This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/de9615-0bc0-4e5e-8318-fb1d992de001/1/vN94HUAPgmvQh3qxUmTqfU_xu68.roa
File:                     vN94HUAPgmvQh3qxUmTqfU_xu68.roa (raw, json)
Hash identifier:          9/wGgd57yRAqhby3LLSAoNbCoPVWoNBJaPZEuWx53As=
Subject key identifier:   BC:DF:78:1D:40:0F:82:6B:D0:87:7A:B1:52:64:EA:7D:4F:F1:BB:AF
Certificate issuer:       /CN=aa8551e851e69db165c6c632af45f21715512939
Certificate serial:       019B7FF15A7155264E00AB4ACC6B72798CCA
Authority key identifier: AA:85:51:E8:51:E6:9D:B1:65:C6:C6:32:AF:45:F2:17:15:51:29:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qoVR6FHmnbFlxsYyr0XyFxVRKTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/de9615-0bc0-4e5e-8318-fb1d992de001/1/vN94HUAPgmvQh3qxUmTqfU_xu68.roa
Signing time:             Fri 02 Jan 2026 18:21:22 +0000
ROA not before:           Fri 02 Jan 2026 18:21:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        176.221.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/de9615-0bc0-4e5e-8318-fb1d992de001/1/qoVR6FHmnbFlxsYyr0XyFxVRKTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/de9615-0bc0-4e5e-8318-fb1d992de001/1/qoVR6FHmnbFlxsYyr0XyFxVRKTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qoVR6FHmnbFlxsYyr0XyFxVRKTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:5a:71:55:26:4e:00:ab:4a:cc:6b:72:79:8c:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa8551e851e69db165c6c632af45f21715512939
        Validity
            Not Before: Jan  2 18:21:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bcdf781d400f826bd0877ab15264ea7d4ff1bbaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:44:0b:2b:87:3e:ca:f8:a7:dd:84:de:11:ca:
                    33:7c:a9:81:5f:bf:f6:eb:fb:b9:d3:ff:6b:ea:a0:
                    da:70:e8:73:7b:89:1e:a3:57:86:34:37:a8:8a:c0:
                    6a:ac:7e:0b:1c:d9:c6:75:fb:b3:a3:d3:7c:af:60:
                    c2:2a:1a:1e:f3:ba:af:34:0e:b1:87:53:bc:c7:50:
                    a6:6f:4e:c8:37:36:92:33:b1:1f:e7:4a:58:dc:e9:
                    29:7a:20:ee:54:df:71:9d:73:34:93:e4:96:5b:13:
                    57:07:f3:aa:eb:ed:c1:48:e7:c0:3c:dd:a0:f1:f9:
                    0a:75:3d:76:40:42:95:b9:b0:b5:e1:89:c2:46:90:
                    60:4c:a8:59:89:ed:c1:0d:f8:4c:71:50:d2:a3:54:
                    6b:aa:5c:cf:e9:a5:b0:f7:7a:ef:b4:19:22:03:cf:
                    cf:1c:d5:55:4f:3a:2a:c4:91:15:87:4b:e4:a8:bc:
                    1e:dc:59:09:d6:2b:d0:7f:46:f0:40:48:6e:fd:af:
                    7a:05:fd:41:6a:f6:bf:5c:98:af:2e:24:64:23:69:
                    44:38:67:e8:53:55:91:74:a5:55:67:36:82:f2:1c:
                    28:d5:eb:14:99:12:d6:b7:19:ab:e1:e3:78:68:8d:
                    54:88:18:b8:8b:f2:5f:85:f2:cb:73:8d:ba:a9:5f:
                    d6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DF:78:1D:40:0F:82:6B:D0:87:7A:B1:52:64:EA:7D:4F:F1:BB:AF
            X509v3 Authority Key Identifier:
                keyid:AA:85:51:E8:51:E6:9D:B1:65:C6:C6:32:AF:45:F2:17:15:51:29:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoVR6FHmnbFlxsYyr0XyFxVRKTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/de9615-0bc0-4e5e-8318-fb1d992de001/1/vN94HUAPgmvQh3qxUmTqfU_xu68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/de9615-0bc0-4e5e-8318-fb1d992de001/1/qoVR6FHmnbFlxsYyr0XyFxVRKTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.221.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:a2:fb:df:20:cc:fa:19:24:24:0a:ce:7b:d5:39:6f:9a:3d:
         34:42:19:16:22:33:64:25:ec:25:0a:15:46:48:8e:a9:67:2a:
         73:1f:ac:23:48:08:76:35:6b:1e:b0:a1:07:3c:51:39:1e:bd:
         f5:5d:7e:1a:76:6a:6a:8f:e0:2e:79:ac:77:c9:cb:1c:23:46:
         c7:73:71:87:6f:41:9b:37:a4:45:82:5e:79:30:37:9c:8f:09:
         34:bd:87:95:16:71:9b:d4:5c:4b:18:fc:e8:bb:ae:3d:94:22:
         e1:11:82:41:b5:cf:b0:29:1d:f2:4a:b6:e6:76:76:42:57:90:
         27:a9:21:1a:5a:32:9d:aa:4f:69:0b:4e:d9:8f:7f:df:8c:13:
         dc:05:e9:2c:a1:62:d2:c5:c4:5b:94:ef:b8:ad:51:ae:01:ca:
         b6:ad:cd:77:a6:d5:82:68:fd:9f:fc:0c:1c:e4:51:24:79:40:
         02:e8:7c:e0:53:25:7b:eb:bc:f8:ea:b6:eb:ee:cb:ae:7a:f7:
         e2:85:8a:93:28:3f:e9:2d:ba:03:3d:f8:73:2f:ed:ea:0b:d1:
         80:b0:3e:9b:24:33:eb:b2:dd:3d:cd:52:06:fe:66:48:2e:15:
         0a:25:b8:67:4e:97:66:ce:12:1b:1c:dd:6d:c5:c0:63:3a:08:
         0e:fc:b1:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8VpxVSZOAKtKzGtyeYzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhODU1MWU4NTFlNjlkYjE2NWM2YzYzMmFmNDVmMjE3MTU1
MTI5MzkwHhcNMjYwMTAyMTgyMTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RmNzgxZDQwMGY4MjZiZDA4NzdhYjE1MjY0ZWE3ZDRmZjFiYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEQLK4c+yvin3YTeEcozfKmBX7/2
6/u50/9r6qDacOhze4keo1eGNDeoisBqrH4LHNnGdfuzo9N8r2DCKhoe87qvNA6x
h1O8x1Cmb07INzaSM7Ef50pY3OkpeiDuVN9xnXM0k+SWWxNXB/Oq6+3BSOfAPN2g
8fkKdT12QEKVubC14YnCRpBgTKhZie3BDfhMcVDSo1RrqlzP6aWw93rvtBkiA8/P
HNVVTzoqxJEVh0vkqLwe3FkJ1ivQf0bwQEhu/a96Bf1Bava/XJivLiRkI2lEOGfo
U1WRdKVVZzaC8hwo1esUmRLWtxmr4eN4aI1UiBi4i/JfhfLLc426qV/WcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzfeB1AD4Jr0Id6sVJk6n1P8buvMB8GA1UdIwQY
MBaAFKqFUehR5p2xZcbGMq9F8hcVUSk5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9WUjZGSG1uYkZseHNZeXIwWHlGeFZSS1RrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9kZTk2MTUtMGJjMC00ZTVlLTgzMTgt
ZmIxZDk5MmRlMDAxLzEvdk45NEhVQVBnbXZRaDNxeFVtVHFmVV94dTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9kZTk2MTUtMGJjMC00ZTVlLTgzMTgtZmIxZDk5MmRlMDAx
LzEvcW9WUjZGSG1uYkZseHNZeXIwWHlGeFZSS1RrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsN1QMA0G
CSqGSIb3DQEBCwUAA4IBAQCZovvfIMz6GSQkCs571Tlvmj00QhkWIjNkJewlChVG
SI6pZypzH6wjSAh2NWsesKEHPFE5Hr31XX4admpqj+Aueax3ycscI0bHc3GHb0Gb
N6RFgl55MDecjwk0vYeVFnGb1FxLGPzou649lCLhEYJBtc+wKR3ySrbmdnZCV5An
qSEaWjKdqk9pC07Zj3/fjBPcBeksoWLSxcRblO+4rVGuAcq2rc13ptWCaP2f/Awc
5FEkeUAC6HzgUyV767z46rbr7suuevfihYqTKD/pLboDPfhzL+3qC9GAsD6bJDPr
st09zVIG/mZILhUKJbhnTpdmzhIbHN1txcBjOggO/LFh
-----END CERTIFICATE-----