This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/vSoBznDbkikChHtY3NKyw5nmxlM.roa
File:                     vSoBznDbkikChHtY3NKyw5nmxlM.roa (raw, json)
Hash identifier:          rSKQo5evduX7uHTKdQHTDx+TSA/wtivZWu5lTBpqgRQ=
Subject key identifier:   BD:2A:01:CE:70:DB:92:29:02:84:7B:58:DC:D2:B2:C3:99:E6:C6:53
Certificate issuer:       /CN=af84e3d23ff60b829e146ebdab4a0ae61de0f4fb
Certificate serial:       019B76EB5FE3F5BAB58ABD27941E229B4317
Authority key identifier: AF:84:E3:D2:3F:F6:0B:82:9E:14:6E:BD:AB:4A:0A:E6:1D:E0:F4:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/vSoBznDbkikChHtY3NKyw5nmxlM.roa
Signing time:             Thu 01 Jan 2026 00:18:15 +0000
ROA not before:           Thu 01 Jan 2026 00:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211920
IP address blocks:        91.220.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:5f:e3:f5:ba:b5:8a:bd:27:94:1e:22:9b:43:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af84e3d23ff60b829e146ebdab4a0ae61de0f4fb
        Validity
            Not Before: Jan  1 00:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd2a01ce70db922902847b58dcd2b2c399e6c653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4c:08:96:17:b1:60:d6:39:4a:59:60:de:e2:
                    60:bb:c2:70:fd:28:5d:73:86:93:19:b9:cc:66:3e:
                    d6:9e:b0:18:cc:32:62:15:de:d1:1e:83:da:6b:50:
                    36:e1:c2:1d:1b:94:50:b8:bf:db:a3:0b:aa:46:08:
                    1a:df:2c:c0:de:9d:e4:a4:6f:04:3f:3f:a3:f4:67:
                    d0:4d:77:df:a6:8a:46:ff:90:96:74:e8:6d:c5:7a:
                    75:56:40:84:a6:23:e1:85:f0:f4:4e:76:e7:d3:82:
                    e9:33:06:60:33:32:97:47:23:40:38:79:30:48:32:
                    f6:ab:f5:77:7e:d9:35:6c:6f:82:3a:87:b9:db:c5:
                    cc:ea:08:8f:94:ad:41:d4:02:2c:b0:c3:b5:87:1b:
                    22:a9:c2:d4:17:db:f1:98:9a:fe:33:4d:90:e1:f7:
                    16:80:80:0d:42:93:be:7d:11:6f:d9:dd:c4:af:f9:
                    bc:78:e0:6f:c9:99:71:03:b4:5b:7b:e0:2e:f5:ae:
                    95:06:61:5f:5e:6b:10:43:ea:c5:79:3c:01:50:4a:
                    be:5f:99:4c:e0:c8:4f:ce:1f:15:9a:68:be:99:b5:
                    da:7d:d7:e6:3b:fc:1f:8c:40:75:ae:19:f3:76:40:
                    03:bf:36:c9:ee:83:98:cc:4f:9f:91:39:d8:0e:4c:
                    59:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:2A:01:CE:70:DB:92:29:02:84:7B:58:DC:D2:B2:C3:99:E6:C6:53
            X509v3 Authority Key Identifier:
                keyid:AF:84:E3:D2:3F:F6:0B:82:9E:14:6E:BD:AB:4A:0A:E6:1D:E0:F4:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/vSoBznDbkikChHtY3NKyw5nmxlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:a9:81:45:56:8a:fb:e2:8b:be:8a:d1:f4:0c:e3:63:20:bf:
         de:c6:fc:9f:8e:64:54:3e:a2:2b:5c:35:27:86:5f:77:eb:02:
         fe:56:f8:b7:7f:11:09:7e:06:08:c3:14:32:fc:24:9c:d6:4d:
         ef:a2:bd:5d:43:8a:84:a2:fa:02:d0:80:b0:a7:24:61:7f:9f:
         a7:c8:0c:f2:25:e9:78:e0:b7:a0:f7:57:9a:5c:8a:e8:31:51:
         d6:e0:fa:3c:4e:28:39:e7:3b:d4:a7:25:97:8f:26:3c:10:f6:
         e0:b5:9a:87:9c:cc:79:4e:f9:7b:ab:54:91:ed:de:e9:4d:3e:
         06:5c:f5:95:57:2a:9e:7d:97:da:fc:df:8b:33:37:ad:f8:f8:
         a3:3b:dc:05:8f:f8:22:16:0c:f9:36:6a:01:26:c7:76:3f:89:
         04:0c:9e:7d:33:50:11:31:f8:a8:64:17:88:04:84:be:8d:4d:
         d2:fe:d4:33:69:31:e0:09:56:86:39:4a:15:d1:99:cd:32:7a:
         46:6d:61:e3:b3:22:03:31:33:dd:8f:a3:bf:74:e5:86:bd:87:
         95:94:e5:25:42:9e:f0:6c:77:b7:c4:86:2e:9c:03:9e:68:b2:
         6e:67:05:00:3d:f9:63:a6:33:57:33:79:cd:8a:42:01:b7:e2:
         fa:f3:f2:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt261/j9bq1ir0nlB4im0MXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODRlM2QyM2ZmNjBiODI5ZTE0NmViZGFiNGEwYWU2MWRl
MGY0ZmIwHhcNMjYwMTAxMDAxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDJhMDFjZTcwZGI5MjI5MDI4NDdiNThkY2QyYjJjMzk5ZTZjNjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkwIlhexYNY5Sllg3uJgu8Jw/Shd
c4aTGbnMZj7WnrAYzDJiFd7RHoPaa1A24cIdG5RQuL/bowuqRgga3yzA3p3kpG8E
Pz+j9GfQTXffpopG/5CWdOhtxXp1VkCEpiPhhfD0Tnbn04LpMwZgMzKXRyNAOHkw
SDL2q/V3ftk1bG+COoe528XM6giPlK1B1AIssMO1hxsiqcLUF9vxmJr+M02Q4fcW
gIANQpO+fRFv2d3Er/m8eOBvyZlxA7Rbe+Au9a6VBmFfXmsQQ+rFeTwBUEq+X5lM
4MhPzh8Vmmi+mbXafdfmO/wfjEB1rhnzdkADvzbJ7oOYzE+fkTnYDkxZ+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0qAc5w25IpAoR7WNzSssOZ5sZTMB8GA1UdIwQY
MBaAFK+E49I/9guCnhRuvatKCuYd4PT7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRUajBqXzJDNEtlRkc2OXEwb0s1aDNnOVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9iYTIzOTEtMDVhMS00YmNiLWE2MWQt
ZTVkOGUzNzUwMDA5LzEvdlNvQnpuRGJraWtDaEh0WTNOS3l3NW5teGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9iYTIzOTEtMDVhMS00YmNiLWE2MWQtZTVkOGUzNzUwMDA5
LzEvcjRUajBqXzJDNEtlRkc2OXEwb0s1aDNnOVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xhMA0G
CSqGSIb3DQEBCwUAA4IBAQDDqYFFVor74ou+itH0DONjIL/exvyfjmRUPqIrXDUn
hl936wL+Vvi3fxEJfgYIwxQy/CSc1k3vor1dQ4qEovoC0ICwpyRhf5+nyAzyJel4
4Leg91eaXIroMVHW4Po8Tig55zvUpyWXjyY8EPbgtZqHnMx5Tvl7q1SR7d7pTT4G
XPWVVyqefZfa/N+LMzet+PijO9wFj/giFgz5NmoBJsd2P4kEDJ59M1ARMfioZBeI
BIS+jU3S/tQzaTHgCVaGOUoV0ZnNMnpGbWHjsyIDMTPdj6O/dOWGvYeVlOUlQp7w
bHe3xIYunAOeaLJuZwUAPfljpjNXM3nNikIBt+L68/Ju
-----END CERTIFICATE-----