This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/VSskXdqgKe7CaDWuoatQnI_9KiE.roa
File:                     VSskXdqgKe7CaDWuoatQnI_9KiE.roa (raw, json)
Hash identifier:          ZdbXSqyDrBgEKdzaBPZgWnFmAfBPFOOQn34nK2NZEnk=
Subject key identifier:   55:2B:24:5D:DA:A0:29:EE:C2:68:35:AE:A1:AB:50:9C:8F:FD:2A:21
Certificate issuer:       /CN=ad80679b96ca322bfa85500cab206c6d47412edf
Certificate serial:       019B78A3605B04ABA226D4A2B1DCCFFBE765
Authority key identifier: AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/VSskXdqgKe7CaDWuoatQnI_9KiE.roa
Signing time:             Thu 01 Jan 2026 08:18:51 +0000
ROA not before:           Thu 01 Jan 2026 08:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        185.52.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:60:5b:04:ab:a2:26:d4:a2:b1:dc:cf:fb:e7:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad80679b96ca322bfa85500cab206c6d47412edf
        Validity
            Not Before: Jan  1 08:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=552b245ddaa029eec26835aea1ab509c8ffd2a21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d8:43:8e:e2:ec:30:e3:a1:cd:05:b1:25:65:
                    4c:99:0a:9e:6e:6a:53:ff:e0:a8:9c:31:5f:40:5f:
                    61:b9:fe:83:f0:15:bc:25:c2:4a:5d:4f:de:f8:70:
                    79:4c:d9:fe:25:6c:29:14:69:dd:c1:04:21:d7:13:
                    a3:81:5d:16:6a:eb:5c:f6:68:5a:f0:a5:66:ff:7c:
                    9f:3e:b0:d2:1c:2d:21:27:13:22:28:81:8b:27:f9:
                    f8:41:52:8d:f9:74:5e:ac:38:21:db:26:df:2b:c4:
                    bf:84:05:31:28:78:39:22:05:40:78:37:5a:f0:0a:
                    81:5d:ca:31:c3:b6:16:51:85:61:50:5d:9f:21:4b:
                    74:1d:94:7c:3f:8b:27:8a:13:6a:80:70:6b:67:38:
                    2c:9a:fb:e1:24:e6:25:56:9c:4e:ce:f7:95:f0:da:
                    8d:5b:c2:5e:d9:70:90:77:e6:d9:fa:0d:fc:5c:9c:
                    1e:e3:5b:5a:5f:be:88:89:cf:e5:08:02:0f:e3:42:
                    35:ca:9d:40:b7:22:e5:93:27:f3:82:60:67:8c:f2:
                    52:b3:3e:f9:4a:f1:14:9d:af:f1:91:b6:df:60:10:
                    fc:b1:b4:37:5e:cf:ac:99:15:75:d3:16:2e:ca:a3:
                    f5:b5:a8:98:28:ba:8e:e5:ec:1e:df:85:e0:63:c5:
                    46:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:2B:24:5D:DA:A0:29:EE:C2:68:35:AE:A1:AB:50:9C:8F:FD:2A:21
            X509v3 Authority Key Identifier:
                keyid:AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/VSskXdqgKe7CaDWuoatQnI_9KiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:a3:d1:74:91:da:78:45:44:e8:ad:01:cb:31:87:e3:ad:ef:
         ae:4d:57:de:eb:99:07:96:ed:cc:5b:b7:29:07:64:44:e6:5c:
         42:29:2e:c0:b8:f6:60:9e:1c:ea:76:39:fc:c8:a5:cc:d4:1d:
         bd:62:52:68:28:f0:96:58:d6:54:7f:67:76:38:a3:78:01:62:
         a2:34:04:11:18:88:c2:40:02:b3:fc:fa:47:d9:8b:38:4d:4c:
         27:92:5f:3b:66:3e:09:a6:77:a5:3e:28:9c:e5:47:00:e8:bc:
         b6:40:d3:c6:cc:9b:8e:b4:c5:f1:07:04:2f:0f:c7:7d:02:4b:
         04:af:15:e3:99:ce:bd:2d:77:e8:44:79:4b:58:82:bd:e8:34:
         af:2f:15:b1:be:b7:3e:9a:21:eb:a6:0b:b0:91:81:bc:df:f1:
         30:54:14:b5:35:15:66:d9:93:27:1e:65:71:37:5c:77:55:46:
         7b:38:a1:6f:35:47:5a:c6:8a:bc:6f:8d:4b:fb:d7:76:9e:04:
         d6:44:22:b8:d7:a5:0f:a0:c0:f3:54:d4:94:38:ca:7c:77:88:
         a0:3f:b6:1b:ff:a4:9d:62:c4:36:1b:57:2c:42:f0:38:fb:e6:
         9d:aa:71:92:32:c4:e1:7c:34:7b:f8:d6:0e:9c:19:f2:bd:13:
         73:bd:f8:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2BbBKuiJtSisdzP++dlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkODA2NzliOTZjYTMyMmJmYTg1NTAwY2FiMjA2YzZkNDc0
MTJlZGYwHhcNMjYwMTAxMDgxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTJiMjQ1ZGRhYTAyOWVlYzI2ODM1YWVhMWFiNTA5YzhmZmQyYTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNhDjuLsMOOhzQWxJWVMmQqebmpT
/+ConDFfQF9huf6D8BW8JcJKXU/e+HB5TNn+JWwpFGndwQQh1xOjgV0Wautc9mha
8KVm/3yfPrDSHC0hJxMiKIGLJ/n4QVKN+XRerDgh2ybfK8S/hAUxKHg5IgVAeDda
8AqBXcoxw7YWUYVhUF2fIUt0HZR8P4snihNqgHBrZzgsmvvhJOYlVpxOzveV8NqN
W8Je2XCQd+bZ+g38XJwe41taX76Iic/lCAIP40I1yp1AtyLlkyfzgmBnjPJSsz75
SvEUna/xkbbfYBD8sbQ3Xs+smRV10xYuyqP1taiYKLqO5ewe34XgY8VGJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUrJF3aoCnuwmg1rqGrUJyP/SohMB8GA1UdIwQY
MBaAFK2AZ5uWyjIr+oVQDKsgbG1HQS7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAt
OTBjMGJkZTA5ODY5LzEvVlNza1hkcWdLZTdDYURXdW9hdFFuSV85S2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAtOTBjMGJkZTA5ODY5
LzEvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTTlMA0G
CSqGSIb3DQEBCwUAA4IBAQCxo9F0kdp4RUTorQHLMYfjre+uTVfe65kHlu3MW7cp
B2RE5lxCKS7AuPZgnhzqdjn8yKXM1B29YlJoKPCWWNZUf2d2OKN4AWKiNAQRGIjC
QAKz/PpH2Ys4TUwnkl87Zj4JpnelPiic5UcA6Ly2QNPGzJuOtMXxBwQvD8d9AksE
rxXjmc69LXfoRHlLWIK96DSvLxWxvrc+miHrpguwkYG83/EwVBS1NRVm2ZMnHmVx
N1x3VUZ7OKFvNUdaxoq8b41L+9d2ngTWRCK416UPoMDzVNSUOMp8d4igP7Yb/6Sd
YsQ2G1csQvA4++adqnGSMsThfDR7+NYOnBnyvRNzvfh0
-----END CERTIFICATE-----