This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/c5cd96-b9d2-434b-a431-1c35fbce9616/1/_VYu2mv6bKW7U-bqoazVPbuNZw0.roa
File:                     _VYu2mv6bKW7U-bqoazVPbuNZw0.roa (raw, json)
Hash identifier:          jBfKqmXGL7y6Zilv4tkveGpy7JudLuPoH0FpKfvCBu4=
Subject key identifier:   FD:56:2E:DA:6B:FA:6C:A5:BB:53:E6:EA:A1:AC:D5:3D:BB:8D:67:0D
Certificate issuer:       /CN=d191ceae1ff88ada8e0e2f9550675d15332891e4
Certificate serial:       019BDF2A7A5CCE4D601219E789686E1927C4
Authority key identifier: D1:91:CE:AE:1F:F8:8A:DA:8E:0E:2F:95:50:67:5D:15:33:28:91:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ZHOrh_4itqODi-VUGddFTMokeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/c5cd96-b9d2-434b-a431-1c35fbce9616/1/_VYu2mv6bKW7U-bqoazVPbuNZw0.roa
Signing time:             Wed 21 Jan 2026 06:07:41 +0000
ROA not before:           Wed 21 Jan 2026 06:07:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213793
IP address blocks:        195.137.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/c5cd96-b9d2-434b-a431-1c35fbce9616/1/0ZHOrh_4itqODi-VUGddFTMokeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/c5cd96-b9d2-434b-a431-1c35fbce9616/1/0ZHOrh_4itqODi-VUGddFTMokeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ZHOrh_4itqODi-VUGddFTMokeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:df:2a:7a:5c:ce:4d:60:12:19:e7:89:68:6e:19:27:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d191ceae1ff88ada8e0e2f9550675d15332891e4
        Validity
            Not Before: Jan 21 06:07:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd562eda6bfa6ca5bb53e6eaa1acd53dbb8d670d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:27:36:bb:5b:7d:a4:ce:bf:22:02:35:fb:d5:
                    5d:c4:65:8c:0b:38:84:dc:1a:77:a6:78:45:19:86:
                    55:4f:25:9d:61:19:4a:c1:20:ee:c7:51:6c:fb:14:
                    f3:e9:80:04:df:fb:1e:ec:9d:94:38:63:ed:ae:7d:
                    19:b3:80:ad:f2:a3:ad:34:43:e7:ce:16:c1:3f:4c:
                    cc:7c:73:c7:29:37:b1:f7:d8:d7:73:0c:51:89:e8:
                    be:28:5c:ae:e9:07:3b:26:60:21:3f:a2:7e:90:61:
                    43:22:79:6f:48:2a:a8:d6:93:aa:61:55:72:46:1c:
                    92:ac:bd:9f:06:aa:ed:9c:de:0c:02:7b:54:a6:41:
                    85:09:99:12:0e:ca:6b:3e:8f:7a:0f:29:e9:23:1f:
                    34:77:fc:29:73:69:71:32:1c:58:b1:9e:ac:5f:a1:
                    4a:f1:7b:f7:69:09:eb:2c:3d:c3:c3:bb:0a:50:59:
                    c0:4a:93:fa:f9:d3:01:10:12:39:d7:f0:7f:f4:c0:
                    e9:91:c2:f9:bc:a4:c6:6c:9b:d9:78:c4:68:44:2f:
                    fa:bf:02:b9:ec:17:b3:b7:15:3e:7e:5b:b9:d5:74:
                    52:cc:c5:2d:68:3e:e9:05:3b:13:ca:af:0f:56:eb:
                    96:0b:f1:22:79:a6:b4:38:45:98:cb:e4:37:9c:a7:
                    34:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:56:2E:DA:6B:FA:6C:A5:BB:53:E6:EA:A1:AC:D5:3D:BB:8D:67:0D
            X509v3 Authority Key Identifier:
                keyid:D1:91:CE:AE:1F:F8:8A:DA:8E:0E:2F:95:50:67:5D:15:33:28:91:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ZHOrh_4itqODi-VUGddFTMokeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/c5cd96-b9d2-434b-a431-1c35fbce9616/1/_VYu2mv6bKW7U-bqoazVPbuNZw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/c5cd96-b9d2-434b-a431-1c35fbce9616/1/0ZHOrh_4itqODi-VUGddFTMokeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f4:55:c4:93:a1:11:51:57:91:19:e4:7b:73:cd:c9:aa:25:
         ba:e9:eb:10:18:56:f8:43:95:d4:13:5f:8d:95:59:38:ad:14:
         b2:7b:57:dd:ba:ad:6e:5b:02:51:b1:2d:6a:f1:fa:7d:63:a7:
         ba:ab:ca:23:d1:54:6e:26:4c:ff:68:a3:04:6a:1e:fe:92:6d:
         f3:99:a7:c8:f5:f1:66:01:43:ee:bd:d6:23:e8:ba:f0:e2:2d:
         fa:53:f6:52:f1:6d:30:d7:3b:76:7b:87:af:e1:e5:22:97:80:
         0b:a5:66:ef:35:0f:6c:87:4e:20:88:0c:4a:50:59:04:5a:a1:
         03:bc:58:29:16:8b:3f:aa:b6:09:0e:4c:af:b3:0f:4e:90:ed:
         d0:eb:0c:9c:79:ad:a0:4c:b7:53:90:44:af:a0:77:7f:cc:90:
         82:9d:2f:fb:27:d6:37:b6:d6:1d:c8:68:1a:c6:f9:b1:b1:e9:
         88:8e:12:0e:2e:86:87:45:13:93:17:ea:78:62:d1:4b:b0:f4:
         38:6c:94:92:bb:3c:f8:f3:fb:06:a6:0a:16:da:c8:18:cf:09:
         7f:f0:55:61:2f:c2:40:43:16:e2:87:10:53:50:ba:c4:46:24:
         27:13:9f:e8:57:ba:15:3a:68:24:5b:4e:47:94:59:d9:2f:cc:
         23:72:4e:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvfKnpczk1gEhnniWhuGSfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxOTFjZWFlMWZmODhhZGE4ZTBlMmY5NTUwNjc1ZDE1MzMy
ODkxZTQwHhcNMjYwMTIxMDYwNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDU2MmVkYTZiZmE2Y2E1YmI1M2U2ZWFhMWFjZDUzZGJiOGQ2NzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCc2u1t9pM6/IgI1+9VdxGWMCziE
3Bp3pnhFGYZVTyWdYRlKwSDux1Fs+xTz6YAE3/se7J2UOGPtrn0Zs4Ct8qOtNEPn
zhbBP0zMfHPHKTex99jXcwxRiei+KFyu6Qc7JmAhP6J+kGFDInlvSCqo1pOqYVVy
RhySrL2fBqrtnN4MAntUpkGFCZkSDsprPo96DynpIx80d/wpc2lxMhxYsZ6sX6FK
8Xv3aQnrLD3Dw7sKUFnASpP6+dMBEBI51/B/9MDpkcL5vKTGbJvZeMRoRC/6vwK5
7BeztxU+flu51XRSzMUtaD7pBTsTyq8PVuuWC/Eieaa0OEWYy+Q3nKc0VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1WLtpr+mylu1Pm6qGs1T27jWcNMB8GA1UdIwQY
MBaAFNGRzq4f+Irajg4vlVBnXRUzKJHkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFpIT3JoXzRpdHFPRGktVlVHZGRGVE1va2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9jNWNkOTYtYjlkMi00MzRiLWE0MzEt
MWMzNWZiY2U5NjE2LzEvX1ZZdTJtdjZiS1c3VS1icW9helZQYnVOWncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9jNWNkOTYtYjlkMi00MzRiLWE0MzEtMWMzNWZiY2U5NjE2
LzEvMFpIT3JoXzRpdHFPRGktVlVHZGRGVE1va2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4mtMA0G
CSqGSIb3DQEBCwUAA4IBAQCm9FXEk6ERUVeRGeR7c83JqiW66esQGFb4Q5XUE1+N
lVk4rRSye1fduq1uWwJRsS1q8fp9Y6e6q8oj0VRuJkz/aKMEah7+km3zmafI9fFm
AUPuvdYj6Lrw4i36U/ZS8W0w1zt2e4ev4eUil4ALpWbvNQ9sh04giAxKUFkEWqED
vFgpFos/qrYJDkyvsw9OkO3Q6wycea2gTLdTkESvoHd/zJCCnS/7J9Y3ttYdyGga
xvmxsemIjhIOLoaHRROTF+p4YtFLsPQ4bJSSuzz48/sGpgoW2sgYzwl/8FVhL8JA
QxbihxBTULrERiQnE5/oV7oVOmgkW05HlFnZL8wjck7z
-----END CERTIFICATE-----