This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/540897-f4b7-4848-b07b-96ab21696974/1/VO0q4nWrfOStAkTKpUu6a9s4iXM.roa
File:                     VO0q4nWrfOStAkTKpUu6a9s4iXM.roa (raw, json)
Hash identifier:          RO1KxuAMQb5sndGW2US++WYwHmd5hwNX7clvLvt34WI=
Subject key identifier:   54:ED:2A:E2:75:AB:7C:E4:AD:02:44:CA:A5:4B:BA:6B:DB:38:89:73
Certificate issuer:       /CN=e23a74630a8424ccd5f5bb0f60220894527d732c
Certificate serial:       019B7910E8824F871C5937E62977A3D104BF
Authority key identifier: E2:3A:74:63:0A:84:24:CC:D5:F5:BB:0F:60:22:08:94:52:7D:73:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4jp0YwqEJMzV9bsPYCIIlFJ9cyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/540897-f4b7-4848-b07b-96ab21696974/1/VO0q4nWrfOStAkTKpUu6a9s4iXM.roa
Signing time:             Thu 01 Jan 2026 10:18:29 +0000
ROA not before:           Thu 01 Jan 2026 10:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21217
IP address blocks:        91.199.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/540897-f4b7-4848-b07b-96ab21696974/1/4jp0YwqEJMzV9bsPYCIIlFJ9cyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/540897-f4b7-4848-b07b-96ab21696974/1/4jp0YwqEJMzV9bsPYCIIlFJ9cyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4jp0YwqEJMzV9bsPYCIIlFJ9cyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:e8:82:4f:87:1c:59:37:e6:29:77:a3:d1:04:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e23a74630a8424ccd5f5bb0f60220894527d732c
        Validity
            Not Before: Jan  1 10:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54ed2ae275ab7ce4ad0244caa54bba6bdb388973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3b:eb:93:6d:71:2c:69:20:b2:27:6a:fb:b0:
                    02:d4:a0:69:48:e6:a4:f8:71:97:5b:f2:00:cd:17:
                    ba:dd:db:dd:2d:a4:86:8b:16:c3:aa:07:3e:0b:8b:
                    e9:21:e1:5d:c6:c6:1a:02:a8:1e:10:f5:9e:8f:5e:
                    a0:30:71:e3:88:51:ed:a6:5b:44:c4:56:49:d0:90:
                    3c:e6:12:d3:d6:29:82:b2:5c:2f:eb:f1:aa:da:f8:
                    22:48:6a:cb:57:80:c5:8f:7f:5f:4a:10:92:da:c9:
                    34:ca:65:86:7e:16:27:a3:3b:23:c7:53:58:74:bc:
                    f3:40:ac:dc:dc:0c:ef:24:3a:23:d0:b2:ce:d2:40:
                    14:80:db:cb:20:d1:92:24:3c:4b:86:7b:1a:c6:c1:
                    9a:5b:db:41:2e:88:b4:66:0d:ba:4b:ed:3a:15:1d:
                    d2:48:6f:f2:4b:bc:0e:e5:7a:32:ce:1d:ff:15:4b:
                    d8:1e:b2:a1:e5:eb:ba:ce:af:e9:4e:fa:5a:46:17:
                    24:ae:bf:0d:fa:54:97:9e:0a:68:29:f4:27:61:b5:
                    fe:7c:a4:7d:5d:31:57:2c:c4:9a:49:74:5c:57:e0:
                    08:9e:03:d9:35:cd:7b:ae:a5:37:36:c1:d1:e9:3c:
                    aa:7e:2a:95:66:2f:b4:d2:fa:32:b3:bb:1c:6d:e1:
                    1c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:ED:2A:E2:75:AB:7C:E4:AD:02:44:CA:A5:4B:BA:6B:DB:38:89:73
            X509v3 Authority Key Identifier:
                keyid:E2:3A:74:63:0A:84:24:CC:D5:F5:BB:0F:60:22:08:94:52:7D:73:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4jp0YwqEJMzV9bsPYCIIlFJ9cyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/540897-f4b7-4848-b07b-96ab21696974/1/VO0q4nWrfOStAkTKpUu6a9s4iXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/540897-f4b7-4848-b07b-96ab21696974/1/4jp0YwqEJMzV9bsPYCIIlFJ9cyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:5e:53:77:d2:52:1f:c8:d1:72:ca:77:d8:3b:a8:8f:97:4c:
         93:e3:10:65:57:a1:87:d4:38:60:8d:c7:ea:15:77:62:23:b4:
         10:9a:0a:7f:03:55:2c:db:7e:a8:0b:d9:01:ed:26:67:0e:7e:
         d4:b8:8e:f5:77:3b:e3:b9:b8:4d:33:76:93:4e:e8:4c:73:02:
         6b:66:69:5c:68:5a:24:ed:3f:1c:ce:6b:6b:31:7d:0a:e5:a1:
         89:75:86:be:bd:12:bb:df:d0:64:af:cd:28:e3:3f:c2:33:ba:
         23:90:a8:7b:48:1f:d8:a7:a9:6e:fc:90:3d:e7:3d:82:91:4d:
         0a:a6:c7:21:db:03:12:f5:78:81:1d:02:47:43:50:93:20:94:
         70:a9:88:c2:91:6d:1e:d2:e1:67:81:66:b0:c3:ec:de:4a:84:
         1c:f0:da:34:53:ba:a1:36:5d:c4:30:fa:f7:68:ea:85:d6:e4:
         b3:c4:fe:3d:03:1a:27:18:9f:d1:be:0f:5b:18:f4:23:e1:f8:
         a2:f4:22:dd:92:76:44:c4:46:43:68:dc:cb:3a:5e:3e:28:0f:
         62:b9:ae:84:f1:c5:15:88:a2:f5:24:b3:65:bc:a1:da:bc:07:
         b1:e6:be:2a:b9:fb:9a:ae:13:7d:75:00:24:98:59:48:64:9f:
         b1:40:af:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EOiCT4ccWTfmKXej0QS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyM2E3NDYzMGE4NDI0Y2NkNWY1YmIwZjYwMjIwODk0NTI3
ZDczMmMwHhcNMjYwMTAxMTAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGVkMmFlMjc1YWI3Y2U0YWQwMjQ0Y2FhNTRiYmE2YmRiMzg4OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDvrk21xLGkgsidq+7AC1KBpSOak
+HGXW/IAzRe63dvdLaSGixbDqgc+C4vpIeFdxsYaAqgeEPWej16gMHHjiFHtpltE
xFZJ0JA85hLT1imCslwv6/Gq2vgiSGrLV4DFj39fShCS2sk0ymWGfhYnozsjx1NY
dLzzQKzc3AzvJDoj0LLO0kAUgNvLINGSJDxLhnsaxsGaW9tBLoi0Zg26S+06FR3S
SG/yS7wO5Xoyzh3/FUvYHrKh5eu6zq/pTvpaRhckrr8N+lSXngpoKfQnYbX+fKR9
XTFXLMSaSXRcV+AIngPZNc17rqU3NsHR6TyqfiqVZi+00voys7scbeEcdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTtKuJ1q3zkrQJEyqVLumvbOIlzMB8GA1UdIwQY
MBaAFOI6dGMKhCTM1fW7D2AiCJRSfXMsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGpwMFl3cUVKTXpWOWJzUFlDSUlsRko5Y3l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81NDA4OTctZjRiNy00ODQ4LWIwN2It
OTZhYjIxNjk2OTc0LzEvVk8wcTRuV3JmT1N0QWtUS3BVdTZhOXM0aVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81NDA4OTctZjRiNy00ODQ4LWIwN2ItOTZhYjIxNjk2OTc0
LzEvNGpwMFl3cUVKTXpWOWJzUFlDSUlsRko5Y3l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8f/MA0G
CSqGSIb3DQEBCwUAA4IBAQABXlN30lIfyNFyynfYO6iPl0yT4xBlV6GH1Dhgjcfq
FXdiI7QQmgp/A1Us236oC9kB7SZnDn7UuI71dzvjubhNM3aTTuhMcwJrZmlcaFok
7T8czmtrMX0K5aGJdYa+vRK739Bkr80o4z/CM7ojkKh7SB/Yp6lu/JA95z2CkU0K
psch2wMS9XiBHQJHQ1CTIJRwqYjCkW0e0uFngWaww+zeSoQc8No0U7qhNl3EMPr3
aOqF1uSzxP49AxonGJ/Rvg9bGPQj4fii9CLdknZExEZDaNzLOl4+KA9iua6E8cUV
iKL1JLNlvKHavAex5r4qufuarhN9dQAkmFlIZJ+xQK8s
-----END CERTIFICATE-----