This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/vbIqeSU0561jYPf76GOTQkgqkkU.roa
File:                     vbIqeSU0561jYPf76GOTQkgqkkU.roa (raw, json)
Hash identifier:          I6pxxL2tdL5sG8uXzs35tb/DbPA84Se4ObiynAzOPa8=
Subject key identifier:   BD:B2:2A:79:25:34:E7:AD:63:60:F7:FB:E8:63:93:42:48:2A:92:45
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       019B7E37F21A27D889A422CEE05272391DE8
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/vbIqeSU0561jYPf76GOTQkgqkkU.roa
Signing time:             Fri 02 Jan 2026 10:19:14 +0000
ROA not before:           Fri 02 Jan 2026 10:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8220
IP address blocks:        153.96.140.0/24 maxlen: 24
                          153.96.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:f2:1a:27:d8:89:a4:22:ce:e0:52:72:39:1d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 10:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdb22a792534e7ad6360f7fbe8639342482a9245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e5:de:9c:ca:d2:df:07:8e:9e:bd:42:7e:f7:
                    c4:d3:c7:9b:1c:b9:ca:23:29:a0:ff:c0:ba:45:55:
                    07:1c:ef:fa:2e:21:03:85:fb:30:ef:2a:0b:0a:e6:
                    29:0c:d9:f6:66:3d:93:a9:13:1f:a5:c1:da:53:89:
                    bf:eb:41:1c:b5:33:40:7d:f0:d7:80:5c:f4:16:33:
                    48:59:3c:14:e7:cc:7f:6e:b2:62:b6:12:fe:4f:b7:
                    ea:dc:e0:aa:10:ec:e6:9f:67:04:86:d9:17:66:08:
                    6c:71:88:d0:d3:d1:96:e7:d8:8f:ac:09:6f:67:02:
                    6e:4b:df:97:e6:6b:18:fc:d9:f8:a9:70:b4:34:70:
                    20:f6:95:27:cb:14:15:f8:55:bd:ee:79:78:c2:07:
                    7c:9b:df:57:42:2b:bd:e8:2f:6e:33:d6:74:30:7e:
                    7b:c4:e3:3f:52:e4:04:86:b8:ab:c0:00:cf:db:24:
                    7b:2a:b5:09:30:7d:38:d9:25:83:d4:a8:c9:b7:f7:
                    35:ef:0f:5f:b2:c7:02:c0:f4:a4:cf:76:59:c6:36:
                    e1:5f:33:32:13:c0:1d:6d:fb:36:35:53:90:9e:48:
                    fd:1a:8b:89:1b:8d:19:78:62:71:3e:b4:94:2a:fd:
                    ee:70:ff:c1:97:35:11:bd:9a:d2:97:94:9a:f2:ac:
                    0f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:B2:2A:79:25:34:E7:AD:63:60:F7:FB:E8:63:93:42:48:2A:92:45
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/vbIqeSU0561jYPf76GOTQkgqkkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:9c:53:d2:03:e2:77:d8:f6:c1:2f:33:95:88:c1:03:34:2a:
         37:85:60:ea:0b:cc:0f:e1:78:43:6b:57:d0:d7:4f:9a:f2:79:
         d4:d2:56:ff:e7:01:6f:6f:31:93:89:e3:db:8a:fa:74:70:25:
         6f:b2:ef:88:74:3c:ca:f7:02:25:31:96:b0:45:c8:01:8b:a4:
         77:c0:4a:6e:4c:fc:65:30:c3:ba:84:0c:7e:41:43:bd:55:18:
         d3:08:3e:9f:f5:31:b2:75:4c:d3:6c:36:91:cc:46:15:00:b2:
         14:5c:fc:f0:0e:59:e0:aa:94:78:d3:2b:81:51:2c:42:c3:6d:
         1c:d4:87:2f:3a:81:d3:fa:c4:ad:20:11:ca:70:82:d8:1e:67:
         ec:56:f2:17:8a:5b:86:69:cb:49:a2:78:82:b9:73:ec:05:c8:
         26:2e:d3:fd:84:7b:82:ec:b8:48:23:25:46:df:49:2c:32:4d:
         17:0e:c3:16:d7:87:23:c9:28:c2:e1:1b:57:ac:c1:a6:8b:b4:
         b2:2b:e6:29:50:98:0e:bf:33:e2:ad:2b:23:d9:e8:6b:bf:0d:
         e0:dc:3a:a1:ca:6a:65:6a:b6:42:84:9c:06:da:26:4a:fd:ec:
         58:df:3e:da:b1:5b:d2:51:4d:01:05:48:ed:ac:da:b8:7a:16:
         93:54:0a:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N/IaJ9iJpCLO4FJyOR3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjYwMTAyMTAxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGIyMmE3OTI1MzRlN2FkNjM2MGY3ZmJlODYzOTM0MjQ4MmE5MjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOXenMrS3weOnr1CfvfE08ebHLnK
Iymg/8C6RVUHHO/6LiEDhfsw7yoLCuYpDNn2Zj2TqRMfpcHaU4m/60EctTNAffDX
gFz0FjNIWTwU58x/brJithL+T7fq3OCqEOzmn2cEhtkXZghscYjQ09GW59iPrAlv
ZwJuS9+X5msY/Nn4qXC0NHAg9pUnyxQV+FW97nl4wgd8m99XQiu96C9uM9Z0MH57
xOM/UuQEhrirwADP2yR7KrUJMH042SWD1KjJt/c17w9fsscCwPSkz3ZZxjbhXzMy
E8Adbfs2NVOQnkj9GouJG40ZeGJxPrSUKv3ucP/BlzURvZrSl5Sa8qwPhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2yKnklNOetY2D3++hjk0JIKpJFMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvdmJJcWVTVTA1NjFqWVBmNzZHT1RRa2dxa2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmWCMMA0G
CSqGSIb3DQEBCwUAA4IBAQCnnFPSA+J32PbBLzOViMEDNCo3hWDqC8wP4XhDa1fQ
10+a8nnU0lb/5wFvbzGTiePbivp0cCVvsu+IdDzK9wIlMZawRcgBi6R3wEpuTPxl
MMO6hAx+QUO9VRjTCD6f9TGydUzTbDaRzEYVALIUXPzwDlngqpR40yuBUSxCw20c
1IcvOoHT+sStIBHKcILYHmfsVvIXiluGactJoniCuXPsBcgmLtP9hHuC7LhIIyVG
30ksMk0XDsMW14cjySjC4RtXrMGmi7SyK+YpUJgOvzPirSsj2ehrvw3g3Dqhympl
arZChJwG2iZK/exY3z7asVvSUU0BBUjtrNq4ehaTVAoS
-----END CERTIFICATE-----