This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/VNK9xrc1EHlh_47X-bXBVSsi6Dk.roa
File:                     VNK9xrc1EHlh_47X-bXBVSsi6Dk.roa (raw, json)
Hash identifier:          sg+OCkb5fndiZ8FwlBNBmAX4erTA64UptD+HdwtQH/Q=
Subject key identifier:   54:D2:BD:C6:B7:35:10:79:61:FF:8E:D7:F9:B5:C1:55:2B:22:E8:39
Certificate issuer:       /CN=3728f29cd37d775cd64b225205c3833c3e44d661
Certificate serial:       019B7B36CA771B2D978AA0DEF1B0187D92F3
Authority key identifier: 37:28:F2:9C:D3:7D:77:5C:D6:4B:22:52:05:C3:83:3C:3E:44:D6:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NyjynNN9d1zWSyJSBcODPD5E1mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/VNK9xrc1EHlh_47X-bXBVSsi6Dk.roa
Signing time:             Thu 01 Jan 2026 20:19:06 +0000
ROA not before:           Thu 01 Jan 2026 20:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25220
IP address blocks:        91.220.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/NyjynNN9d1zWSyJSBcODPD5E1mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/NyjynNN9d1zWSyJSBcODPD5E1mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NyjynNN9d1zWSyJSBcODPD5E1mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:ca:77:1b:2d:97:8a:a0:de:f1:b0:18:7d:92:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3728f29cd37d775cd64b225205c3833c3e44d661
        Validity
            Not Before: Jan  1 20:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54d2bdc6b735107961ff8ed7f9b5c1552b22e839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:94:8c:97:f2:62:24:3e:ed:31:d1:c4:08:09:
                    f1:7d:dc:1e:d4:13:8d:ba:88:0a:95:16:28:cd:5a:
                    ee:5f:d1:64:ee:a5:40:51:7b:ed:9e:aa:aa:39:55:
                    2b:51:a2:b9:cf:d3:0a:5e:b0:07:d0:d1:cb:67:df:
                    55:33:81:75:5d:76:1e:43:45:31:c8:1e:95:2e:5a:
                    00:4b:f7:cf:88:08:62:97:ca:13:01:8e:3e:11:14:
                    cf:16:e3:3b:a5:d6:b6:c6:fe:a3:5d:69:28:d1:26:
                    88:a6:ad:e3:ad:61:b8:77:11:59:d3:bd:63:14:b1:
                    8a:cc:1f:74:ae:87:58:52:62:6f:01:cd:e8:14:65:
                    bc:04:73:93:04:48:88:96:19:29:d9:e1:42:2e:e2:
                    38:6c:5e:7b:35:6c:93:02:3c:f8:c0:6d:7d:f5:a0:
                    2f:db:eb:73:20:a9:5a:34:6d:dd:3e:93:38:e4:6a:
                    6c:ca:32:67:98:73:ad:18:23:39:55:50:9b:f4:b6:
                    c0:9b:de:d6:c4:85:9b:d2:77:ef:6e:31:49:bf:86:
                    10:4f:53:db:af:4b:59:0f:02:87:c1:cf:a8:f6:fe:
                    47:f1:94:b7:c0:21:2d:90:85:2a:ed:55:f3:f7:c8:
                    7e:a2:f1:d5:58:af:9d:c4:3d:8f:72:ef:2a:1c:55:
                    00:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:D2:BD:C6:B7:35:10:79:61:FF:8E:D7:F9:B5:C1:55:2B:22:E8:39
            X509v3 Authority Key Identifier:
                keyid:37:28:F2:9C:D3:7D:77:5C:D6:4B:22:52:05:C3:83:3C:3E:44:D6:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NyjynNN9d1zWSyJSBcODPD5E1mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/VNK9xrc1EHlh_47X-bXBVSsi6Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/NyjynNN9d1zWSyJSBcODPD5E1mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:10:17:dd:9e:fd:61:d9:f5:c6:2f:b1:48:8a:ed:b5:d9:a4:
         70:6d:0c:09:3e:5f:f6:38:89:5a:c9:f0:62:71:8d:5b:41:00:
         9d:77:c8:ea:0f:62:26:e7:c9:1c:e6:c1:0f:6e:2a:9e:b5:ee:
         f6:f3:f3:bd:08:83:ed:e7:51:8a:e6:b3:3b:e2:96:48:41:06:
         ad:48:9f:fb:42:21:95:1c:d6:69:ed:ff:e6:72:c9:51:e4:f8:
         b4:84:8b:0f:33:c9:72:aa:f7:b5:d6:d6:37:db:df:7c:1b:62:
         f5:69:cf:1e:0b:77:69:6e:a3:d0:66:99:8e:fe:2b:48:ea:1e:
         07:9a:ad:11:de:1e:02:65:c6:65:43:f4:10:a1:5d:6b:5b:0a:
         9c:7e:d0:09:9f:a2:ce:5b:71:51:0f:46:cd:8e:5f:69:97:25:
         ce:57:e5:08:2c:4a:33:45:78:12:a8:5d:86:6f:d1:e5:7c:7e:
         8d:0e:8f:d5:b0:48:01:a7:40:0b:c9:3b:07:59:83:8d:8f:75:
         23:c3:f6:d3:68:ea:ac:f2:9b:24:78:16:4b:45:9c:30:15:51:
         4a:9e:fe:2e:ac:14:1a:ce:18:dc:4b:42:24:b4:82:19:6e:5d:
         87:92:ca:5f:b8:bc:77:5a:23:8f:00:3a:f6:c0:af:eb:3b:ad:
         ba:ef:5a:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nsp3Gy2XiqDe8bAYfZLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MjhmMjljZDM3ZDc3NWNkNjRiMjI1MjA1YzM4MzNjM2U0
NGQ2NjEwHhcNMjYwMTAxMjAxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGQyYmRjNmI3MzUxMDc5NjFmZjhlZDdmOWI1YzE1NTJiMjJlODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppSMl/JiJD7tMdHECAnxfdwe1BON
uogKlRYozVruX9Fk7qVAUXvtnqqqOVUrUaK5z9MKXrAH0NHLZ99VM4F1XXYeQ0Ux
yB6VLloAS/fPiAhil8oTAY4+ERTPFuM7pda2xv6jXWko0SaIpq3jrWG4dxFZ071j
FLGKzB90rodYUmJvAc3oFGW8BHOTBEiIlhkp2eFCLuI4bF57NWyTAjz4wG199aAv
2+tzIKlaNG3dPpM45GpsyjJnmHOtGCM5VVCb9LbAm97WxIWb0nfvbjFJv4YQT1Pb
r0tZDwKHwc+o9v5H8ZS3wCEtkIUq7VXz98h+ovHVWK+dxD2Pcu8qHFUADwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTSvca3NRB5Yf+O1/m1wVUrIug5MB8GA1UdIwQY
MBaAFDco8pzTfXdc1ksiUgXDgzw+RNZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnlqeW5OTjlkMXpXU3lKU0JjT0RQRDVFMW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMmRmZGQtYjA2Yi00OTM3LWI4ZTgt
MTM4MTdmZGJlYzA0LzEvVk5LOXhyYzFFSGxoXzQ3WC1iWEJWU3NpNkRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMmRmZGQtYjA2Yi00OTM3LWI4ZTgtMTM4MTdmZGJlYzA0
LzEvTnlqeW5OTjlkMXpXU3lKU0JjT0RQRDVFMW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yUMA0G
CSqGSIb3DQEBCwUAA4IBAQASEBfdnv1h2fXGL7FIiu212aRwbQwJPl/2OIlayfBi
cY1bQQCdd8jqD2Im58kc5sEPbiqete728/O9CIPt51GK5rM74pZIQQatSJ/7QiGV
HNZp7f/mcslR5Pi0hIsPM8lyqve11tY32998G2L1ac8eC3dpbqPQZpmO/itI6h4H
mq0R3h4CZcZlQ/QQoV1rWwqcftAJn6LOW3FRD0bNjl9plyXOV+UILEozRXgSqF2G
b9HlfH6NDo/VsEgBp0ALyTsHWYONj3Ujw/bTaOqs8pskeBZLRZwwFVFKnv4urBQa
zhjcS0IktIIZbl2HkspfuLx3WiOPADr2wK/rO62671oB
-----END CERTIFICATE-----