This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/vdeOE68JCxA2qDGDfgLgmO3Bfs0.roa
File:                     vdeOE68JCxA2qDGDfgLgmO3Bfs0.roa (raw, json)
Hash identifier:          10c4GnmE7vgeIm6c0nFPmv+D20ejW4t0/9acRWtXi5Q=
Subject key identifier:   BD:D7:8E:13:AF:09:0B:10:36:A8:31:83:7E:02:E0:98:ED:C1:7E:CD
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F83A59EF1FBB129F40127098872DA47
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/vdeOE68JCxA2qDGDfgLgmO3Bfs0.roa
Signing time:             Fri 02 Jan 2026 16:21:32 +0000
ROA not before:           Fri 02 Jan 2026 16:21:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59960
IP address blocks:        141.101.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:a5:9e:f1:fb:b1:29:f4:01:27:09:88:72:da:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdd78e13af090b1036a831837e02e098edc17ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3d:57:f3:3b:0d:c4:2c:56:23:5c:30:fb:bb:
                    0c:71:60:d6:ef:4f:db:14:98:df:88:57:76:7c:20:
                    8d:85:3a:a4:50:6f:6a:58:c9:34:49:21:33:fd:c3:
                    73:19:cc:a0:e1:6a:22:bc:d9:37:75:67:2a:10:4e:
                    51:11:d3:91:a7:cf:f0:36:ad:83:07:1d:ae:da:aa:
                    50:19:34:6c:5d:d3:82:3e:8c:99:24:0a:3f:b1:6c:
                    2a:5e:11:3b:99:b4:12:55:34:89:51:8a:21:19:f4:
                    96:87:58:e7:e9:25:1d:c0:b9:a9:a0:eb:4c:ad:ed:
                    6c:17:dd:b9:48:89:34:29:2c:db:5c:33:83:67:13:
                    b9:6d:25:2a:5b:01:d9:68:b6:1e:5c:03:07:37:96:
                    d0:fe:bb:a7:bb:11:8b:61:d5:be:93:7c:54:da:5f:
                    37:06:ac:0c:0b:72:84:4c:e3:cc:eb:1a:a7:26:d3:
                    2d:09:6d:df:9f:73:81:b1:fc:e4:ca:04:b1:7c:de:
                    a0:80:92:fc:cb:65:3f:7c:ac:0f:46:44:ba:aa:88:
                    33:e6:34:83:48:14:f7:29:2e:af:db:83:9e:59:8d:
                    5e:a0:46:44:4d:27:69:9b:94:c8:99:c5:21:9e:41:
                    7c:34:a1:51:c5:d1:06:44:f2:e7:e3:ed:ed:8a:82:
                    16:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D7:8E:13:AF:09:0B:10:36:A8:31:83:7E:02:E0:98:ED:C1:7E:CD
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/vdeOE68JCxA2qDGDfgLgmO3Bfs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:49:7d:36:0c:be:87:15:a5:21:b0:1d:01:3f:30:d6:56:66:
         cf:64:48:a6:24:b2:da:dc:0a:a5:0a:4e:5d:e8:29:1a:83:22:
         34:ef:c2:c5:2e:69:98:7f:87:c9:ce:12:43:d5:d5:ab:71:16:
         17:8d:da:09:d2:32:08:a8:25:85:cb:b3:8a:8b:22:af:4b:7c:
         ed:ba:ec:56:73:54:38:0f:db:c0:25:39:f4:da:d4:19:de:1c:
         99:9c:d6:55:be:e1:54:f2:a5:d3:94:a3:f9:2f:a0:f1:c9:c5:
         68:d9:8c:16:08:2e:c1:ea:4b:5f:e1:a8:cd:3d:89:e3:5e:a3:
         05:79:d6:31:cc:cb:93:f2:1f:6c:a6:77:26:db:42:ab:d1:13:
         24:5b:cf:27:1c:c7:0d:18:3b:f8:75:18:f3:d0:eb:c3:62:45:
         31:da:9b:c7:d2:e1:67:5e:05:ee:82:8f:76:09:b5:ed:d1:f8:
         44:09:ee:1f:95:72:f6:ad:dc:3a:01:2e:c5:2d:d8:5c:58:90:
         98:27:31:02:ab:24:70:55:8f:1b:b2:45:64:4c:dd:b7:89:d0:
         6d:d7:af:9a:9a:31:1e:3a:05:09:10:34:6b:2d:04:cd:50:00:
         a4:0c:54:dd:e1:78:57:14:2b:cd:58:0f:68:27:72:cc:7a:8f:
         bd:dd:ed:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g6We8fuxKfQBJwmIctpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGQ3OGUxM2FmMDkwYjEwMzZhODMxODM3ZTAyZTA5OGVkYzE3ZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT1X8zsNxCxWI1ww+7sMcWDW70/b
FJjfiFd2fCCNhTqkUG9qWMk0SSEz/cNzGcyg4WoivNk3dWcqEE5REdORp8/wNq2D
Bx2u2qpQGTRsXdOCPoyZJAo/sWwqXhE7mbQSVTSJUYohGfSWh1jn6SUdwLmpoOtM
re1sF925SIk0KSzbXDODZxO5bSUqWwHZaLYeXAMHN5bQ/runuxGLYdW+k3xU2l83
BqwMC3KETOPM6xqnJtMtCW3fn3OBsfzkygSxfN6ggJL8y2U/fKwPRkS6qogz5jSD
SBT3KS6v24OeWY1eoEZETSdpm5TImcUhnkF8NKFRxdEGRPLn4+3tioIWbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3XjhOvCQsQNqgxg34C4JjtwX7NMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvdmRlT0U2OEpDeEEycURHRGZnTGdtTzNCZnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWX3MA0G
CSqGSIb3DQEBCwUAA4IBAQCFSX02DL6HFaUhsB0BPzDWVmbPZEimJLLa3AqlCk5d
6CkagyI078LFLmmYf4fJzhJD1dWrcRYXjdoJ0jIIqCWFy7OKiyKvS3ztuuxWc1Q4
D9vAJTn02tQZ3hyZnNZVvuFU8qXTlKP5L6DxycVo2YwWCC7B6ktf4ajNPYnjXqMF
edYxzMuT8h9spncm20Kr0RMkW88nHMcNGDv4dRjz0OvDYkUx2pvH0uFnXgXugo92
CbXt0fhECe4flXL2rdw6AS7FLdhcWJCYJzECqyRwVY8bskVkTN23idBt16+amjEe
OgUJEDRrLQTNUACkDFTd4XhXFCvNWA9oJ3LMeo+93e1h
-----END CERTIFICATE-----