc:
         90:83:02:9c:df:6b:e5:92:9f:59:eb:1c:6f:57:1e:0b:e2:82:
         af:d1:b8:fa:19:29:0c:73:98:e5:b2:57:5c:d3:16:0c:09:f5:
         d6:66:7d:fc:3d:d2:53:0e:e2:54:b4:cc:f6:30:50:f4:17:5b:
         06:10:0c:d3:b2:d7:61:45:66:44:cd:eb:81:fe:79:e8:66:3a:
         d1:b0:1d:0a:08:2a:fa:d8:03:f1:65:53:6d:5b:d3:75:79:72:
         8c:00:67:4b:95:b5:a7:4f:d9:88:5e:4d:55:65:b7:cc:69:a2:
         24:36:5b:12:52:4f:02:15:f4:00:1a:a9:f8:f4:89:dc:20:81:
         d7:47:bf:31:d4:3a:05:6c:de:28:85:73:90:fd:a3:8a:bb:a7:
         17:44:70:fb:1a:ed:f2:22:26:e8:52:17:a8:9b:c2:a2:00:da:
         2c:9e:ef:b1:40:e8:2b:38:e5:17:4b:2f:f3:ae:d3:68:d0:3d:
         81:4c:cb:1b:bb:01:90:aa:a6:7b:58:af:59:2c:57:3e:bc:d7:
         38:9c:7b:7e:4d:15:5d:21:a4:03:80:5a:59:e2:fa:3c:a7:2b:
         50:f5:83:45:0d:71:14:ca:48:58:9c:ee:4f:7f:f0:df:54:8a:
         35:6a:b9:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pShcrbDkLfRdA3NFylFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzZhYzJkYmU3NmJjOTI3YjYwMGM1YjEyYzk0N2UwNDgxNGY3ZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud0kr2nu+NYPQYk8JZUNkv/rlw8v
ZQ8YnhcbgnEHs+06tV1Q34AadvydBVSn31LTwrth34287clvXp3j/RuHh5ng4xlR
slDQo5eUrTrVPITA3XvHBZlIypyPrmEhGk0UJwe7ZTD1nkglTEUHP0sZADi51CHu
8A2Pb4siIegSRMRVl6TaK0QS6pwlbojC3sm2ctxjUC3ScTR7dlXWH9GN+TdUtyHL
ikHShyVuzmgOaOSDZKr92PFu/THBNEpWpxofHSiTS+X5fd2UDz1G77iz120LJ107
Na6y8C2mIqHDP798b5GJ/PNqi8hHey6D/SVeNXFCUd8TE8MglgmE7ezJywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxqwtvna8kntgDFsSyUfgSBT36lMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvdkdyQzItZHJ5U2UyQU1XeExKUi1CSUZQZnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXyvOMA0G
CSqGSIb3DQEBCwUAA4IBAQBZSfZuhmPh7l8KfCnnff+7I/yQgwKc32vlkp9Z6xxv
Vx4L4oKv0bj6GSkMc5jlsldc0xYMCfXWZn38PdJTDuJUtMz2MFD0F1sGEAzTstdh
RWZEzeuB/nnoZjrRsB0KCCr62APxZVNtW9N1eXKMAGdLlbWnT9mIXk1VZbfMaaIk
NlsSUk8CFfQAGqn49IncIIHXR78x1DoFbN4ohXOQ/aOKu6cXRHD7Gu3yIiboUheo
m8KiANosnu+xQOgrOOUXSy/zrtNo0D2BTMsbuwGQqqZ7WK9ZLFc+vNc4nHt+TRVd
IaQDgFpZ4vo8pytQ9YNFDXEUykhYnO5Pf/DfVIo1arl2
-----END CERTIFICATE-----