This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d78d1-3e0c-4c1a-a141-74e218d4b613/1/vaFLq2PS-Ze0CGgub62mzNljBjk.roa
File:                     vaFLq2PS-Ze0CGgub62mzNljBjk.roa (raw, json)
Hash identifier:          /5UMsBynyn/kGaKMuuHPXeXo9vSUE24CvsJczMrXDeA=
Subject key identifier:   BD:A1:4B:AB:63:D2:F9:97:B4:08:68:2E:6F:AD:A6:CC:D9:63:06:39
Certificate issuer:       /CN=81062dce1a791e7341d5f4259811ab4d65f6b075
Certificate serial:       019B7B35D5E78DB5BC1B9D07AB85CA18DE99
Authority key identifier: 81:06:2D:CE:1A:79:1E:73:41:D5:F4:25:98:11:AB:4D:65:F6:B0:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQYtzhp5HnNB1fQlmBGrTWX2sHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d78d1-3e0c-4c1a-a141-74e218d4b613/1/vaFLq2PS-Ze0CGgub62mzNljBjk.roa
Signing time:             Thu 01 Jan 2026 20:18:04 +0000
ROA not before:           Thu 01 Jan 2026 20:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199189
IP address blocks:        89.22.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d78d1-3e0c-4c1a-a141-74e218d4b613/1/gQYtzhp5HnNB1fQlmBGrTWX2sHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d78d1-3e0c-4c1a-a141-74e218d4b613/1/gQYtzhp5HnNB1fQlmBGrTWX2sHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQYtzhp5HnNB1fQlmBGrTWX2sHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:d5:e7:8d:b5:bc:1b:9d:07:ab:85:ca:18:de:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81062dce1a791e7341d5f4259811ab4d65f6b075
        Validity
            Not Before: Jan  1 20:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bda14bab63d2f997b408682e6fada6ccd9630639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:54:91:c9:f1:4a:73:a1:21:0c:99:5d:4b:c4:
                    e3:dc:4e:c4:d5:3c:ab:34:e9:1a:d0:ce:57:b2:32:
                    b5:2e:5a:93:a5:a3:74:76:0e:be:f3:33:c9:7a:d2:
                    8a:f8:60:32:5a:01:76:b9:70:bd:01:c5:97:ce:20:
                    d6:68:11:41:f5:fc:97:75:54:d4:4a:2a:0c:c1:16:
                    08:a5:4c:6b:d9:e9:9b:3f:73:52:61:42:e1:fd:93:
                    c6:b0:e9:7a:dd:03:a1:53:3a:b6:fd:78:67:a0:5b:
                    19:b3:29:df:e8:a5:73:c9:36:89:a1:ae:6b:db:81:
                    d0:11:b8:c5:82:d6:4a:bc:76:e1:10:50:44:a7:20:
                    29:2a:f3:a3:a2:6f:0c:30:05:de:b7:d3:88:a7:af:
                    7a:be:0a:41:af:ee:d5:8e:9b:27:77:3c:57:31:c7:
                    3e:a0:68:25:00:73:8e:78:2d:60:c4:c1:41:bb:4e:
                    7f:9b:a6:ad:20:5c:38:f8:53:43:a5:88:ac:25:3f:
                    4f:69:08:e3:46:4c:e9:17:17:ba:92:64:2e:58:26:
                    06:61:d0:46:0e:47:da:bf:f6:0c:f3:27:50:f7:c2:
                    e0:c8:1b:a8:22:df:ea:31:f7:c4:43:91:fe:da:c3:
                    14:a7:34:52:3f:70:e0:8a:8f:83:96:dc:bc:23:40:
                    c4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A1:4B:AB:63:D2:F9:97:B4:08:68:2E:6F:AD:A6:CC:D9:63:06:39
            X509v3 Authority Key Identifier:
                keyid:81:06:2D:CE:1A:79:1E:73:41:D5:F4:25:98:11:AB:4D:65:F6:B0:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQYtzhp5HnNB1fQlmBGrTWX2sHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d78d1-3e0c-4c1a-a141-74e218d4b613/1/vaFLq2PS-Ze0CGgub62mzNljBjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d78d1-3e0c-4c1a-a141-74e218d4b613/1/gQYtzhp5HnNB1fQlmBGrTWX2sHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.22.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:c4:91:30:9e:ca:a7:db:e9:f3:31:b7:34:31:5c:a1:17:0a:
         ec:40:56:aa:f0:80:26:2b:46:3a:35:91:40:71:7f:05:13:db:
         c8:34:1a:51:2f:23:9f:c4:96:28:2b:40:e8:4b:79:7e:70:b6:
         5c:32:cb:89:d0:a4:a9:10:5a:cc:c9:c8:26:20:48:e5:c9:50:
         7c:74:4e:f4:3f:19:31:90:51:d5:30:7f:c6:bb:58:b4:7f:66:
         fb:cd:d8:c6:31:18:10:f7:2c:5a:95:57:51:2d:03:74:9e:8d:
         6a:dd:fc:10:14:dd:7e:89:d4:6c:27:c0:00:c9:c6:2e:15:06:
         83:7b:f5:0e:1d:ca:71:81:73:dc:c3:51:57:c7:cc:44:83:67:
         54:b7:34:6f:e0:6e:88:da:95:53:20:4e:d2:8d:78:5e:27:98:
         16:72:a9:b9:92:b6:e4:c4:a2:ce:66:5a:6c:30:52:d6:af:04:
         62:56:5b:31:b3:5f:e5:e5:19:68:26:0b:bd:30:6f:32:b8:7e:
         ce:e8:57:d2:f2:2d:3d:c2:85:1a:0e:91:c1:01:8d:4b:65:de:
         dc:c3:8c:21:a9:6a:ee:ae:38:2d:a6:1d:c3:3e:73:ef:a9:b7:
         7c:20:79:ef:02:d4:7c:57:8d:f3:00:ff:37:77:15:d7:65:9b:
         e8:c3:6a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NdXnjbW8G50Hq4XKGN6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMDYyZGNlMWE3OTFlNzM0MWQ1ZjQyNTk4MTFhYjRkNjVm
NmIwNzUwHhcNMjYwMTAxMjAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGExNGJhYjYzZDJmOTk3YjQwODY4MmU2ZmFkYTZjY2Q5NjMwNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFSRyfFKc6EhDJldS8Tj3E7E1Tyr
NOka0M5XsjK1LlqTpaN0dg6+8zPJetKK+GAyWgF2uXC9AcWXziDWaBFB9fyXdVTU
SioMwRYIpUxr2embP3NSYULh/ZPGsOl63QOhUzq2/XhnoFsZsynf6KVzyTaJoa5r
24HQEbjFgtZKvHbhEFBEpyApKvOjom8MMAXet9OIp696vgpBr+7VjpsndzxXMcc+
oGglAHOOeC1gxMFBu05/m6atIFw4+FNDpYisJT9PaQjjRkzpFxe6kmQuWCYGYdBG
Dkfav/YM8ydQ98LgyBuoIt/qMffEQ5H+2sMUpzRSP3Dgio+Dlty8I0DEYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2hS6tj0vmXtAhoLm+tpszZYwY5MB8GA1UdIwQY
MBaAFIEGLc4aeR5zQdX0JZgRq01l9rB1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1FZdHpocDVIbk5CMWZRbG1CR3JUV1gyc0hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDc4ZDEtM2UwYy00YzFhLWExNDEt
NzRlMjE4ZDRiNjEzLzEvdmFGTHEyUFMtWmUwQ0dndWI2Mm16TmxqQmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDc4ZDEtM2UwYy00YzFhLWExNDEtNzRlMjE4ZDRiNjEz
LzEvZ1FZdHpocDVIbk5CMWZRbG1CR3JUV1gyc0hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRYxMA0G
CSqGSIb3DQEBCwUAA4IBAQBUxJEwnsqn2+nzMbc0MVyhFwrsQFaq8IAmK0Y6NZFA
cX8FE9vINBpRLyOfxJYoK0DoS3l+cLZcMsuJ0KSpEFrMycgmIEjlyVB8dE70Pxkx
kFHVMH/Gu1i0f2b7zdjGMRgQ9yxalVdRLQN0no1q3fwQFN1+idRsJ8AAycYuFQaD
e/UOHcpxgXPcw1FXx8xEg2dUtzRv4G6I2pVTIE7SjXheJ5gWcqm5krbkxKLOZlps
MFLWrwRiVlsxs1/l5RloJgu9MG8yuH7O6FfS8i09woUaDpHBAY1LZd7cw4whqWru
rjgtph3DPnPvqbd8IHnvAtR8V43zAP83dxXXZZvow2o4
-----END CERTIFICATE-----