This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/224155-3ca4-4ff7-a964-fc0dd9252c9a/1/vaTMXsKj9s2mYu4jK85sAAqXJgk.roa
File:                     vaTMXsKj9s2mYu4jK85sAAqXJgk.roa (raw, json)
Hash identifier:          9Sx8ua7dYYmRjEMlZOB1LM5xRgfZw4Tr41DAQH+beRs=
Subject key identifier:   BD:A4:CC:5E:C2:A3:F6:CD:A6:62:EE:23:2B:CE:6C:00:0A:97:26:09
Certificate issuer:       /CN=5bea81aa9b2197d9127b442525100ffaa36e0d52
Certificate serial:       019B797EA8F9B4455964EB5F34A3C8003308
Authority key identifier: 5B:EA:81:AA:9B:21:97:D9:12:7B:44:25:25:10:0F:FA:A3:6E:0D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-qBqpshl9kSe0QlJRAP-qNuDVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/224155-3ca4-4ff7-a964-fc0dd9252c9a/1/vaTMXsKj9s2mYu4jK85sAAqXJgk.roa
Signing time:             Thu 01 Jan 2026 12:18:22 +0000
ROA not before:           Thu 01 Jan 2026 12:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213968
IP address blocks:        86.48.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/224155-3ca4-4ff7-a964-fc0dd9252c9a/1/W-qBqpshl9kSe0QlJRAP-qNuDVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/224155-3ca4-4ff7-a964-fc0dd9252c9a/1/W-qBqpshl9kSe0QlJRAP-qNuDVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-qBqpshl9kSe0QlJRAP-qNuDVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:a8:f9:b4:45:59:64:eb:5f:34:a3:c8:00:33:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bea81aa9b2197d9127b442525100ffaa36e0d52
        Validity
            Not Before: Jan  1 12:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bda4cc5ec2a3f6cda662ee232bce6c000a972609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f6:da:fe:e0:f0:76:d6:4a:bc:eb:ae:d9:e2:
                    f7:ee:f8:57:08:ea:c0:43:fd:38:c2:11:e6:0c:d3:
                    30:ce:36:80:07:eb:70:cc:2e:39:3c:79:0e:e8:b8:
                    7a:b4:95:e5:c4:50:75:a0:31:a1:74:2a:74:94:10:
                    9f:f5:a5:cc:5f:bc:94:38:f1:88:36:85:66:1f:e8:
                    6b:2c:22:83:e6:f7:c7:e4:5d:e5:5c:cf:9d:39:f9:
                    a4:8e:29:3a:01:3c:c6:fb:eb:3a:dd:e3:b4:80:cd:
                    3c:1a:31:42:6d:23:0e:08:64:8c:1e:99:9d:e9:c5:
                    4c:30:a9:5e:0f:a5:13:3f:dc:82:25:a6:6d:7a:fc:
                    03:4d:69:63:76:f3:91:d3:69:b8:d1:3f:75:34:24:
                    6a:54:a0:df:23:85:c1:85:f3:c4:a6:79:c2:f0:f7:
                    62:4c:03:a2:9e:1a:fa:a4:2b:73:6e:24:02:dc:c6:
                    45:32:a7:ac:45:50:bf:e5:02:00:ba:41:b0:71:dc:
                    d6:9f:6a:a6:65:de:00:6f:40:77:31:3d:5f:f3:24:
                    27:ab:23:9c:96:12:c9:a0:b7:79:f6:d6:46:59:8f:
                    26:90:c7:25:18:35:ba:15:3e:1e:90:b9:14:3b:4d:
                    5c:6e:50:cf:17:f8:84:46:86:b3:b4:41:48:70:46:
                    c2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A4:CC:5E:C2:A3:F6:CD:A6:62:EE:23:2B:CE:6C:00:0A:97:26:09
            X509v3 Authority Key Identifier:
                keyid:5B:EA:81:AA:9B:21:97:D9:12:7B:44:25:25:10:0F:FA:A3:6E:0D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-qBqpshl9kSe0QlJRAP-qNuDVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/224155-3ca4-4ff7-a964-fc0dd9252c9a/1/vaTMXsKj9s2mYu4jK85sAAqXJgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/224155-3ca4-4ff7-a964-fc0dd9252c9a/1/W-qBqpshl9kSe0QlJRAP-qNuDVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:4e:78:b5:c3:79:a5:87:bf:1b:4d:a1:66:3f:88:21:99:f2:
         48:81:72:b8:85:a5:13:af:5b:ab:37:a5:83:36:19:df:f8:5d:
         e5:7c:12:56:2e:d7:a3:eb:61:13:b1:06:f1:77:20:c2:02:35:
         ae:31:ef:2a:0a:38:89:f1:e1:b0:34:ad:aa:e3:57:a4:62:e3:
         ef:67:5d:e4:f8:eb:b3:c5:69:07:09:8d:b7:18:ee:52:ed:5d:
         1d:89:bc:c6:93:c1:f3:1c:4e:87:14:1d:6f:c6:88:d6:4e:d0:
         54:2e:18:b3:02:cf:76:71:f6:d8:d0:90:74:a1:6f:ec:5f:17:
         14:85:10:d9:62:78:65:93:40:b6:70:48:f8:5f:55:5f:bd:10:
         64:07:e0:17:e1:5b:49:c7:28:f7:fb:8c:01:d7:7d:a7:2d:92:
         65:92:fc:17:2e:5a:c8:4f:4a:41:58:a9:8a:2a:43:c6:67:4c:
         c4:04:29:f7:84:1a:4c:dc:f5:9a:81:4c:43:90:0c:49:76:6e:
         49:7a:5f:76:6f:43:f4:09:e9:19:03:d0:85:f8:1a:4c:a9:75:
         b8:ee:34:68:d8:77:8f:08:84:c1:08:a1:56:c2:7e:df:7b:26:
         bc:c9:99:2f:a0:df:76:66:d4:1b:e2:6d:25:d2:1e:cc:f0:05:
         2f:0b:af:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fqj5tEVZZOtfNKPIADMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWE4MWFhOWIyMTk3ZDkxMjdiNDQyNTI1MTAwZmZhYTM2
ZTBkNTIwHhcNMjYwMTAxMTIxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGE0Y2M1ZWMyYTNmNmNkYTY2MmVlMjMyYmNlNmMwMDBhOTcyNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfba/uDwdtZKvOuu2eL37vhXCOrA
Q/04whHmDNMwzjaAB+twzC45PHkO6Lh6tJXlxFB1oDGhdCp0lBCf9aXMX7yUOPGI
NoVmH+hrLCKD5vfH5F3lXM+dOfmkjik6ATzG++s63eO0gM08GjFCbSMOCGSMHpmd
6cVMMKleD6UTP9yCJaZtevwDTWljdvOR02m40T91NCRqVKDfI4XBhfPEpnnC8Pdi
TAOinhr6pCtzbiQC3MZFMqesRVC/5QIAukGwcdzWn2qmZd4Ab0B3MT1f8yQnqyOc
lhLJoLd59tZGWY8mkMclGDW6FT4ekLkUO01cblDPF/iERoaztEFIcEbC3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2kzF7Co/bNpmLuIyvObAAKlyYJMB8GA1UdIwQY
MBaAFFvqgaqbIZfZEntEJSUQD/qjbg1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1xQnFwc2hsOWtTZTBRbEpSQVAtcU51RFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8yMjQxNTUtM2NhNC00ZmY3LWE5NjQt
ZmMwZGQ5MjUyYzlhLzEvdmFUTVhzS2o5czJtWXU0aks4NXNBQXFYSmdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8yMjQxNTUtM2NhNC00ZmY3LWE5NjQtZmMwZGQ5MjUyYzlh
LzEvVy1xQnFwc2hsOWtTZTBRbEpSQVAtcU51RFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVjBEMA0G
CSqGSIb3DQEBCwUAA4IBAQBpTni1w3mlh78bTaFmP4ghmfJIgXK4haUTr1urN6WD
Nhnf+F3lfBJWLtej62ETsQbxdyDCAjWuMe8qCjiJ8eGwNK2q41ekYuPvZ13k+Ouz
xWkHCY23GO5S7V0dibzGk8HzHE6HFB1vxojWTtBULhizAs92cfbY0JB0oW/sXxcU
hRDZYnhlk0C2cEj4X1VfvRBkB+AX4VtJxyj3+4wB132nLZJlkvwXLlrIT0pBWKmK
KkPGZ0zEBCn3hBpM3PWagUxDkAxJdm5Jel92b0P0CekZA9CF+BpMqXW47jRo2HeP
CITBCKFWwn7feya8yZkvoN92ZtQb4m0l0h7M8AUvC6/5
-----END CERTIFICATE-----