This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/5aa619-dcca-49d5-901f-a5ab7b64155f/1/vfVgwYQtTWQH5Svk8hRtQE6LdZs.roa
File:                     vfVgwYQtTWQH5Svk8hRtQE6LdZs.roa (raw, json)
Hash identifier:          nMz4GkfTsgm1Yz/uiD26MI9xBVzaezRNvPq8yPwMur0=
Subject key identifier:   BD:F5:60:C1:84:2D:4D:64:07:E5:2B:E4:F2:14:6D:40:4E:8B:75:9B
Certificate issuer:       /CN=bc3a4697447d190308644a58bceaa124c074b7e1
Certificate serial:       019B797E517D3FAE3631FD41E8BC1FBFC09D
Authority key identifier: BC:3A:46:97:44:7D:19:03:08:64:4A:58:BC:EA:A1:24:C0:74:B7:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDpGl0R9GQMIZEpYvOqhJMB0t-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/5aa619-dcca-49d5-901f-a5ab7b64155f/1/vfVgwYQtTWQH5Svk8hRtQE6LdZs.roa
Signing time:             Thu 01 Jan 2026 12:18:00 +0000
ROA not before:           Thu 01 Jan 2026 12:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209766
IP address blocks:        192.145.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/5aa619-dcca-49d5-901f-a5ab7b64155f/1/vDpGl0R9GQMIZEpYvOqhJMB0t-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/5aa619-dcca-49d5-901f-a5ab7b64155f/1/vDpGl0R9GQMIZEpYvOqhJMB0t-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDpGl0R9GQMIZEpYvOqhJMB0t-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:51:7d:3f:ae:36:31:fd:41:e8:bc:1f:bf:c0:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a4697447d190308644a58bceaa124c074b7e1
        Validity
            Not Before: Jan  1 12:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdf560c1842d4d6407e52be4f2146d404e8b759b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1e:18:48:6a:3e:fc:14:76:69:4d:61:57:72:
                    ab:7b:de:6a:0c:8d:74:4f:45:b9:3e:13:3a:89:d7:
                    d6:6f:f6:02:60:aa:ae:2f:1f:a8:60:da:df:90:24:
                    6d:a0:b8:17:91:c4:bd:d6:f7:a3:67:df:d3:a8:32:
                    11:f2:5d:2f:bb:67:9b:d3:f4:20:3b:79:5d:88:43:
                    8f:b8:a5:c2:10:78:86:5e:ae:37:15:dc:cd:46:a9:
                    8c:8b:6a:de:b5:a7:09:96:60:d7:e5:76:f8:a5:3d:
                    dc:76:02:85:16:9f:86:80:2d:19:ac:0b:57:08:c8:
                    e4:24:f7:ec:bc:f7:1c:43:4b:eb:54:04:52:61:55:
                    f9:0d:30:ef:68:62:b5:e3:25:1f:91:ee:68:d5:54:
                    72:cc:d1:1a:09:a1:f3:92:78:07:14:65:f4:ab:8c:
                    bd:5e:3d:5b:b3:84:99:a6:aa:fb:7c:78:f3:c4:a9:
                    a5:cf:fa:8f:0d:04:a4:6b:f5:c3:bc:02:4e:30:21:
                    c2:d4:0c:c8:fb:97:b2:13:94:d5:87:15:e2:78:14:
                    35:b8:bb:eb:9d:6e:3a:e8:cc:d2:bc:a1:0b:b8:d5:
                    56:7d:dc:98:a4:e0:10:25:38:eb:ff:eb:ee:ee:30:
                    9c:7d:db:31:16:03:37:9f:2e:43:3d:b1:2c:82:b0:
                    d1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F5:60:C1:84:2D:4D:64:07:E5:2B:E4:F2:14:6D:40:4E:8B:75:9B
            X509v3 Authority Key Identifier:
                keyid:BC:3A:46:97:44:7D:19:03:08:64:4A:58:BC:EA:A1:24:C0:74:B7:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDpGl0R9GQMIZEpYvOqhJMB0t-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/5aa619-dcca-49d5-901f-a5ab7b64155f/1/vfVgwYQtTWQH5Svk8hRtQE6LdZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/5aa619-dcca-49d5-901f-a5ab7b64155f/1/vDpGl0R9GQMIZEpYvOqhJMB0t-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:c8:e7:63:28:c5:07:ad:92:ff:4e:48:a7:a7:1e:08:be:dd:
         fc:4c:5e:c2:a8:d7:21:27:5f:ab:57:ca:7d:84:44:99:24:86:
         c6:72:9a:35:da:48:75:61:26:95:22:ac:c0:7b:3f:0e:bd:17:
         67:5e:12:93:d7:74:a3:66:02:52:86:77:bc:5f:3a:db:25:d4:
         fc:05:9a:45:e6:be:55:e5:df:0b:ec:10:f7:4b:5a:33:1c:fb:
         02:99:a1:06:9e:41:8e:34:1b:fd:21:f3:dd:ba:22:7e:a0:86:
         92:77:4c:94:bc:5f:48:fd:34:fa:bd:f2:03:34:b3:fd:4f:5e:
         1e:8c:e6:23:e1:74:b8:4e:c9:53:eb:92:84:d8:24:e8:b4:83:
         01:59:f3:41:a5:2d:06:ee:b0:e8:d5:72:24:18:8f:56:54:c5:
         56:d9:96:64:37:37:7e:31:39:28:a4:35:fb:f9:a1:45:e2:7e:
         15:d5:b4:15:0c:9f:1a:80:06:fd:f9:c4:71:31:a8:4a:d3:ad:
         df:5a:33:d3:62:f9:c3:f0:0b:80:06:51:d2:75:cc:b3:a7:ba:
         4f:a6:77:9f:f4:3d:2c:8a:6c:9e:8f:1f:94:f0:49:fc:d6:b8:
         c3:07:74:42:0c:0c:d3:29:76:ea:92:31:f6:6d:0d:a3:f1:d4:
         a0:39:84:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5flF9P642Mf1B6Lwfv8CdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2E0Njk3NDQ3ZDE5MDMwODY0NGE1OGJjZWFhMTI0YzA3
NGI3ZTEwHhcNMjYwMTAxMTIxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY1NjBjMTg0MmQ0ZDY0MDdlNTJiZTRmMjE0NmQ0MDRlOGI3NTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx4YSGo+/BR2aU1hV3Kre95qDI10
T0W5PhM6idfWb/YCYKquLx+oYNrfkCRtoLgXkcS91vejZ9/TqDIR8l0vu2eb0/Qg
O3ldiEOPuKXCEHiGXq43FdzNRqmMi2retacJlmDX5Xb4pT3cdgKFFp+GgC0ZrAtX
CMjkJPfsvPccQ0vrVARSYVX5DTDvaGK14yUfke5o1VRyzNEaCaHzkngHFGX0q4y9
Xj1bs4SZpqr7fHjzxKmlz/qPDQSka/XDvAJOMCHC1AzI+5eyE5TVhxXieBQ1uLvr
nW466MzSvKELuNVWfdyYpOAQJTjr/+vu7jCcfdsxFgM3ny5DPbEsgrDRSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL31YMGELU1kB+Ur5PIUbUBOi3WbMB8GA1UdIwQY
MBaAFLw6RpdEfRkDCGRKWLzqoSTAdLfhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRwR2wwUjlHUU1JWkVwWXZPcWhKTUIwdC1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi81YWE2MTktZGNjYS00OWQ1LTkwMWYt
YTVhYjdiNjQxNTVmLzEvdmZWZ3dZUXRUV1FINVN2azhoUnRRRTZMZFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi81YWE2MTktZGNjYS00OWQ1LTkwMWYtYTVhYjdiNjQxNTVm
LzEvdkRwR2wwUjlHUU1JWkVwWXZPcWhKTUIwdC1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwJEEMA0G
CSqGSIb3DQEBCwUAA4IBAQBYyOdjKMUHrZL/Tkinpx4Ivt38TF7CqNchJ1+rV8p9
hESZJIbGcpo12kh1YSaVIqzAez8OvRdnXhKT13SjZgJShne8XzrbJdT8BZpF5r5V
5d8L7BD3S1ozHPsCmaEGnkGONBv9IfPduiJ+oIaSd0yUvF9I/TT6vfIDNLP9T14e
jOYj4XS4TslT65KE2CTotIMBWfNBpS0G7rDo1XIkGI9WVMVW2ZZkNzd+MTkopDX7
+aFF4n4V1bQVDJ8agAb9+cRxMahK063fWjPTYvnD8AuABlHSdcyzp7pPpnef9D0s
imyejx+U8En81rjDB3RCDAzTKXbqkjH2bQ2j8dSgOYQI
-----END CERTIFICATE-----
Generated at Mon Feb 9 18:43:38 2026 by rpki-client