This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/VmNdh6laZxyVCC_g82mHnoN0sjg.roa
File:                     VmNdh6laZxyVCC_g82mHnoN0sjg.roa (raw, json)
Hash identifier:          fCIZoEHtubiL+1CEYbmHMAzOgcDhgRWMLUT6hfUtnUM=
Subject key identifier:   56:63:5D:87:A9:5A:67:1C:95:08:2F:E0:F3:69:87:9E:83:74:B2:38
Certificate issuer:       /CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
Certificate serial:       019B775933CEEE65B9D2827454602D52B937
Authority key identifier: 29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/VmNdh6laZxyVCC_g82mHnoN0sjg.roa
Signing time:             Thu 01 Jan 2026 02:18:13 +0000
ROA not before:           Thu 01 Jan 2026 02:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        217.64.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/KbOnF2ZaETfpncj60i4-f5jbiXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/KbOnF2ZaETfpncj60i4-f5jbiXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 23:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:33:ce:ee:65:b9:d2:82:74:54:60:2d:52:b9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
        Validity
            Not Before: Jan  1 02:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56635d87a95a671c95082fe0f369879e8374b238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b0:cd:0e:3f:1a:57:7b:16:73:c3:7c:bc:48:
                    ec:79:52:04:16:ea:df:e9:de:b6:43:b1:d7:d4:af:
                    ba:6b:d6:7d:68:44:c3:72:21:c6:f1:93:ac:2d:2f:
                    97:f0:03:f3:3e:8c:2c:fe:16:be:1b:20:9b:16:89:
                    25:a3:71:19:b7:11:b0:8a:e8:f5:1f:c1:d4:85:cd:
                    54:97:da:2b:55:91:81:5b:a4:2f:24:7f:62:7d:dc:
                    ec:5c:95:84:b2:d6:7f:69:8d:dd:d9:b9:26:58:39:
                    42:f5:8f:44:13:02:1a:ad:60:ba:6e:94:c5:61:3d:
                    c9:0c:52:84:05:60:87:30:4d:cf:ea:e0:66:d6:1d:
                    23:36:a3:28:c1:77:8d:f6:60:f1:31:a8:c0:b0:6b:
                    6a:27:5d:78:48:0e:11:03:3e:0e:b8:2f:20:c4:76:
                    71:3a:96:80:28:f5:93:36:1b:86:65:a1:8b:da:d0:
                    6b:85:1c:1f:8f:5b:6e:2e:49:7d:fe:7e:64:74:8c:
                    47:e8:92:4e:cc:38:cd:ae:d7:d2:99:10:1b:b3:4a:
                    ff:67:c6:f3:02:61:88:71:57:d8:68:c5:2f:67:6b:
                    7e:a6:a6:80:41:30:b7:5a:30:a0:86:bc:20:a5:43:
                    cf:37:2c:ce:e4:73:39:63:fb:8f:00:d8:5c:a9:e7:
                    d4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:63:5D:87:A9:5A:67:1C:95:08:2F:E0:F3:69:87:9E:83:74:B2:38
            X509v3 Authority Key Identifier:
                keyid:29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/VmNdh6laZxyVCC_g82mHnoN0sjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/KbOnF2ZaETfpncj60i4-f5jbiXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.64.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:ee:48:2e:37:32:d8:bf:d0:89:97:58:2c:57:43:72:8c:e2:
         76:3f:62:2a:4d:b3:0e:25:b4:24:3a:6f:b8:2f:80:f3:73:0e:
         2e:dc:08:91:e8:11:e8:a9:86:87:09:88:fa:3b:11:95:a9:bf:
         89:49:fe:04:d2:b2:f1:f1:2f:5b:87:27:ea:81:a6:6a:f4:bc:
         6d:d9:da:81:95:a7:e7:7d:bd:a8:c6:50:20:68:40:66:b1:3c:
         7a:3a:67:fb:3e:b0:f7:02:e1:c2:e4:f1:a8:da:02:d5:2e:52:
         fa:4d:21:b3:1d:2e:85:4c:87:96:72:4e:45:f5:ba:28:41:e3:
         ab:7f:7c:19:81:11:23:ab:87:84:cc:18:60:08:24:de:c8:6f:
         10:2a:59:0e:d6:15:0c:25:5c:d2:a7:28:aa:d9:20:03:f7:5b:
         cb:2e:81:12:98:a0:93:07:ba:c6:8a:01:6c:dd:c0:ef:95:f0:
         97:97:13:83:9e:fa:6f:53:55:b0:a4:03:57:57:c4:52:cc:2a:
         03:77:38:bc:12:f7:aa:39:ca:95:61:40:cb:04:15:71:79:ff:
         1f:f7:f4:54:3f:58:7b:18:38:22:fe:b0:21:e9:c4:6f:e3:94:
         8f:86:61:f2:e4:97:a8:03:e8:77:37:f0:9b:02:8d:db:46:c2:
         1d:7f:24:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WTPO7mW50oJ0VGAtUrk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YjNhNzE3NjY1YTExMzdlOTlkYzhmYWQyMmUzZTdmOThk
Yjg5NzMwHhcNMjYwMTAxMDIxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjYzNWQ4N2E5NWE2NzFjOTUwODJmZTBmMzY5ODc5ZTgzNzRiMjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbDNDj8aV3sWc8N8vEjseVIEFurf
6d62Q7HX1K+6a9Z9aETDciHG8ZOsLS+X8APzPows/ha+GyCbFoklo3EZtxGwiuj1
H8HUhc1Ul9orVZGBW6QvJH9ifdzsXJWEstZ/aY3d2bkmWDlC9Y9EEwIarWC6bpTF
YT3JDFKEBWCHME3P6uBm1h0jNqMowXeN9mDxMajAsGtqJ114SA4RAz4OuC8gxHZx
OpaAKPWTNhuGZaGL2tBrhRwfj1tuLkl9/n5kdIxH6JJOzDjNrtfSmRAbs0r/Z8bz
AmGIcVfYaMUvZ2t+pqaAQTC3WjCghrwgpUPPNyzO5HM5Y/uPANhcqefUYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZjXYepWmcclQgv4PNph56DdLI4MB8GA1UdIwQY
MBaAFCmzpxdmWhE36Z3I+tIuPn+Y24lzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgt
NjY5ZjdhNzYxNjMxLzEvVm1OZGg2bGFaeHlWQ0NfZzgybUhub04wc2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgtNjY5ZjdhNzYxNjMx
LzEvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UCXMA0G
CSqGSIb3DQEBCwUAA4IBAQCv7kguNzLYv9CJl1gsV0NyjOJ2P2IqTbMOJbQkOm+4
L4Dzcw4u3AiR6BHoqYaHCYj6OxGVqb+JSf4E0rLx8S9bhyfqgaZq9Lxt2dqBlafn
fb2oxlAgaEBmsTx6Omf7PrD3AuHC5PGo2gLVLlL6TSGzHS6FTIeWck5F9booQeOr
f3wZgREjq4eEzBhgCCTeyG8QKlkO1hUMJVzSpyiq2SAD91vLLoESmKCTB7rGigFs
3cDvlfCXlxODnvpvU1WwpANXV8RSzCoDdzi8EveqOcqVYUDLBBVxef8f9/RUP1h7
GDgi/rAh6cRv45SPhmHy5JeoA+h3N/CbAo3bRsIdfySu
-----END CERTIFICATE-----