This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vrcTV9T60dw5CNY2Khhi6KZnqHk.roa
File:                     vrcTV9T60dw5CNY2Khhi6KZnqHk.roa (raw, json)
Hash identifier:          ix8gZjImI2UbE6/f3JbGRhO6BlyOiB3BG+MN7icZDoA=
Subject key identifier:   BE:B7:13:57:D4:FA:D1:DC:39:08:D6:36:2A:18:62:E8:A6:67:A8:79
Certificate issuer:       /CN=bc48260763a11e77b0b5d7dd202ba4cc300538b1
Certificate serial:       019B7F85555BA67C9AA12798A48F8B7A9D40
Authority key identifier: BC:48:26:07:63:A1:1E:77:B0:B5:D7:DD:20:2B:A4:CC:30:05:38:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEgmB2OhHnewtdfdICukzDAFOLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vrcTV9T60dw5CNY2Khhi6KZnqHk.roa
Signing time:             Fri 02 Jan 2026 16:23:23 +0000
ROA not before:           Fri 02 Jan 2026 16:23:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196928
IP address blocks:        109.197.40.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vEgmB2OhHnewtdfdICukzDAFOLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vEgmB2OhHnewtdfdICukzDAFOLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEgmB2OhHnewtdfdICukzDAFOLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:55:5b:a6:7c:9a:a1:27:98:a4:8f:8b:7a:9d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc48260763a11e77b0b5d7dd202ba4cc300538b1
        Validity
            Not Before: Jan  2 16:23:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=beb71357d4fad1dc3908d6362a1862e8a667a879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:04:0c:61:0b:86:fc:7b:ef:2f:df:b0:f1:2b:
                    20:04:fe:84:f3:a1:f9:a9:4f:b3:49:a4:1a:f4:53:
                    38:ca:cc:ff:ca:21:a2:d0:8c:db:a1:ea:f1:0f:3f:
                    32:54:d0:d6:8a:df:bb:3d:0f:54:82:2e:f3:7b:3a:
                    87:6d:f4:27:f2:50:ee:48:91:df:30:b5:36:34:c5:
                    77:1e:84:37:79:ae:89:e8:37:ca:1d:b5:c1:33:52:
                    62:0e:c0:27:84:b5:fa:2f:15:42:87:7d:b4:2b:f7:
                    4e:84:0b:d7:6f:4e:ab:16:90:53:70:bc:f0:27:68:
                    69:dc:7b:45:22:2e:ed:d7:28:e1:d4:7e:57:e6:c6:
                    5d:bd:c0:6d:a5:5d:ea:18:59:98:18:a0:cd:e4:81:
                    a7:8f:c4:2b:7e:ca:28:52:42:7e:f6:04:9b:96:b2:
                    2a:f7:ac:20:0d:b8:6d:3c:f4:9a:77:6f:68:f2:aa:
                    02:2e:92:e1:1c:87:a6:4c:71:77:63:e0:a1:5b:44:
                    21:bb:7f:f4:be:22:81:3c:a1:30:9e:fb:63:41:d3:
                    35:89:d2:2c:af:22:f5:8b:ed:98:d4:ee:93:fe:24:
                    2e:5f:de:7b:93:76:4d:6a:eb:35:c2:e7:e6:64:1d:
                    57:6c:11:fc:34:f8:20:bb:c2:8a:55:6d:0d:3d:41:
                    bf:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B7:13:57:D4:FA:D1:DC:39:08:D6:36:2A:18:62:E8:A6:67:A8:79
            X509v3 Authority Key Identifier:
                keyid:BC:48:26:07:63:A1:1E:77:B0:B5:D7:DD:20:2B:A4:CC:30:05:38:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEgmB2OhHnewtdfdICukzDAFOLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vrcTV9T60dw5CNY2Khhi6KZnqHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/93edc5-cdeb-463e-87b4-9ab5765d5bb6/1/vEgmB2OhHnewtdfdICukzDAFOLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         28:3a:5f:49:4d:84:ef:14:45:1a:1a:64:a2:ba:9a:36:0a:bd:
         cd:de:24:0f:27:f6:fa:b0:c1:c5:dd:77:53:81:14:38:a0:d7:
         59:15:da:83:5c:ea:91:ac:37:fb:bf:eb:3b:b8:16:23:46:63:
         e4:b3:58:09:4d:12:8b:9f:37:9d:0f:65:54:f2:f0:76:c5:e7:
         90:9a:d8:70:1e:ef:72:9f:1c:5e:b6:51:93:66:86:6e:52:d6:
         c9:c2:6d:28:85:1c:6e:65:4e:ab:c7:e8:8c:d2:fe:15:ba:ed:
         30:65:ca:6a:31:83:66:b8:a0:63:90:fc:a8:72:37:6d:79:d3:
         97:a5:f7:16:80:8e:ae:b6:a3:d8:3d:ea:4f:c5:47:54:05:a0:
         60:d8:b7:16:02:60:8c:71:97:ae:ec:3e:f8:51:af:4c:4e:22:
         8a:dd:4e:62:bd:f3:04:fe:11:5e:a3:cb:7b:53:9a:9a:9b:81:
         40:a4:73:a9:de:55:7d:14:28:5b:59:fc:d2:62:31:38:27:2a:
         1e:4f:af:1e:a9:cd:72:02:5d:3d:4f:78:62:f9:b2:f5:3c:99:
         fa:bb:85:14:5a:bc:80:75:19:4b:01:b6:15:ea:19:f5:3f:5a:
         87:c8:7b:88:01:a4:d4:94:bd:dc:10:b0:26:82:89:6f:07:be:
         58:b9:19:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hVVbpnyaoSeYpI+Lep1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDgyNjA3NjNhMTFlNzdiMGI1ZDdkZDIwMmJhNGNjMzAw
NTM4YjEwHhcNMjYwMTAyMTYyMzIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWI3MTM1N2Q0ZmFkMWRjMzkwOGQ2MzYyYTE4NjJlOGE2NjdhODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAQMYQuG/HvvL9+w8SsgBP6E86H5
qU+zSaQa9FM4ysz/yiGi0IzboerxDz8yVNDWit+7PQ9Ugi7zezqHbfQn8lDuSJHf
MLU2NMV3HoQ3ea6J6DfKHbXBM1JiDsAnhLX6LxVCh320K/dOhAvXb06rFpBTcLzw
J2hp3HtFIi7t1yjh1H5X5sZdvcBtpV3qGFmYGKDN5IGnj8QrfsooUkJ+9gSblrIq
96wgDbhtPPSad29o8qoCLpLhHIemTHF3Y+ChW0Qhu3/0viKBPKEwnvtjQdM1idIs
ryL1i+2Y1O6T/iQuX957k3ZNaus1wufmZB1XbBH8NPggu8KKVW0NPUG/oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL63E1fU+tHcOQjWNioYYuimZ6h5MB8GA1UdIwQY
MBaAFLxIJgdjoR53sLXX3SArpMwwBTixMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVnbUIyT2hIbmV3dGRmZElDdWt6REFGT0xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC85M2VkYzUtY2RlYi00NjNlLTg3YjQt
OWFiNTc2NWQ1YmI2LzEvdnJjVFY5VDYwZHc1Q05ZMktoaGk2S1pucUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC85M2VkYzUtY2RlYi00NjNlLTg3YjQtOWFiNTc2NWQ1YmI2
LzEvdkVnbUIyT2hIbmV3dGRmZElDdWt6REFGT0xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbcUoMA0G
CSqGSIb3DQEBCwUAA4IBAQAoOl9JTYTvFEUaGmSiupo2Cr3N3iQPJ/b6sMHF3XdT
gRQ4oNdZFdqDXOqRrDf7v+s7uBYjRmPks1gJTRKLnzedD2VU8vB2xeeQmthwHu9y
nxxetlGTZoZuUtbJwm0ohRxuZU6rx+iM0v4Vuu0wZcpqMYNmuKBjkPyocjdtedOX
pfcWgI6utqPYPepPxUdUBaBg2LcWAmCMcZeu7D74Ua9MTiKK3U5ivfME/hFeo8t7
U5qam4FApHOp3lV9FChbWfzSYjE4JyoeT68eqc1yAl09T3hi+bL1PJn6u4UUWryA
dRlLAbYV6hn1P1qHyHuIAaTUlL3cELAmgolvB75YuRnU
-----END CERTIFICATE-----